GITHUB_TOKEN for Github NPM registry doesn't work inside Docker Build

I have a Dockerfile which is supposed to pull a private NPM package from the GitHub NPM package registry. For authentication, I pass the token as a build argument to docker build, and echo it to the .npmrc inside the Dockerfile. I also have GitHub Actions set up using docker/build-push-action@v2.

  • If I pass my personal GitHub token to the Dockerfile, it works just as expected.
  • If I pass an invalid token (or none at all), I get a “401 Unauthorized” by the yarn install step, which is also expected.
  • Unfortunately, if I pass the GITHUB_TOKEN in GitHub Actions to the Docker Build instead, I now get a 404 error:
 > [build  8/10] RUN echo "//npm.pkg.github.com/:_authToken=***" > .npmrc &&   yarn install &&   rm -f .npmrc:
#11 0.612 yarn install v1.22.15
#11 0.709 [1/4] Resolving packages...
#11 0.948 [2/4] Fetching packages...
#11 1.511 error An unexpected error occurred: "https://npm.pkg.github.com/download/[Left out but correct]: Request failed \"404 Not Found\"".
#11 1.511 info If you think this is a bug, please open a bug report with the information provided in "/app/yarn-error.log".
#11 1.511 info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

What can I do? Does the GITHUB_TOKEN not work inside of GitHub’s Docker? Of course, I would prefer not using a personal GitHub token in the CI pipeline.

After a lot more research I discovered that the GITHUB_TOKEN is not yet capable of reading packages published by another repository, and it might be a permission issue. See: GITHUB_TOKEN does not have access to other private packages · Issue #49 · actions/setup-node · GitHub

It seems the only viable solution for now is to create a personal access token for the workflow instead.