@carminedamico,

About action, there are few points you need to understand:

1. When using an action in the workflow, typically the following operations are included.

• Check out the source code of the action to a special folder (_actions) under the runner’s working directory. This operation is done in the “Set up job” step.
  For example, when you run an action on the Linux runner,

- name: run action
  uses: my-actions/my-docker-action@master
  with:
    . . .

this action will be checked out to the path ‘/home/runner/work/_actions/my-actions/my-docker-action/master’.

• After checkout the source code, build the action if needed. Generally this is applied to build the container for the docker action, and the workflow run will generate a build step for each docker action.
  

• Execute the action with the inputs you set.

2. If you store an action in a private repository, generally only this repository can use this action. If you want to use this private action in the workflows in other repositories, you need to use the checkout action with a personal access token (PAT) to checkout the source code of the action. The PAT should have the permissions (‘read’ at least) to access the private repository of the action.

3. Is there a way, also using Github secrets inside the action repository, to perform the access to such repository for example inside the action.yml file?

No, we have no any way to do that. When using an action in a workflow, it is not directly executed in the action repository. The action is a step in the workflow, and every step in the workflow can only use the secrets in the repository where the workflow is running.

Hi @brightran thank you for your reply! I don’t know if I got it wrong, but my problem is related to accessing a private Docker repository and not keeping the action repository private. The latter can be public.

What I’m interested in is access to use a Docker image stored in a private registry, without giving anyone who uses the action access to this registry. From your description, however, I understand that this is not possible, right?

Thank you very much!

@brightran You spoke to the case where a Dockerfile is supplied in the github action. What I need to know is how it is done when you just want to use a docker image from a private registry and run shell commands inside it to do the work of the action. The example looks like this in the yaml file where you define the action:

runs: 
  using: 'docker'
  image: 'docker://myprivaterepo/someimage:notlatest'

Note that this became more important as of 2 Nov 2020 when Dockerhub placed pull limits on all nonauthenticated image pulls. In effect, everybody has to pay for an account and treat Dockerhub as a private registry when loading images to use in an action (as with every other case).