How to use Docker image from GitHub Packages?

Question

I have this code at .github/workflows/main.yaml

# .github/workflows/main.yaml
name: CI Workflow

on: [push]

jobs:
  rspec-job:
    runs-on: ubuntu-latest
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    container:
      image: I-stucked-here
      volumes:
        - /vendor/bundle
    steps:
      - code omitted for brevity

The main idea of this job is to run all steps in container mode. Not in Linux host mode.

Under the same repository, I have a public Docker image named ruby-rimy-2.6.3 . Since it's not publicly hosted on DockerHub, I can't find a way to programmatically authenticate myself to GitHub Packages/Registry.

I did try with different syntax (see code below) but it didn't work.

# .github/workflows/main.yaml
name: CI Workflow

on: [push]

jobs:
  rspec-job:
    runs-on: ubuntu-latest
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    container:
      image: docker://docker.pkg.github.com/zulhfreelancer/rimy/ruby-rimy-2.6.3:latest
      volumes:
        - /vendor/bundle
    steps:
      - code omitted for brevity

From the docs, GitHub says the GITHUB_TOKEN is available when the job is running. How do I use this GITHUB_TOKEN environment variable to run something like docker login on top of that container: section so that the job is able to pull the image?

Using GitHub Personal Token is not an option for me because that repository is just my experiment repository before applying the same thing to my GitHub organization. I don't want to put my personal token under my organization's repository environment variables/secrets — that will simply exposes my personal token to my co-workers.

Answer 1

You do not need to use the container instruction to run tests in a container.

The GitHub Actions host comes with docker and docker-compose installed. The way I do it, is have a docker-compose.yml in my repository, which includes a "service" that runs tests. Then, your workflow needs to do docker login and simply run the docker-compose run test command.

Note that the beauty of this approach, is that your tests are executed exactly the same on your own machine and on the CI machine. Same exact steps.

Something along these lines:

name: Test
on:
  pull_request:
  push: { branches: master }

jobs:
  test:
    name: Run test suite
    runs-on: ubuntu-latest
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Docker login
      run: echo ${GITHUB_TOKEN} | docker login -u ${GITHUB_ACTOR} --password-stdin docker.pkg.github.com

    - name: Build docker images
      run: docker-compose build

    - name: Run tests
      run: docker-compose run test

I am doing the same with DockerHub, with great ease and success.

Of course, if you do not want to use docker-compose, you can still use any normal docker run ... commands after you login properly in the login step.

I am not sure that docker login command will work as is, see these for a deeper discussion:

• https://github.com/actions/starter-workflows/issues/66
• https://github.community/t5/GitHub-Actions/Github-Actions-Docker-login/td-p/29852/page/2