When using the syntaxes  jobs.<job_id>.container.image or jobs.<job_id>.services.image to set a Docker image as a container (or service container) for a job, the Docker image can be the Docker base image name or a public docker Hub or registry. You can’t use the image from a private Docker registry.

If you reallly need this feature, I recommend you directly share your suggestions here. That will allow you to directly interact with the appropriate engineering team, and make it more convenient for the engineering team to collect and categorize your suggestions.

FWIW, I’ve had success with the workaround to use an internal repo action, as mentioned in https://github.community/t5/GitHub-Actions/Github-Actions-new-Pulling-from-private-docker-repositories/m-p/32024/highlight/true#M986, where I first login to AWS ECR, pull the private image, then use the local action to effectively “docker run” with the private image.

use the local action to effectively “docker run” with the private image.

Can you please elaborate on what a “local action” is referring to? I do not wish to use the docker run command explicitly. Basically what I am asking is how to run steps inside the docker container?

I don’t think that’s supported.

I too run all the explicit docker commands in bash right now for lack of this feature.

@karrtikr this is what I use, which might not help you since I use cake build at the tail end:

.github/workflows/build.yml:

name: Build
on:
  push:
    branches:
      - "**"
      - "!dependabot/**"
  pull_request:
    branches:
      - master
  repository_dispatch:
env:

AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

AWS_REGION: us-east-1

NUGET_USERNAME: pharos

NUGET_PASSWORD: ${{ secrets.PACKAGES_PAT }}

NUGET_SOURCE: https://nuget.pkg.github.com/pharos/index.json

NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
jobs:

Docker:

runs-on: ubuntu-latest

steps:

- name: Checkout source

uses: actions/checkout@v2

with:

fetch-depth: 0
  - name: Cache packages
    uses: actions/cache@v2
    with:
      path: ${{ env.NUGET_PACKAGES }}
      key: ${{ runner.os }}-nuget-${{ hashFiles('.config/dotnet-tools.json', '**/packages.lock.json') }}
      restore-keys: ${{ runner.os }}-nuget-

  - name: Patch config
    shell: pwsh
    run: ./NuGet.ps1 NuGet.config github pharos ${{ secrets.PACKAGES_PAT }}

  - name: ECR login
    uses: aws-actions/amazon-ecr-login@v1

  - name: Docker pull
    run: docker pull <id>.dkr.ecr.us-east-1.amazonaws.com/pharos/build/cake-docker:latest

  - name: Cake build
    uses: ./.github/actions/cake-build

.github/actions/cake-build/action.yml:

name: Cake build
runs:
  using: docker
  image: docker://<id>.dkr.ecr.us-east-1.amazonaws.com/pharos/build/cake-docker:latest
  args: [ "bash", "-c", "dotnet tool restore && dotnet cake --bootstrap --verbosity=verbose && dotnet cake --verbosity=verbose --target=build --publish=true" ]

In summary:

• Login to aws ecr private repo (using aws env vars)
• Pull docker image from aws ecr private repo (note: redacted id)
• Run “local action” using git repo relative reference (./.github/actions/cake-build)
• Bash command is subsequently run inside a container using previously pulled docker image
• … In this case the remaining steps are handled by cake build

here is my solution for self-hosted runner for pulling private images from AWS ECR: Github Actions (new) Pulling from private docker repositories

This works for me:

name: build
on:

push:

branches: [ master ]

pull_request:

branches: [ master ]
jobs:

tests:

name: "Build and test"

runs-on: ubuntu-latest
steps:
   
- name: Login to DockerHub
  uses: docker/login-action@v1
  with:
    username: ${{ secrets.DOCKERHUB_USERNAME }}
    password: ${{ secrets.DOCKERHUB_PASSWORD }}

- name: Pull image from DockerHub
  run: docker pull company/repo:version

- name: Run image in container
  run: docker run --detach company/repo:version

...

I was not aware of that, thanks. This really solves the problem.