Github Actions (new) Pulling from private docker repositories #25731
-
Hi All, I have been playing around with github actions for a around a day now and was wondering how to deal with pulling from private docker repositories for example google cloud container registry. I am trying to pull from a repo like so
I have authenticated in a step above using a service account however in the github actions workflow it prefers to try and pull all of the docker images before running any of the steps. Any plans to support this or know of a way to support this now? Any discussion will be helpful |
Beta Was this translation helpful? Give feedback.
Replies: 23 comments 4 replies
-
GitHub Actions currently only supports public Docker images. I can’t give an ETA or even promise if using Docker images from private repositories will become available, but I’ll pass along your feedback to the developer team. Thanks for reaching out and giving us your feedback! |
Beta Was this translation helpful? Give feedback.
-
This is something available on Azure Pipelines as a service connection. I too would be interested. It would make migrating or even hopping back between Azure Pipelines and GitHub actions much easier. |
Beta Was this translation helpful? Give feedback.
-
@lee-dohm might you be able to comment on whether this is under consideration at all? This is a show stopper for us, as we need to use images in our private AWS ECR repos. thanks! |
Beta Was this translation helpful? Give feedback.
-
Adding the ability to use private docker registeries for Job, Service and Step containers is something we do plan to do. However, I don’t have an exact timeline right now. |
Beta Was this translation helpful? Give feedback.
-
I solved this by having a step in my workflow that authenticates and pulls the docker image and then using a internal repo action (which doesn’t pull the image on startup) for using the private image. Not ideal but works until github adds support: .github/workflow/main.yml:
action/action.yml
|
Beta Was this translation helpful? Give feedback.
-
It looks like the actions/gcloud repo was archived - what should be used to replace that now? |
Beta Was this translation helpful? Give feedback.
-
I also need this for private repos on both AWS ECR and Docker Hub. @chrispat is there an issue we can follow and up-vote on GitHub? |
Beta Was this translation helpful? Give feedback.
-
The strange issue here is, the docker:// images will be pulled right after initiating the runner, without executing the previous steps. Hence, we can’t login to the private repository. Even if we mark the login as a separate job, the order of jobs is not respectes. |
Beta Was this translation helpful? Give feedback.
-
This is particularly annoying because even “public” Github Packages repos require auth. So effectively we can’t use Github on Github. |
Beta Was this translation helpful? Give feedback.
-
Does the same apply for GitHub registry hosted docker images under a private repository? |
Beta Was this translation helpful? Give feedback.
-
My main concern is that the Visual Studio build tools eula requires me to make the docker image with my configuration private. I am willing to make it public but i’m not allowed to do that. So either Visual Studio build tools should allow being hosted on public dockers or github should allow private containers for this usecase. I find that Visual Studio is rarely configured correctly for my usecase (cutting edge c++), as usually only .NET things are taken into account. |
Beta Was this translation helpful? Give feedback.
-
If you’re using AWS ECR, and have self-hosted github runner, you can consider docker-credential-ecr-login (aka, the Docker credentials plugin) Authenticating Amazon ECR Repositories for Docker CLI with Credential Helper...This is a guest post from my colleagues Ryosuke Iwanaga and Prahlad Rao. ———————— Developers building and managing microservices and containerized applications using Docker containers require a secure, scalable repository to store and manage Docker... you can install it on your self-hosted runner, and use following config (you can modify the config for specific ECR repo rather than general)
in this way, the runner will auto login AWS ECR and pull images from your private ECR repo. it works for both github actions service containers and docker container step. |
Beta Was this translation helpful? Give feedback.
-
Anyone know the status of this? It seems like a fundamental flaw not being able to docker login (to any registry, whether github packages or docker hub or ecr). Our co would love to adopt actions, but the inability to pull private images is a deal breaker. |
Beta Was this translation helpful? Give feedback.
-
Also writing here to manifest that I consider this an essential feature, and I’d like to know what’s the status with this request. Can we expect this to be supported anytime soon? If not any private registry at least GitHub’s own docker registry, as right now it’s funny to not be able to use GitHub images from public repos in GitHub itself. |
Beta Was this translation helpful? Give feedback.
-
The last semi-official update from @chrispat was a little over a year ago. Are any updates available? |
Beta Was this translation helpful? Give feedback.
-
Shipped today for job and service containers. The GitHub BlogGitHub Actions: Private registry support for job and service containers -...GitHub Actions: Private registry support for job and service containers |
Beta Was this translation helpful? Give feedback.
-
such timing! great job, and thanks to all who made it happen @chrispat (including you). |
Beta Was this translation helpful? Give feedback.
-
Is this only for pulling from GH registry? if I need to pull from GCR, it doesn’t look like that’s supported yet, unless i’m missing something. |
Beta Was this translation helpful? Give feedback.
-
Any chance for AWS ECR support? |
Beta Was this translation helpful? Give feedback.
-
same issue here :( |
Beta Was this translation helpful? Give feedback.
-
@chrispat, any timeline on when we will be able to pull from a private registry within a step? In my case, I need to pull from a private GHCR for a single step. |
Beta Was this translation helpful? Give feedback.
-
Using private docker registry in action is still an open issue. @chrispat |
Beta Was this translation helpful? Give feedback.
-
@zachspar I have found a solution: Docs: Github Docs
FROM ghcr.io/<my-org>/<image>:<tag>
#... Cool stuff |
Beta Was this translation helpful? Give feedback.
Adding the ability to use private docker registeries for Job, Service and Step containers is something we do plan to do. However, I don’t have an exact timeline right now.