GitHub Container Registry

GitHub Container Registry supersedes the existing Packages Docker Registry and is optimized to support some of the unique needs of containers. If you've used the GitHub Packages Docker Registry to store Docker images, you can migrate to the new container registry.

With the container registry you can:

  • Store container images within your organization and user account, rather than a repository.
  • Set fine-grained permissions and visibility independent of repository permissions and visibility.
  • Access public container images anonymously.

Note: This chapter is only applicable if you push images to GitHub Container Registry.

CI command

You'll need to pass in the -p flag when pinging FeaturePeek in your CI pipeline.

bash <(curl -s https://peek.run/ci) -p ghcr.io/myorg/myrepo:mytag

Be sure to call this after your build step.

Enable GitHub Container Registry for your organization

In an organization, organization admins can allow organization members to publish public or private container images to GitHub Container Registry.

Follow the instructions in GitHub's help docs to set whether you'd like your packages to be public or private.

Assign a personal access token (PAT)

Creating the PAT

To give your CI pipeline permission to push Docker images to GitHub Container Registry, you need to create a personal access token. This token should only be granted the write:packages and read:packages scopes.

  1. Go to your Personal access tokens settings page
  2. Click the "Generate new token" button
  3. In the Note field, type in GHCR or similar so that you'll remember that this token is for the GitHub Container Registry.
  4. Select the write:packages and read:packages checkboxes. You may deselect the repo checkbox if it automatically becomes selected.
  5. Click the green "Generate token" button at the bottom of the page
  6. Copy the token on the resulting page

Using the PAT as a repository secret

  1. Go to your repo's settings page on GitHub
  2. In the left-hand column, click Secrets
  3. Click the "New secret" button
  4. For name, enter the value CR_PAT (this stands for Container Registry Personal Access Token)
  5. For value, paste the token that you copied when you created your PAT
  6. Click "Add secret"

Required environment variables

CR_PAT

Below is an example workflow YAML file that builds a docker image and pushes it to the GitHub Packages registry. Be sure to replace ORG and REPO with your own values.

The last line in the following example is how you set an environment variable to a secret.

# /.github/workflows/featurepeek.yml
name: Build and Ping FeaturePeek
on: push
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [12.x]
steps:
- uses: actions/[email protected]
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-[email protected]
with:
node-version: ${{ matrix.node-version }}
- name: Docker login
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
- name: Build and push image
run: |
docker build . -t ghcr.io/ORG/REPO:$GITHUB_SHA
docker push ghcr.io/ORG/REPO:$GITHUB_SHA
- name: Ping FeaturePeek
run: bash <(curl -s https://peek.run/ci) -p ghcr.io/ORG/REPO:$GITHUB_SHA
env:
CR_PAT: ${{ secrets.CR_PAT }}