Push access denied for docker container registry

Hi,

I am trying to use github actions to push a container to the container registry, which I understand is in public beta at the moment.

I couldn’t find much documentation, but I based my workflow on the action’s template.

It looks roughly like this:

name: Docker Image CI


on:
  push:
    branches: [ master ]


env:
  IMAGE_NAME: my_image


jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2

    - name: Generate version
      id: version
      run: echo "::set-output name=version::$(date +%Y-%m-%d)-$(git rev-parse --short HEAD)"

    - name: Build the Docker image
      run: >
        docker build .
        --file Dockerfile
        --tag $IMAGE_NAME
        --build-arg GITHUB_TOKEN=${{ secrets.GH_TOKEN }}


    - name: Log into GitHub Container Registry
      run: >
        echo "${{ secrets.GH_TOKEN }}" | docker login https://ghcr.io
        -u ${{ github.actor }} --password-stdin

    - name: Push image to GitHub Container Registry
      run: |
        BASE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
        LATEST=$BASE_ID:latest
        VERSIONED=$BASE_ID:${{ steps.version.outputs.version }}

        docker tag $IMAGE_NAME $LATEST
        docker push $LATEST

        docker tag $IMAGE_NAME $VERSIONED
        docker push $VERSIONED

        echo "Pushed to registry: $LATEST"
        echo "Pushed to registry: $VERSIONED"

The registry login job succeeds but the push one doesn’t:

2a65378bbb4a: Retrying in 2 seconds
091de9762b59: Retrying in 2 seconds
3e9ec8a516ca: Retrying in 2 seconds
792f4a7d4a83: Retrying in 1 second
c7757d0cb7b2: Retrying in 1 second
2a65378bbb4a: Retrying in 1 second
091de9762b59: Retrying in 1 second
3e9ec8a516ca: Retrying in 1 second
denied
Error: Process completed with exit code 1.

I am currently using a personal access token with packages:write, packages:read and packages:delete permissions. It is also my understanding that the token workaround for organizations at the moment would be to have a CI account.

Two questions:

  • What do I have to do to push my image to the registry?
  • How do I set the permissions for this pushed image to make it available to my team?

Resorted to using the github package registry, because we need to get things moving.