Trigger on package registry publish not working


Currently, I’ve 2 workflows:

  1. Build docker image & publish it to GitHub Package Registry
  2. Deploy image to DigitalOcean (after the image was successfully published (step 1))

It seems like step 2 never gets triggered by GitHub Actions, I’m not sure why…
It does work when combined into one big workflow.

I’m sharing both workflows below:

Workflow 1:

name: Create and publish a Docker image on push to development branch

    branches: ['development']

  IMAGE_NAME: ${{ github.repository }}

    runs-on: ubuntu-latest
      contents: read
      packages: write

      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Log in to the Container registry
        uses: docker/login-action@v1
          registry: ${{ env.REGISTRY }}
          username: ${{ }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v3.4.0
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v2.6.1
          context: .
          build-args: |
            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
          file: Dockerfile.development
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

Workflow 2:

name: Deploy on DigitalOcean Staging Server (Kubernetes)

    types: [ published , updated]
    runs-on: ubuntu-latest

      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Install doctl
        uses: digitalocean/action-doctl@v2
          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
      - name: Save DigitalOcean kubeconfig with short-lived credentials
        run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 stadro-staging

      - name: Overwrite authentication secret to pull image from GitHub Registry
        run: kubectl delete secret github-registry-credentials --ignore-not-found | kubectl create secret docker-registry github-registry-credentials --docker-server=${{ env.REGISTRY }} --docker-username=${{ }} --docker-password=${{ secrets.ACCOUNT_PASSWORD_TOKEN }} --docker-email=unused

      - name: Deploy to DigitalOcean Kubernetes
        run: kubectl apply -f $GITHUB_WORKSPACE/infrastructure/server-depl.yml

#      - name: Verify deployment
#        run: kubectl rollout status deployment/server-depl

Hi @michielswaanen,

I had the same issue like you. After some digging around and reading through the docs I found out that you need a Personal Access Token (PAT) for it.

When you use the repository’s GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository’s GITHUB_TOKEN , a new workflow will not run even when the repository contains a workflow configured to run when push events occur.

So as a solution I have created a PAT within my account settings and used it in my workflow file that builds and pushes the image (your Workflow 1).

That´s all I did to get it working :slight_smile:
Here´s a link to my sample repo: GitHub - mpfeil/ghcr

Hope that helps.