Preconfigure Container Registry in Codespaces

I’m trying to preconfigure a private container registry in a CodeSpace so workshop participants can use it. According to the docs it’s all pretty straight forward, but it looks like I’m missing something, because it won’t work, and the docs aren’t clear on what I need to expect on the receiving end.

What I’ve done so far:

  • I have a custom CodeSpace container image that inherits from univesal-linux:1.6.4
  • I have configured the 3 documented variables:
    • GH_CONTAINER_REGISTRY_SERVER=PAT with Packages (Read) permission

enter image description here

  • I have rebuilt the codespace
  • I tried a different prefix than GH_ to no avail.

If I read the docs correctly, this should make sure docker can pull from ghcr using my credentials, but all I get is an error:

codespace ➜ /workspaces/attendee-jessehouwing (main) $ docker pull
Using default tag: latest
Error response from daemon: Head "": unauthorized

I searched the vscode-container repository for a hint to something I may have to configure on my custom container, but I don’t really see anything wrong.

Custom container dockerfile:


USER codespace
RUN az extension add --name azure-devops

I tried in the standard vscode container and see the same behavior. I must be doing something wrong.

Of course it’s very simple once you see it!

When you open the Secrets in your GitHub settings you end up on the ACTIONS Secrets page. And the fact that there are 3 other secrets pages is hidden because the expanded settings menu has scrolled off screen.

So make sure you add these secrets to the CODESPACES Secrets page:

Use the Codespaces secrets page

Then rebuild the Codespace.