Error response from daemon: Get denied

Hi there, I’m trying to docker login to GHCR and I encounter this error. Here is my workflow run. Can someone help me here? Thanks

The login command as such looks correct. Can you check that your CR_TOKEN secret has the correct permissions, as described in Authenticating to GitHub Container Registry?

You can also use a command like the following from your local (I’m emphasizing local because a base64 encoded version of your token will be part of the output) machine to check if the token works. Replace $USER and $CR_TOKEN with your username and token, respectively, for the token preferably by setting an environment variable.

curl -v -u $USER:$CR_TOKEN

If you can authenticate with the token you’ll get a 200 OK HTTP response, with a Docker-Distribution-Api-Version: registry/2.0 header.


Hi, I am able to successfully login using the CR_PAT generated locally on my machine. However, I run into this issue when initiated from the GitHub action workflow.

I’m not sure what’s wrong here if the CR_PAT works locally it should work this way. Here are some ideas to try:

Reorder the command, docker login takes the server as the final argument but on linux it usually works fine. You could also use ${{ github.repository_owner }} instead of your username but again this doesn’t usually cause errors.

echo ${{ secrets.CR_PAT }} | docker login -u ${{ github.repository_owner }} --password-stdin

Try using the login-action which simplifies all of this.

- name: Login to GitHub Container Registry
        uses: docker/login-action@v1
          username: ${{ github.repository_owner }}
          password: ${{ secrets.CR_PAT }}

works like a charm, thanks a lot.