Access github packages using github app token

Instead of using a PAT (Personal Access Token) we were looking to generate a access token via a github app and use that instead.

All the github docs around authenticating for packages say to use a PAT. Is it not possible at all to use a github app token?

The reason we don’t want to use a PAT is because we don’t want to use a token that is associated with a user and we don’t really want long lived token.

:wave: GitHub Packages supports using the GITHUB_TOKEN from Actions (all services except Container Registry and support is coming soon). We don’t support tokens from GitHub Apps yet but we’re looking at supporting that this year. It’ll go on the roadmap as we determine when we could fit it in.

Thanks @clarkbw for getting back to me on this. Just to explain the problem with why we can’t use the GITHUB_TOKEN .

So we have no issues publishing packages with actions using the GITHUB_TOKEN. However we are trying to access the package from another organisation of ours hence why we went down the github app route as the GITHUB_TOKEN doesn’t have scope to access the package as it sits in another organisation.

With the new Container Registry support for GITHUB_TOKEN coming out soon we’ll support cross organization access via GITHUB_TOKEN assuming both orgs are within the same Enterprise. So if you have a github Enterprise X and organizations Y and Z you could publish a container within Z (internal visibility) and users within Y could pull from Z/container using a GITHUB_TOKEN.

If you’re not an enterprise customer you’ll need another solution here like Apps or PATs.

Hey there,

I am trying to do something similar to what @efernandes-dev-ops was trying to do, however use a GitHub App to provision an access token to pull a private Docker container on GitHub Package Registry, however it seems to not work at all. Note that this is a regular App for a regular private repo, not an organisation.

I tried to follow the GitHub App API documentation to generate an access token, to allow pulling, however after logging in successfully it fails to pull (Maybe I’m doing something wrong?).

As you said there is no support for a GitHub App to make an access token to allow pulling a private container. Is there any ETA on this? I looked at the public roadmap and cant seem to find anything relating to this issue.