14
  • I created Docker image locally
  • Tagged it for Github Docker registry
  • Pushed it to Github Docker registry

Now I want to use it in Github action that create Docker image in FROM field but it always fails with unauthorized error - why ?

here are the steps:

docker tag my_image:1.0 ghcr.io/<github_user>/<organization>/<repo_name>/my_image:1.0

docker push ghcr.io/<github_user>/<organization>/<repo_name>/my_image:1.0
a4f566342e89: Pushed
0378d9143186: Pushed
...
f337026e7d90: Pushed

everything as you see completes successfully and I can even docker pull it on my computer

then I setup Github action and set it to start Powershell script that create Docker image from this Dockerfile:

So Github action set as:

...
...
jobs:

  build:

    runs-on: windows-2019

    steps:
    - uses: actions/checkout@v2
    - name: Package with Docker and push to Github packages
      id: build_and_push_docker_image    
      env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}    
      run: |
        src/database/base-image/github-build.ps1

There just 1 step !

and Powershell script itself do:

...
docker login ghcr.io --username $env:GITHUB_ACTOR --password $env:GITHUB_TOKEN
...
docker build src/database/base-image --file "src/database/base-image/databaseCreateBaseImage.Dockerfile" --tag sqldatabase/base:$VERSION
...
...

and Docker file is:

FROM ghcr.io/<github_user>/<organization>/<repo_name>/my_image:1.0

SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]

...
...

but sadly when Github action runs it always fails on line FROM with error message:

Step 1/7 : FROM ghcr.io/<github_user>/<organization>/<repo_name>/my_image:1.0
Get https://ghcr.io/v2/<github_user>/<organization>/<repo_name>/my_image/manifests/1.0: unauthorized
...
...

May be someone could shed some light - why it is not authorized to pull this image ? Everything runs without error until this FROM line :(

Alex F
  • 3,180
  • 2
  • 28
  • 40
  • I got similar issue to day, the solution is to go to package settings, and set the packagge visibility to public, because by default it is private, even your repo is public – tim Apr 02 '22 at 08:41

4 Answers4

5

My mistake

According to Github documentation Authenticating to GitHub Packages using GITHUB_TOKEN is not (!) enough. If you want to work with Github registry (ghcr.io) you must (!) use your Personal Access Token.

Alex F
  • 3,180
  • 2
  • 28
  • 40
  • Yes, works with the manual https://docs.github.com/en/packages/learn-github-packages/about-github-packages#authenticating-to-github-packages –  Mar 23 '21 at 19:51
  • or you could make the package public? https://niklasmtj.de/blog/gh-actions-workflows-combination-with-ghcr – Oliver Angelil Jun 10 '22 at 06:38
5

This helped me:

echo '<my_token>' | docker login ghcr.io -u <my_username> --password-stdin

<my_token> is the PAT from Github

sumsumcity
  • 217
  • 4
  • 3
4

Make sure GitHub Actions can access the Docker Image (like @sihil mentioned) and add the following step to your job:

- name: Login to GitHub Container Registry
  uses: docker/login-action@v2
  with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ secrets.GITHUB_TOKEN }}
maartenpaauw
  • 555
  • 2
  • 7
  • 20
0

I think you might need to do two things here:

  • First of all, ensure that the Package settings (bottom right of the package page) allow access to actions running in the repository in question
  • Secondly, ensure that you have added the package permission to your job

More details in my answer to GITHUB_TOKEN permission denied write package when build and push docker in github workflows

sihil
  • 2,563
  • 1
  • 17
  • 24