3

I am trying to write a GitHub actions script to automatically build a docker image, and then push it into the GitHub Container Registry when new code is checked in to the main branch. This is the code that I'm using to try to log into the container registry:

name: Build and publish Docker image.
on: [push]
jobs:
  publish-docker-image:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Login to GitHub Container Registry
      uses: docker/login-action@v1
      with:
        registry: ghcr.io
        username: ${{github.actor}}
        password: ${{secrets.CONTAINER_REG_ACCESS}}

For more context, the CONTAINER_REG_ACCESS secret is a personal access token, though it was created by a different member of my organization.

This error shows up in GitHub after it runs its automated tests on my pull request.

Run docker/login-action@v1
Logging into ghcr.io...
Error: Error response from daemon: Get "https://ghcr.io/v2/": denied: denied

What is the best practice from logging into the GitHub container registry using a GitHub actions script? Is there a way to log in using an organizations credentials instead of my personal GitHub ID?

schaffsp
  • 31
  • 1
  • Was wondering the same thing today. If the repository on Docker Hub is owned by an organization you don't want to use the personal access token of one of the members to push images. – Marcel Stör Feb 25 '23 at 19:44
  • Have you tried `password: ${{secrets.GITHUB_TOKEN}}` ? – Ian Purton Mar 15 '23 at 15:07

0 Answers0