I’m trying to switch our on-premise Docker swarm images from Azure Container Registry to GitHub Container Registry. This swarm is using the docker pass credential helper, setup this way: https://geoffhudik.com/tech/2020/09/15/docker-pass-credential-helper-on-ubuntu/. That worked against Azure Container Registry images.
I logged out of the old ACR registry and logged in successfully on the manager to GHCR with the pass cred helper installed.
Initially I ran into this issue when deploying the stack against GHCR (could not be accessed on a registry to record its digest.): https://github.com/moby/moby/issues/34153#issuecomment-634923322 which mentions:
that’s a known issue with GitHub’s registry. The GitHub image registry currently isn’t compliant with the registry specification and doesn’t implement all options, see containerd/containerd#3291 (comment)
After I dropped the old stack and re-deployed the new stack which resulted in
No such image: ghcr.io/my-org/my-image:label when the workers try to pull from GHCR.
Each time the stack is deployed using
--with-registry-auth . At times I’ve also tried to force things with
docker service update my_service --with-registry-auth --replicas 2.
It’s the same issue trying to docker pull the image directly on the swarm manager with the pass cred helper setup.
I’m able to pull the image from a machine outside the swarm (not using a cred helper) after logging in using the same credentials.
I’m also able to remove the credential helper on the swarm manager, login to the registry again, and Swarm nodes are able to pull from GHCR.
Is there something specific to GHCR where it won’t support use of the pass cred helper?