Yesterday, GitHub has announced that the container registry now supports GITHUB_TOKEN by giving repository access to packages:
I just tried it out, but I have to say, the way it works right now seems impractical:
In my case, we have a private repository with a few private forks. Two jobs in a workflow use images hosted on ghcr.io and until now I have configured a PAT to access which was fine.
Now I tried to change this and added the repo and changed our actions to use the GITHUB_TOKEN.
On the first PR (we’re doing PRs via private forks), this was met with failure:
repository does not exist or may require 'docker login': denied: installation not allowed to Read organization package
The problem seems to me that each individual fork would need to be listed for package access in order for this to work, but this is entirely impractical as forks come and go.
Worse: even if I was to willing to deal with this, here’s a screenshot of how the search window looks:
good luck picking the right one and making sure you find them all
This should at least list the owner too so I have a chance if I ever want to go this route (which I don’t).
We went back to the PAT