Can't pull private ghcr.io Docker image using GITHUB_TOKEN

I’m having issues pulling a private ghcr.io Docker image, in a PR CI run.

I’ve been following this guide, and done the following steps:

  1. Updated actions access for the package in question, to include my repository.
  2. Set permissions for GITHUB_TOKEN, at the root level of my workflow file:
    permissions:
      packages: read
      contents: read
    
  3. Logged in with Docker:
      - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
    Login Succeeded
    
  4. Pulled the image
     - run: docker pull ghcr.io/ORG/MY_IMAGE
    

This gives me an error message: repository does not exist or may require 'docker login': denied: installation not allowed to Read organization package

This is happening on a PR from a branch in the same repository. What should I do to be able to pull this image?

1 Like