0

I want to push a Docker image built with Maven Jib plugin to GitHub Packages.

I read that I can use the GITHUB_TOKEN secret for authentication in GitHub Packages.

But I can't find a way to authenticate with a token in Jib documentation.

I only see a way to do it with username and password.

<settings>
  ...
  <servers>
    ...
    <server>
      <id>MY_REGISTRY</id>
      <username>MY_USERNAME</username>
      <password>{MY_SECRET}</password>
    </server>
  </servers>
</settings>

How can I authenticate with a token using Maven jib plugin?

LEQADA
  • 1,913
  • 3
  • 22
  • 41

1 Answers1

1

lDisclaimer: I have never heard of GitHub Packages before.

According to the example on the GitHub Packages website that shows some Docker CLI commands including docker login below,

$ docker login docker.pkg.github.com --username phanatic
Logged in successfully

$ docker tag app docker.pkg.github.com/phanatic/repo/app:1.0

$ docker push docker.pkg.github.com/phanatic/repo/app:1.0.0

I think MY_REGISTRY should be docker.pkg.github.com and MY_USERNAME should be your username (phanatic in the example above). Also your <to><image> (the target Docker image name) should start with docker.pkg.github.com/<your username >/..., as above.

The GitHub Packages docs (here and here) seem to suggest that you can use GITHUB_TOKEN as a password in GitHub Actions. I strongly recommend you encrypt the password value (GITHUB_TOKEN) for <password> in settings.xml. See the Maven doc for how to do so. You will need to create settings-security.xml.

Before using settings.xml and settings-security.xml, I would first locally test the username and GITHUB_TOKEN combination with <to><auth><username> and <to><auth><password> (unencrypted) for the purpose of checking if these values work.

Chanseok Oh
  • 3,920
  • 4
  • 23
  • 63
  • `GITHUB_TOKEN` is a [secret provided by default when using GitHub Actions](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token). I know that the Maven Jib plugin supports a standard username:pwd Docker login. But I want to authenticate specifically with `GITHUB_TOKEN`. I don't want to use my personal account username:pwd for it. – LEQADA May 15 '20 at 14:42
  • See https://help.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-docker-for-use-with-github-packages and https://help.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/using-github-packages-with-github-actions. I think you can just use `GITHUB_TOKEN` as password. – Chanseok Oh May 15 '20 at 14:51
  • I can't find any place in those documents where it's written that I can use the token as a password or at least an example of it. That would be strange. But I can try. – LEQADA May 15 '20 at 15:01
  • The "Configuring Docker for use with GitHub Packages" doc says "Authenticating with the GITHUB_TOKEN If you are using a GitHub Actions workflow, you can use a GITHUB_TOKEN to publish and consume packages in GitHub Packages without needing to store and manage a personal access token. For more information, see Authenticating with the GITHUB_TOKEN." – Chanseok Oh May 15 '20 at 15:59