To push container images to ghcr, you need peronal access token (PAT) - see how to create PAT
- Get PAT (personal access token)
Personal Settings > Developer settings > Personal access tokens
- ghcr login test
# echo $PAT | docker login ghcr.io -u <githubユーザ名> --password-stdin
echo $PAT | docker login ghcr.io -u yokawasa --password-stdin
Login Succeeded
- push
docker tag mycontainer ghcr.io/yokawasa/myrepo/mycontainer:0.0.1
docker push ghcr.io/yokawasa/myrepo/mycontainer:0.0.1
- inspect
docker inspect ghcr.io/yokawasa/myrepo/mycontainer:0.0.1
you can do seamless access to containers from Actions workflows via the GITHUB_TOKEN
The Container registry supports the GITHUB_TOKEN for easy and secure authentication in your workflows. If your workflow is using a personal access token (PAT) to authenticate to ghcr.io, then we highly recommend you update your workflow to use the GITHUB_TOKEN.
- name: Log in to registry
# This is where you will update the PAT to GITHUB_TOKEN
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
See Upgrading a workflow that accesses ghcr.io for more detail
memo:
there are a couple of other public registries. for instances, trivy uses dockerhub, public.ecr.aws as well as ghcr.io
https://github.com/aquasecurity/trivy/releases