• Proxying packages with GitHub Package Registry and other updates

> Using packages in Actions

>

> We’re continuing to bring Actions and Package Registry closer together, starting with removing the need to use personal access tokens to access packages from Actions.

I got it. Thank you.

I’m not sure how this solves the issue. Can you please show an example action wherein you are pulling a container image from a public GitHub Docker registry?

GitHub team is implementing it now.

Today (7 Oct.), we cannot use a docker image from GHPR on GitHub Actions.

uses: docker://docker.pkg.github.com/peaceiris/actions-gh-pages/action:latest

Screen Shot 2019-10-07 at 17.45.38.png1442×578 121 KB

We got this to work by simply using the Docker CLI to do this.

Here is my example workflow. The only downside to this workflow is that I cannot conditionally build the Docker container, so it is a bit slower than I want it to be, but I can still build my entire C project in a couple of minutes using this workflow.

name: build firmware
on: [push]
jobs:
build_docker_image:
runs-on: ubuntu-18.04

steps:

- uses: actions/checkout@v1

- name: Build and tag image
  run: docker build -t "docker.pkg.github.com/$GITHUB_REPOSITORY/firmware-builder:latest" -f docker/Dockerfile docker/

- name: Docker login
  run: docker login docker.pkg.github.com -u $GITHUB_ACTOR -p $GITHUB_TOKEN
  env:
    GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Publish to GPR
  run: docker push "docker.pkg.github.com/$GITHUB_REPOSITORY/firmware-builder:latest"

build_firmware:

needs: build_docker_image

runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v1

- name: Docker login
  run: docker login docker.pkg.github.com -u $GITHUB_ACTOR -p $GITHUB_TOKEN
  env:
      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Pull Docker image
  run: docker pull "docker.pkg.github.com/$GITHUB_REPOSITORY/firmware-builder:latest"

- name: Run image
  run: docker run -it -d --name builder -v $GITHUB_WORKSPACE:/workspace -w /workspace docker.pkg.github.com/$GITHUB_REPOSITORY/firmware-builder:latest

- name: make version
  run: echo ::set-env name=FIRMWARE_VERSION::$(docker exec builder bash ./make_version.sh)
- name: make
  run: docker exec builder bash -c 'make clean && make'
- name: save artifact
  run: docker exec builder bash -c 'cp upload_program.sh output/'

- uses: actions/upload-artifact@master
  with:
    name: firmware-${{ env.FIRMWARE_VERSION }}
    path: output/

 

That’s good but a little complex. I hope that we can use docker images from the Package Registry with the uses: statement.

(Today Nov. 12th, we still cannot do that.)

Yeah, I agree. My current fix comes with a pretty big performance penalty, so it definitely is not ideal.

Not requiring an auth token to install a published package makes the feature significantly less useful and impossible to use in the way that I wanted: a Docker GitHub Action that uses a container image from the GitHub Package Registry as the base in a FROM statement in the Dockerfile for my action.

There’s no way to build a Docker action that just works with a uses statement if the image is getting pulled from Package Registry, because it requires logging in. I’d say that is a deal-breaker for using Package Registry that will require me to set up an organization on Docker Hub and push images there instead, something I was hoping to avoid (everything using GitHub would have been amazing).

Has something changed here? I’m trying to use a Docker image from a different (public) repository to test my code, I’d like to use it from the registry so I don’t have to build it everytime, since it takes quite long.

Trying to log in first doesn’t work because for some reason “docker pull” is run before any job.

How is this still not solved? Two major “efforts” from GH that don’t actually work together?

Not being able to use images built on a previous step in a uses statement made me think that I could workaround it by pushing it to GitHub Package Registry. Seems like I was wrong.

I wonder how this even works with Docker Hub and Google Cloud Registry (GCR), but not with GPR. Seems like an issue with GPR and not Github Actions.

Today, we still cannot use a Docker image from GitHub Packages in a uses: statement.

- uses: 'docker://docker.pkg.github.com/peaceiris/actions-gh-pages/action:latest'

Screen Shot 2020-06-15 at 12.53.252150×666 130 KB

That’s only true of public images in GCR and Docker Hub though, right?

I had a action that use the container registry:

jobs:
  test:
    container:
      image: docker.pkg.github.com/<org>/<repo-name>/<image-name>:version
      env:
        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}

Since the last week that job has some errors when it is setting up the tests environment:

  /usr/bin/docker pull docker.pkg.github.com/<org-name>/<repo-id>/<image-name>:version
  Error response from daemon: unauthorized

It is strange because there are some jobs does not have that problem. The behavior is inconsistent.

It was working fine, I did not change anything and started to crash. Does anyone has any idea of how to fix that problem?

docker.pkg.github.com is deprecated, see Working with the Docker registry - GitHub Docs. Use ghcr.io instead as described there.