Make GitHub action use PATs instead of Repository secrets

Code to Cloud GitHub Actions
#1

Hello,

I am having difficulty creating an action to login to Github’s Container Registry.

In the README for the docker/login-action repository, it says to login to ghcr.io (the container registry URL), you must use this

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to GitHub Container Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.CR_PAT }}

where CR_PAT is a PAT with package read, write, and delete access.

I have created the CR_PAT with correct permissions, along with an ALL that I also used to see if it was a permissions issue

image
image727×137 15.2 KB

But, my login action would fail with the error below.

Run docker/login-action@v1
  with:
    registry: ghcr.io
    username: AnthonyMonterrosa
    logout: true
Error: Username and password required

After some testing, I realized that my PAT was not being found from the ${{ secrets.CR_PAT }} expression, and confirmed when I saw both PATs marked as Never used.

Further, I realized that ${{ secrets.CR_PAT }} could be looking in the repository secrets list, so I made a CR_PAT_REPOSITORY secret with a value equal to my CR_PAT's access token.

and used it in an updated action .yml

        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.CR_PAT_REPOSITORY }}

and this returned with a filled-in password field, but was denied access (which I kind of expected. How can a repository use a PAT?).

Run docker/login-action@v1
  with:
    registry: ghcr.io
    username: AnthonyMonterrosa
    password: ***
    logout: true
🔑 Logging into ghcr.io...
Error: Error response from daemon: Get https://ghcr.io/v2/: denied: denied

So, I know that ${{ secrets.X }} looks in the repository’s secret list for a value, but does not search in my account’s PATs. Is there a way to make it look there? I’ve just been following the instructions in GitHub documentation and the docker/login-action repository README, so at this point I’m pretty confused.

For the record, I have enabled Improved container support for GitHub’s container registry.

Future thanks.

#2

Because I’m a new user, I wasn’t able to put in all the pictures and links that I wanted into the post. Please feel free to ask if you want to have more information.