Github Actions Docker login

I’m trying to push to docker.pkg.github.com from a GitHub action.

Here is the login step, which fails with 401 error:

- name: Log in to registry
        uses: actions/docker/login@master
        env:
          DOCKER_REGISTRY_URL: docker.pkg.github.com
          DOCKER_USERNAME: ${{ github.actor }}
          DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
        if: github.event_name == 'push'

Any ideas?

5 Likes

I’m not sure that github.actor is the best choice for assigning the DOCKER_USERNAME value, unless that is always going to be someone with permissions to the package registry for that repository? What is github.actor set to when you get the 401 error?

I recently tried doing something similar.

It seems that the GITHUB_TOKEN does not have the correct access permissions (even though I believe it should based on https://help.github.com/en/articles/virtual-environments-for-github-actions#token-permissions ).

I generated a personal access token and added a repository encrypted secret to login. I’m also using the included Docker baked into the virtual image.

- name: Login to GitHub Docker Registry
        run: docker login docker.pkg.github.com --username $DOCKER_USERNAME --password $DOCKER_PASSWORD
        env:
          DOCKER_USERNAME: ${{ secrets.GITHUB_DOCKER_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.GITHUB_DOCKER_PASSWORD }}
2 Likes

I can’t really log github.actor, it’s filtered in the log.

What am I supposed to set the docker registry login when pushing to the GitHub registry?

If I have to manually create a personal access token (which I’m actually doing at the moment), that kinda defeats the whole purpose of using an integrated environment. Why is there a GITHUB_TOKEN secret then in the CI environment?

Also, there is a table in the documentation that says the GITHUB_TOKEN secret is a token with write permissions to packages:

https://help.github.com/en/articles/virtual-environments-for-github-actions#token-permissions

Is that not correct then?

1 Like

I came to the same conclusion and did the same thing, but I think that’s quite a huge fail. If I want to use GitHub for CI and packages, I expect these services to be integrated. I kinda thought that was the value proposition in the first place: you can do everything in one place. Otherwise both GitHub Actions and GitHub Packages are “Yet Another Service”.

1 Like

Tried to do the same thing to get Actions creating Docker images locally - in the hope that having images stored in GitHub might be faster than having to fetch from Docker Hub.

However currently it feels like two different beta products aren’t quite ready for each other.

2 Likes

Yesterday I’ve tried to run docker login ... with a personal access token that’s working from my laptop and  I got this:

No idea why :slight_smile: I hope this will be fixed when “GitHub actions” leaves the beta stage

Same problem. This documentation about this is really weak :frowning:
For me do not giving sense to create personal access here if there can be some global access based on access to repository.

1 Like

Struggling with the exact same thing now. One of the unique selling points for Github actions is seamless integration with other Github services - which is completely absent in this regard.

Please provide a no-hassle way to utilize package registry. All the configuration needed to do this already exists in the context (username and $GITHUB_TOKEN), so no need to boilerplate it in the YAML spec.

Maybe something in the lines of:

- uses: actions/docker/login-package-registry@master
7 Likes

Same issue. Using GITHUB_TOKEN still results in a 401 when publishing using Github Actions.

2 Likes

This is a known issue that we’re working to resolve.  GITHUB_TOKEN works for publishing most types of packages (eg, npm) but not yet for all.  This will work for all types of packages - including Docker - by the time GitHub Actions and GitHub Package Registry is out of beta.

15 Likes

I’ve had success with the following step:

- name: Push
      run: |
        docker login docker.pkg.github.com --username RepoOwner --password "${GITHUB_PACKAGE_REGISTRY_TOKEN}"
        docker push docker.pkg.github.com/repoowner/repo_name/image_name:tag
      env:
        GITHUB_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GITHUB_PACKAGE_REGISTRY_TOKEN }}

_ Note _: The Docker image name is lowercase. The username for docker login may contain uppercase letters. Make sure to convert them to lowercase when building the image tag string. “RepoOwner” -> “repoowner”. Same goes for the repository name.

Here’s a full example: https://github.com/chrispat/actions-container-service/blob/master/.github/workflows/build-and-deploy.yml

1 Like

https://github.com/actions/docker repo is now a 404. Anyone know why?

1 Like

It has been deprecated for some time and they finally removed it.  Docker cli commands can be run directly from all the base images now so it wasn’t needed anymore.

According to today’s announcement, GitHub package registry will leave beta on 13 November. Does that mean this issue has been (or is close to being) resolved?

5 Likes

Can confirm that this works now.

1 Like

When authenticating with the registry inside of GitHub Actions, do you need to provide a username along with the GITHUB_TOKEN? If so how can we do this programatically? Is there an “actions” user/actor and how can we access it? If ${{ github.actor }} is the person who opened a PR or merged, etc. wouldn’t you expect to get auth errors when using a token that doesn’t belong to that actor?

In the same vein that we can just use the GITHUB_TOKEN, I dont want to have to use a personal account username here. Thoughts? Possible?

1 Like

Hello stranger,

It seems like you can use ${{ secrets.GITHUB_TOKEN }} in conjunction with ${{ github.repository}}, as in

docker login -u ${{ github.repostitory }} -p ${{ secrets.GITHUB_TOKEN }}

Edit: Never mind. While the login actually works, it doesn’t have the permissions needed to actually install the package…

2 Likes