Menu
I'm trying to set up a job in github-actions that runs a private docker image. I will do the build inside that docker image using the container option. link.
I'm using the following code:
jobs:
container1:
runs-on: ubuntu-latest
container: saeed/privateimage:1
steps:
- uses: actions/checkout@v2
- run: |
echo "Runs inside a container"
But I can't provide my docker hub creds so it fails.
How can I authenticate to pull that private image?
Thanks.
291
Log in to Docker Hub On your laptop, you must authenticate with a registry in order to pull a private image. Use the docker tool to log in to Docker Hub. See the log in section of Docker ID accounts for more information.
You can publish Docker images to a registry, such as Docker Hub or GitHub Packages, as part of your continuous integration (CI) workflow.
"The Docker image to use as the container to run the action. The value can be the Docker Hub image name or a public docker registry name." You could configure credentials for accessing the private docker registry as secrets then use the secrets to login and run your private images for example:
Add your Docker ID as a secret to GitHub. Navigate to your GitHub repository and click Settings > Secrets > New secret. Create a new secret with the name DOCKER_HUB_USERNAME and your Docker ID as value. Create a new Personal Access Token (PAT). To create a new token, go to Docker Hub Settings and then click New Access Token.
For those that are trying to use a custom Docker image published to the new GitHub Docker Container Registry at ghcr.io in one of your jobs or steps, this is what I did. Create a Personal Access Token, as seen on GitHub documentation for the new Docker Container Registry.
If the just-cloned private repository is a Docker container action containing a Dockerfile, action metadata file, and entrypoint, it's possible to run it since uses syntax supports citing actions in the same repository as the workflow:
For those that are trying to use a custom Docker image published to the new GitHub Docker Container Registry at ghcr.io in one of your jobs or steps, this is what I did.
Create a Personal Access Token, as seen on GitHub documentation for the new Docker Container Registry. To do this, go to your GitHub Account > Settings > Developer Settings > Personal Access Tokens and select the following options for your token:
Go to your project's GitHub repository and go to Settings > Secrets > New Secret and create a secret like this:
Take that token and put it in your computer's environment like this (or just copy it, whichever works):
export DOCKER_CONTAINER_REGISTRY_TOKEN=<the personal access token>
Push your Docker image to ghcr.io/<YOUR_USERNAME>/<IMAGE_NAME>:<IMAGE_TAG>. To do this, you can find so in the documentation for Pushing Docker Images to the GitHub Docker Container Registry. In essence, you can do something in your computer in the lines of:
# Login to your ghcr.io
echo $DOCKER_CONTAINER_REGISTRY_TOKEN | docker login -u <YOUR_USERNAME> --password-stdin
# As an example, here I pull an image, tag it, and push it.
docker pull ubuntu:18.04
docker tag ubuntu:18.04 ghcr.io/<YOUR_USERNAME>/my_special_ubuntu:latest
docker push ghcr.io/<YOUR_USERNAME>/my_special_ubuntu:latest
Then, create an action under your .github/workflows/ folder in your repository. In this example, let's name it super-action:
# You can just create the file in whichever editor you use.
# This can do the work though...
cd $YOUR_PROJECT_PATH/.github/workflows
touch super-action.yml
Open the super-action.yml action, and you can do something like this:
# Action name
name: Super Action
# Here, this action will be enabled on all pushes.
# Modify this to fit your needs.
on:
push
# Jobs section
jobs:
# The job that will use the container image you just pushed to ghcr.io
super-job:
runs-on: ubuntu-18.04
container:
image: ghcr.io/<YOUR_USERNAME>/<IMAGE_NAME>:<IMAGE_TAG>
credentials:
username: <YOUR_USERNAME>
password: ${{ secrets.DOCKER_CONTAINER_REGISTRY_TOKEN }}
steps:
- name: super-step
shell: bash
run: |
# Whatever commands you want to run here using the container with your
# new Docker image at ghcr.io!>
echo "--This is running in my custom Docker image--"
After you push something to the repo, you should see something like this running in your actions. In the following screenshots, I use my own docker image found here. and my own super-action.
And then, you can see your job's run commands being executed inside a container using that Docker image!
52
It looks like support for this has been added just today, see blog post.
The post uses this example:
jobs:
build:
container:
image: octocat/ci-image:latest
credentials:
username: mona
password: ${{ secrets.docker_hub_password}}
services:
db:
image: octocat/testdb:latest
credentials:
username: mona
password: ${{ secrets.docker_hub_password }}
The documentation for container is here.
26
Update: check @Benjamin W.'s answer. GitHub Actions added Private registry support for job and service containers.
The docs indicate that the jobs.<job_id>.container.image should be a publicly available image:
"The Docker image to use as the container to run the action. The value can be the Docker Hub image name or a public docker registry name."
You could configure credentials for accessing the private docker registry as secrets then use the secrets to login and run your private images for example:
test:
name: test
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: example.com docker registry login
run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login example.com -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
- name: run backend tests using example.com/my-image
run: |
docker run --rm -i \
-v ${PWD}:/workspace/source \
-e PYTHONPATH=/workspace/source \
-e DJANGO_SETTINGS_MODULE="www.settings" \
-w /workspace/source \
--entrypoint tox \
example.com/my-image
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
