Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 2
Message 1 of 10

Github Actions (new) Pulling from private docker repositories

Solved! Go to Solution.

Hi All,

I have been playing around with github actions for a around a day now and was wondering how to deal with pulling from private docker repositories for example google cloud container registry.

 

I am trying to pull from a repo like so

 

- name: Download Cache
        uses: docker://gcr.io/[Project ID]/cache

I have authenticated in a step above using a service account however in the github actions workflow it prefers to try and pull all of the docker images before running any of the steps.
Screen Shot 2019-08-15 at 1.23.01 pm.png

 

Any plans to support this or know of a way to support this now?

Any discussion will be helpful

9 Replies
Highlighted
Community Manager
Message 2 of 10

Re: Github Actions (new) Pulling from private docker repositories

GitHub Actions currently only supports public Docker images. I can't give an ETA or even promise if using Docker images from private repositories will become available, but I'll pass along your feedback to the developer team.

 

Thanks for reaching out and giving us your feedback!

Highlighted
Copilot Lvl 3
Message 3 of 10

Re: Github Actions (new) Pulling from private docker repositories

This is something available on Azure Pipelines as a service connection. 

 

https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&...

 

I too would be interested. It would make migrating or even hopping back between Azure Pipelines and GitHub actions much easier. 

Highlighted
Pilot Lvl 1
Message 4 of 10

Re: Github Actions (new) Pulling from private docker repositories

@lee-dohm might you be able to comment on whether this is under consideration at all? This is a show stopper for us, as we need to use images in our private AWS ECR repos. 

thanks!

Highlighted
Solution
GitHub Staff
Message 5 of 10

Re: Github Actions (new) Pulling from private docker repositories

Adding the ability to use private docker registeries for Job, Service and Step containers is something we do plan to do.  However, I don’t have an exact timeline right now.

Highlighted
Copilot Lvl 3
Message 6 of 10

Re: Github Actions (new) Pulling from private docker repositories

I also need this for private repos on both AWS ECR and Docker Hub.

 

@chrispat is there an issue we can follow and up-vote on GitHub?

Highlighted
Ground Controller Lvl 1
Message 7 of 10

Re: Github Actions (new) Pulling from private docker repositories

Hi,

 

Is there any news about the ability to pull images from a private repository hosted in DockerHub in the services section of the workflow.yml file?

Highlighted
Copilot Lvl 2
Message 8 of 10

Re: Github Actions (new) Pulling from private docker repositories

I solved this by having a step in my workflow that authenticates and pulls the docker image and then using a internal repo action (which doesn't pull the image on startup) for using the private image. Not ideal but works until github adds support:

 

.github/workflow/main.yml:

 

    - name: Setup service account
      run: echo -n ${{ secrets.GCS }} | base64 -d > token.json
    - name: gql
      uses: actions/gcloud/cli@master
      with:
        entrypoint: /bin/sh
        args: "-c \"gcloud auth activate-service-account --key-file token.json && gcloud auth configure-docker && docker pull gcr.io/****/test\""
      env:
        GOOGLE_APPLICATION_CREDENTIALS: token.json
- name: test action
uses: ./action

 

action/action.yml

name: test action
runs:
  using: 'docker'
  image: 'docker://gcr.io/****/test'

 

 

Highlighted
Copilot Lvl 3
Message 9 of 10

Re: Github Actions (new) Pulling from private docker repositories

It looks like the actions/gcloud repo was archived - what should be used to replace that now?

 

Highlighted
Copilot Lvl 3
Message 10 of 10

Re: Github Actions (new) Pulling from private docker repositories

The strange issue here is, the docker:// images will be pulled right after initiating the runner, without executing the previous steps. Hence, we can't login to the private repository.  Even if we mark the login as a separate job, the order of jobs is not respectes.