Using Images from ghcr.io with GitHub Actions
Recently I ended up needing to start a Service Container on a GitHub Actions workflow that was based on an internal service image. Sadly, GitHub’s documentation regarding those specific cases are surprisingly incomplete; I do hope they sort it out eventually, but in the meantime, that’s how I managed to get it working.
To download an image from ghcr.io, a few preconditions must be met.
Naturally, the container image must be present in the ghcr.io repository, and it
also needs a special Internal
visibility. To achieve that, go to the
image’s package page, click Package Settings
on the right-side menu, and
scroll all the way down to the Danger Zone. There, select Change Visibility
,
and then pick Internal
. That will allow the Actions Workflow to access it as
long as the package and the workflow being executed belong to the same
organisation.
Using the Service Container
Now, on the workflow, one may proceed as usual, using the image as stated in
the package page, and using github.actor
and secrets.GITHUB_TOKEN
in the
service’s credentials
key:
on:
push:
branches: [master]
jobs:
test:
services:
internal-service:
image: ghcr.io/org/internal-service:latest
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v2
# ...
This should be enough to download and start the internal container image as a service container in the Workflow.