I have a repository that includes a container image build-and-publish workflow; the critical workflow steps looks like:
- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
[...]
- name: Build and push Docker image
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
I deleted the GitHub repository that contained this workflow, and then re-created it with the same name. After restoring the content in the repository, the above action is now failing with:
ERROR: denied: permission_denied: write_package
Error: buildx failed with: ERROR: denied: permission_denied: write_package
Additionally, using the registry API I can see that the corresponding image repository still exists and contains tagged images from the previous instance of the repository.
I would have expected the package repository to be deleted when I deleted the git repository, but it apparently persists and is linked to the prior authentication credentials.
I've been able to work around the permission problem by manually generating a github token, and then modifying the login action to use it:
- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.OVERRIDE_GITHUB_TOKEN }}
That works, but the package repository is no longer linked to the git repository. Looking at the repository main page, we see:
Additionally, the workaround is messy and leads to maintenance issues (e.g. if the token expires the secrets need to be updated manually, which isn't an issue when using the default token).
Is there any way to restore package repository access for the default token and re-link the git repository to the package repository? I would be happy to simply delete the package repository, but it wasn't clear if that's possible.
