Trigger on package registry publish not working

Hey,

Currently, I’ve 2 workflows:

  1. Build docker image & publish it to GitHub Package Registry
  2. Deploy image to DigitalOcean (after the image was successfully published (step 1))

It seems like step 2 never gets triggered by GitHub Actions, I’m not sure why…
It does work when combined into one big workflow.

I’m sharing both workflows below:

Workflow 1:

name: Create and publish a Docker image on push to development branch

on:
  push:
    branches: ['development']

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  build-and-push-image:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Log in to the Container registry
        uses: docker/login-action@v1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v3.4.0
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v2.6.1
        with:
          context: .
          build-args: |
            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
          file: Dockerfile.development
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

Workflow 2:

name: Deploy on DigitalOcean Staging Server (Kubernetes)

on:
  registry_package:
    types: [ published , updated]
    
jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Install doctl
        uses: digitalocean/action-doctl@v2
        with:
          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
  
      - name: Save DigitalOcean kubeconfig with short-lived credentials
        run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 stadro-staging

      - name: Overwrite authentication secret to pull image from GitHub Registry
        run: kubectl delete secret github-registry-credentials --ignore-not-found | kubectl create secret docker-registry github-registry-credentials --docker-server=${{ env.REGISTRY }} --docker-username=${{ github.actor }} --docker-password=${{ secrets.ACCOUNT_PASSWORD_TOKEN }} --docker-email=unused

      - name: Deploy to DigitalOcean Kubernetes
        run: kubectl apply -f $GITHUB_WORKSPACE/infrastructure/server-depl.yml

#      - name: Verify deployment
#        run: kubectl rollout status deployment/server-depl

Hi @michielswaanen,

I had the same issue like you. After some digging around and reading through the docs I found out that you need a Personal Access Token (PAT) for it.

When you use the repository’s GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository’s GITHUB_TOKEN , a new workflow will not run even when the repository contains a workflow configured to run when push events occur.

https://docs.github.com/en/actions/reference/authentication-in-a-workflow

So as a solution I have created a PAT within my account settings and used it in my workflow file that builds and pushes the image (your Workflow 1).

That´s all I did to get it working :slight_smile:
Here´s a link to my sample repo: GitHub - mpfeil/ghcr

Hope that helps.