Reputation: 78900
Referencing a ghcr.io image in a Docker-based Github action
I have a Docker container Github action that relies on a base image hosted in ghcr.io. The github repo for the action also hosts this docker image as a github package. The Dockerfile used by my action looks like this:
FROM ghcr.io/ourcorp-actions/my-action-image:latest
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
...and my action.yaml simply references this Dockerfile:
name: Some Action
author: Our Team
description: Some Description
runs:
using: docker
image: Dockerfile
Unfortunately, this doesn't seem to work when invoked:
#0 building with "default" instance using docker driver
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 167B done
#1 DONE 0.0s
#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.1s
#3 [internal] load metadata for ghcr.io/ourcorp-actions/my-action-image:latest
#3 ERROR: failed to authorize: failed to fetch anonymous token: unexpected status from GET request to https://ghcr.io/token?scope=repository%3Aourcorp-actions%2Fmy-action-image%3Apull&service=ghcr.io: 401 Unauthorized
------
> [internal] load metadata for ghcr.io/gdcorp-actions/switchboard-cache-fallback:latest:
------
Dockerfile:1
--------------------
1 | >>> FROM ghcr.io/gdcorp-actions/switchboard-cache-fallback:latest
2 |
3 | COPY entrypoint.sh /entrypoint.sh
--------------------
ERROR: failed to solve: failed to fetch anonymous token: unexpected status from GET request to https://ghcr.io/token?scope=repository%3Agdcorp-actions%2Fswitchboard-cache-fallback%3Apull&service=ghcr.io: 401 Unauthorized
It appears that the Docker action is not automatically logged in to pull the base image from ghcr.io. I don't want users of this action to have to manually log into ghcr.io just to run this action; the action should encapsulate the Dockerfile, and the caller shouldn't have to know any of these Docker details.
Is there any way for a Docker-based github action to be able to automatically pull images from ghcr.io?
Upvotes: 0
Views: 792
Answers (2)
Reputation: 11
As of now, this is not possible: https://github.com/orgs/community/discussions/76636
Upvotes: 0
Reputation: 51
You appear to have access to a private GHCR Image. You should generate CR_PAT (container registry personal access token) if you are able to use the private image from GHCR.
After this procedure is complete. You ought to use your github username when converting to base64.
Once, this step has also been completed place the created token inside ~/.aws/config.json file.
{
"auths": {
"ghcr.io": {
"auth": "GENERATED_TOKEN"
},
},
"credsStore": "desktop",
"currentContext": "desktop-linux"
}
Reference, Github GHCR (Access Private Image)
Upvotes: 1
Related Questions
- How do I pass environment variables to Docker containers?
- GitHub workflow to push Docker image to ghcr.io
- What is the difference between a Docker image and a container?
- Exploring Docker container's file system
- How to see docker image contents
- How to force Docker for a clean build of an image
- Run a Docker image as a container
- Docker how to change repository name or rename image?
- How does one remove a Docker image?