Use docker images from GitHub Package Registry

I joined GitHub Actions and GitHub Package Registry. According to Solved: Github Action Build Caching - GitHub Community Forum, we can skip docker build step for using GitHub Actions. GitHub Actions v2 can pull the docker images that are published on Docker Hub now. Can GitHub Actions v2 pull the docker images from GitHub Package Registry? Is this on the roadmap?


> Using packages in Actions


> We’re continuing to bring Actions and Package Registry closer together, starting with removing the need to use personal access tokens to access packages from Actions.

I got it. Thank you.


I’m not sure how this solves the issue. Can you please show an example action wherein you are pulling a container image from a public GitHub Docker registry?

1 Like

GitHub team is implementing it now.

Today (7 Oct.), we cannot use a docker image from GHPR on GitHub Actions.

uses: docker://



We got this to work by simply using the Docker CLI to do this.

Here is my example workflow. The only downside to this workflow is that I cannot conditionally build the Docker container, so it is a bit slower than I want it to be, but I can still build my entire C project in a couple of minutes using this workflow.

name: build firmware

on: [push]



    runs-on: ubuntu-18.04


    - uses: actions/checkout@v1

    - name: Build and tag image
      run: docker build -t "$GITHUB_REPOSITORY/firmware-builder:latest" -f docker/Dockerfile docker/

    - name: Docker login
      run: docker login -u $GITHUB_ACTOR -p $GITHUB_TOKEN
        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

    - name: Publish to GPR
      run: docker push "$GITHUB_REPOSITORY/firmware-builder:latest"

    needs: build_docker_image
    runs-on: ubuntu-18.04

    - uses: actions/checkout@v1

    - name: Docker login
      run: docker login -u $GITHUB_ACTOR -p $GITHUB_TOKEN
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

    - name: Pull Docker image
      run: docker pull "$GITHUB_REPOSITORY/firmware-builder:latest"

    - name: Run image
      run: docker run -it -d --name builder -v $GITHUB_WORKSPACE:/workspace -w /workspace$GITHUB_REPOSITORY/firmware-builder:latest

    - name: make version
      run: echo ::set-env name=FIRMWARE_VERSION::$(docker exec builder bash ./
    - name: make
      run: docker exec builder bash -c 'make clean && make'
    - name: save artifact
      run: docker exec builder bash -c 'cp output/'

    - uses: actions/upload-artifact@master
        name: firmware-${{ env.FIRMWARE_VERSION }}
        path: output/

That’s good but a little complex. I hope that we can use docker images from the Package Registry with the uses: statement.

(Today Nov. 12th, we still cannot do that.)

1 Like

Yeah, I agree. My current fix comes with a pretty big performance penalty, so it definitely is not ideal.

Not requiring an auth token to install a published package makes the feature significantly less useful and impossible to use in the way that I wanted: a Docker GitHub Action that uses a container image from the GitHub Package Registry as the base in a FROM statement in the Dockerfile for my action.

There’s no way to build a Docker action that just works with a uses statement if the image is getting pulled from Package Registry, because it requires logging in. I’d say that is a deal-breaker for using Package Registry that will require me to set up an organization on Docker Hub and push images there instead, something I was hoping to avoid (everything using GitHub would have been amazing).


Has something changed here? I’m trying to use a Docker image from a different (public) repository to test my code, I’d like to use it from the registry so I don’t have to build it everytime, since it takes quite long.

Trying to log in first doesn’t work because for some reason “docker pull” is run before any job.

1 Like

How is this still not solved? Two major “efforts” from GH that don’t actually work together?

Not being able to use images built on a previous step in a uses statement made me think that I could workaround it by pushing it to GitHub Package Registry. Seems like I was wrong.

I wonder how this even works with Docker Hub and Google Cloud Registry (GCR), but not with GPR. Seems like an issue with GPR and not Github Actions.

Today, we still cannot use a Docker image from GitHub Packages in a uses: statement.

- uses: 'docker://'


That’s only true of public images in GCR and Docker Hub though, right?

The GitHub Container Registry announced today looks like their answer to this issue. It allows anonymous read access and it looks like it could provide more control for managing packages, though it’s accessed by a<user_or_org_name> address.

The other downside is that it looks like a personal access token needs to be created to push to a GitHub org/user-level container repository so a GITHUB_TOKEN with GitHub repository scope isn’t enough, but at least now everything can live on GitHub instead of needing a separate Docker Hub account.

Some useful docs pages about GHCR:
About GHCR
Migrating to GHCR