How to use private Docker registry? #26534
-
I found multiple issues about this topic but they’re old and kinda not exploring the point that I want. It’s easy to work around the limitation of the login of a private Docker registry inside a job. But how to run the actual job inside the Docker? That’s the question. I want to use jobs.<job_id>.container and jobs.<job_id>.services with private Docker images. There is any way to make it work? Or maybe any kind of workaround? if not, there is any roadmap or indication that this feature gonna be developed? On GitLab CI this is solved using before_script:
This would be an amazing feature for GitHub Actions. |
Beta Was this translation helpful? Give feedback.
Replies: 10 comments 2 replies
-
When using the syntaxes jobs.<job_id>.container.image or jobs.<job_id>.services.image to set a Docker image as a container (or service container) for a job, the Docker image can be the Docker base image name or a public docker Hub or registry. You can’t use the image from a private Docker registry. If you reallly need this feature, I recommend you directly share your suggestions here. That will allow you to directly interact with the appropriate engineering team, and make it more convenient for the engineering team to collect and categorize your suggestions. |
Beta Was this translation helpful? Give feedback.
-
FWIW, I’ve had success with the workaround to use an internal repo action, as mentioned in https://github.community/t5/GitHub-Actions/Github-Actions-new-Pulling-from-private-docker-repositories/m-p/32024/highlight/true#M986, where I first login to AWS ECR, pull the private image, then use the local action to effectively “docker run” with the private image. |
Beta Was this translation helpful? Give feedback.
-
gitfool:
Can you please elaborate on what a “local action” is referring to? I do not wish to use the docker run command explicitly. Basically what I am asking is how to run steps inside the docker container? |
Beta Was this translation helpful? Give feedback.
-
I don’t think that’s supported. I too run all the explicit docker commands in bash right now for lack of this feature. |
Beta Was this translation helpful? Give feedback.
-
@karrtikr this is what I use, which might not help you since I use cake build at the tail end:
In summary:
|
Beta Was this translation helpful? Give feedback.
-
here is my solution for self-hosted runner for pulling private images from AWS ECR: Github Actions (new) Pulling from private docker repositories |
Beta Was this translation helpful? Give feedback.
-
This works for me:
|
Beta Was this translation helpful? Give feedback.
-
Looks like support for private registries The GitHub BlogGitHub Actions: Private registry support for job and service containers -...GitHub Actions: Private registry support for job and service containers |
Beta Was this translation helpful? Give feedback.
-
I was not aware of that, thanks. This really solves the problem. |
Beta Was this translation helpful? Give feedback.
-
Unfortunately, this only partially solves the issue. ECR only allows passwords up to 12 hours. We typically use amazon-ecr-login in order to get around this, however this action doesn’t provide the passwords and the passwords would only be available after that step. Users are forced to embed an api token as a secret, then schedule a job every 6 hours which updates another secret that is then used in the jobs. Rough. Really rough. |
Beta Was this translation helpful? Give feedback.
Looks like support for private registries
The GitHub BlogGitHub Actions: Private registry support for job and service containers -...
GitHub Actions: Private registry support for job and service containers