Accessing private containers in codespaces

I have pushed a private base image for codespaces to ghcr.io.
When I specify this image in devcontainer.json:

"image": "ghcr.io/my-org/image-name:latest",

, I get this error:

docker: Error response from daemon: Head "https://ghcr.io/v2/my-org/image-name/manifests/latest": unauthorized.
See 'docker run --help'.

I can do this locally (where I am authenticated) without issue

docker pull ghcr.io/my-org/image-name:latest

The docs only mentions how to authenticate in Github Actions, but not in devcontainer setup for codespaces.

So, how do I authenticate Codespaces to read this private docker image, hosted on Github Registry?

I figured out how to do this.

These codespace secrets needed to be added:

  • GHCR_CONTAINER_REGISTRY_SERVER : ghcr.io
  • GHCR_CONTAINER_REGISTRY_USER : GitHub account name
  • GHCR_CONTAINER_REGISTRY_PASSWORD : Personal Access Token with registry:read permission

Then, any codespace will need to be deleted and created fresh for these changes to take effect.

1 Like