CODEWITHSUNDEEP
dockergithub-actions
MohamedSaeed
MohamedSaeed

Reputation: 595

How can I use private docker image in github actions

I'm trying to set up a job in github-actions that runs a private docker image. I will do the build inside that docker image using the container option. link.

I'm using the following code:

jobs:
  container1:
    runs-on: ubuntu-latest
    container: saeed/privateimage:1
    steps:
      - uses: actions/checkout@v2
      - run: |
          echo "Runs inside a container"

But I can't provide my docker hub creds so it fails.

How can I authenticate to pull that private image?

Thanks.

Upvotes: 39

Views: 56233

Answers (3)

Benjamin W.
Benjamin W.

Reputation: 52451

It looks like support for this has been added just today, see blog post.

The post uses this example:

jobs:
  build:
    container:
      image: octocat/ci-image:latest
      credentials:
        username: mona
        password: ${{ secrets.docker_hub_password }}
    services:
      db:
        image:  octocat/testdb:latest
        credentials:
          username: mona
          password: ${{ secrets.docker_hub_password }}

The documentation for container is here.

Upvotes: 31

Pablo Alexis Domínguez Grau
Pablo Alexis Domínguez Grau

Reputation: 729

For those that are trying to use a custom Docker image published to the new GitHub Docker Container Registry at ghcr.io in one of your jobs or steps, this is what I did.

Steps

  1. Create a Personal Access Token, as seen on GitHub documentation for the new Docker Container Registry. To do this, go to your GitHub Account > Settings > Developer Settings > Personal Access Tokens and select the following options for your token:

    Creating a New Personal Access Token

  2. Go to your project's GitHub repository and go to Settings > Secrets > New Secret and create a secret like this: Adding a secret containing your personal access token to your repository

  3. Take that token and put it in your computer's environment like this (or just copy it, whichever works):

    export DOCKER_CONTAINER_REGISTRY_TOKEN=<the personal access token>

  4. Push your Docker image to ghcr.io/<YOUR_USERNAME>/<IMAGE_NAME>:<IMAGE_TAG>. To do this, you can find so in the documentation for Pushing Docker Images to the GitHub Docker Container Registry. In essence, you can do something in your computer in the lines of:

    # Login to your ghcr.io
echo $DOCKER_CONTAINER_REGISTRY_TOKEN | docker login ghcr.io -u <YOUR_USERNAME> --password-stdin
# As an example, here I pull an image, tag it, and push it.
docker pull ubuntu:18.04
docker tag ubuntu:18.04 ghcr.io/<YOUR_USERNAME>/my_special_ubuntu:latest
docker push ghcr.io/<YOUR_USERNAME>/my_special_ubuntu:latest

  5. Then, create an action under your .github/workflows/ folder in your repository. In this example, let's name it super-action:

    # You can just create the file in whichever editor you use.
# This can do the work though...
cd $YOUR_PROJECT_PATH/.github/workflows
touch super-action.yml

  6. Open the super-action.yml action, and you can do something like this:

    # Action name
name: Super Action

# Here, this action will be enabled on all pushes.
# Modify this to fit your needs.
on:
    push

# Jobs section
jobs:
    # The job that will use the container image you just pushed to ghcr.io
    super-job:
        runs-on: ubuntu-18.04
        container:
            image: ghcr.io/<YOUR_USERNAME>/<IMAGE_NAME>:<IMAGE_TAG>
            credentials:
               username: <YOUR_USERNAME>
               password: ${{  secrets.DOCKER_CONTAINER_REGISTRY_TOKEN }}
        steps:
            - name: super-step
              shell: bash
              run: |
                # Whatever commands you want to run here using the container with your
                # new Docker image at ghcr.io!
                echo "--This is running in my custom Docker image--"

Results

After you push something to the repo, you should see something like this running in your actions. In the following screenshots, I use my own docker image found here and my own super-action.

Docker image is pulled in the GitHub action

And then, you can see your job's run commands being executed inside a container using that Docker image! Job executing commands inside the container that uses the Docker image at ghcr.io

Upvotes: 39

masseyb
masseyb

Reputation: 4150

Update: check @Benjamin W.'s answer. GitHub Actions added Private registry support for job and service containers.

The docs indicate that the jobs.<job_id>.container.image should be a publicly available image:

"The Docker image to use as the container to run the action. The value can be the Docker Hub image name or a public docker registry name."

You could configure credentials for accessing the private docker registry as secrets then use the secrets to login and run your private images for example:

  test:
    name: test
    runs-on: ubuntu-18.04
    steps:
      - uses: actions/checkout@v2

      - name: example.com docker registry login
        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login example.com -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin

      - name: run backend tests using example.com/my-image
        run: |
          docker run --rm -i \
            -v ${PWD}:/workspace/source \
            -e PYTHONPATH=/workspace/source \
            -e DJANGO_SETTINGS_MODULE="www.settings" \
            -w /workspace/source \
            --entrypoint tox \
            example.com/my-image

Upvotes: 8

Related Questions