Can't pull docker image from GitHub Packages registry from GitHub Actions workflow - unauthorized error #45981

gomisha · 2023-02-01T05:03:11Z

gomisha
Feb 1, 2023

Select Topic Area

Question

Body

I have the following GitHub Actions that I'm trying to run but I keep getting an "unauthorized error" when the Action is trying to pull the Docker image from GitHub Packages registry in the repo-sync-gomisha step.

name: Sync Repos

on:
  workflow_dispatch:

permissions:
  packages: read
  actions: write
  checks: write
  contents: write
  deployments: write
  id-token: write
  issues: write
  discussions: write
  pages: write
  pull-requests: write
  repository-projects: write
  security-events: write
  statuses: write

jobs:
  repo-sync-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          persist-credentials: false
          token: ${{ secrets.PAT }}
      - name: repo-sync-gomisha
        uses: gomisha/[email protected]
        with:
          source_repo: "https://github.com/gomisha/repo-sync-test-public"
          source_branch: "main"
          destination_branch: "main"
          github_token: ${{ secrets.PAT }}

I keep getting the following error when trying to pull a Docker image from GitHub Packages registry. The image I'm trying to pull is a forked GitHub action, which I'm able to push to the registry.

Error response from daemon: Head "https://ghcr.io/v2/gomisha/github-sync/manifests/v2.3.1": unauthorized

These are all the failed attempts from the public repo that's trying to use the forked GitHub action:

https://github.com/gomisha/repo-sync-test-private/actions

This is the GitHub Actions workflow file I'm using to pull the docker image of the reusable GitHub Action:

https://github.com/gomisha/repo-sync-test-private/blob/main/.github/workflows/repo-sync.yml

Here is a specific error when I run this workflow:

Pull down action image 'ghcr.io/gomisha/github-sync:v2.3.1'
  /usr/bin/docker pull ghcr.io/gomisha/github-sync:v[2](https://github.com/gomisha/repo-sync-test-private/actions/runs/4060550950/jobs/6989752205#step:2:2).3.1
  Error response from daemon: Head "https://ghcr.io/v2/gomisha/github-sync/manifests/v2.3.1": unauthorized
  Warning: Docker pull failed with exit code 1, back off 4.731 seconds before retry.
  /usr/bin/docker pull ghcr.io/gomisha/github-sync:v2.3.1
  Error response from daemon: Head "https://ghcr.io/v2/gomisha/github-sync/manifests/v2.[3](https://github.com/gomisha/repo-sync-test-private/actions/runs/4060550950/jobs/6989752205#step:2:3).1": unauthorized
  Warning: Docker pull failed with exit code 1, back off 7.07 seconds before retry.
  /usr/bin/docker pull ghcr.io/gomisha/github-sync:v2.3.1
  Error response from daemon: Head "https://ghcr.io/v2/gomisha/github-sync/manifests/v2.3.1": unauthorized
Error: Docker pull failed with exit code 1

I'm not sure why I'm getting this unauthorized error.

I can successfully build the Docker image of the GitHub action and upload it to GitHub Package registry. It's only when I try and pull that image from another GitHub Action that I get the above error.

This is the forked GitHub Action that I can successfully build the Docker image and deploy to GitHub Packages registry:

https://github.com/gomisha/github-sync

Here is the last successful deployment of this GitHub Action to the GitHub Package registry.

Solutions Attempted

Things I have tried (but weren't successful):

using a Personal Access Token that has the correct permissions to read/write to the GitHub Package registry

using GITHUB_TOKEN instead of personal access token and giving it very permissive settings so it would have permission to access the GitHub Package registry:

permissions:
  packages: read
  actions: write
  checks: write
  contents: write
  deployments: write
  id-token: write
  issues: write
  discussions: write
  pages: write
  pull-requests: write
  repository-projects: write
  security-events: write
  statuses: write

going to package settings: https://github.com/orgs/gomisha/packages/container/github-sync/settings
and adding https://github.com/gomisha/repo-sync-test-private/ repo to have access to the package
pulling this image locally to my machine
docker login ghcr.io
docker pull ghcr.io/gomisha/github-sync:v2.3.1
So the image is there in the registry and I can even pull it locally, but I can't pull it from my GitHub Actions workflow for some reason.
going to package settings: https://github.com/orgs/gomisha/packages/container/github-sync/settings
and adding https://github.com/gomisha/repo-sync-test-private/ repo to have access to the package

OR13 · 2023-02-12T19:11:47Z

OR13
Feb 12, 2023

I hit same issue, I filed: actions/hello-world-docker-action#15

The problem appears to be that the action.yml is processed by the runner before any ability to ensure it will be able to pull from the container registry.

0 replies

jhelbig · 2024-03-07T04:48:41Z

jhelbig
Mar 7, 2024

this is something that gitlab has had working for about a year now and has a positively huge impact on pipeline development. Not only am I running into this exact problem, but it's been well over a year since it's been brought up AND nobody from github has even responded.

At this point with all the feature bloat elsewhere and lack of support tooling to make developers jobs easier, I can't justify recommending github as a solution to another development team and could easily justify the hours it would take to migrate to gitlab depending on the size of the account.

I'm not mad, just disappointed in the product. It can't even deliver on the basic necessary features that a direct competitor could perform a year ago with what's likely a budget 3/4 the size.

0 replies

pkieltyka · 2024-02-13T02:09:07Z

pkieltyka
Feb 13, 2024

Please fix :) it's super unintuitive, and after some Googling, I see many folks are having the same unauthorized issue on public repos with public images. I'm still working through it to try to make it work on https://github.com/goware/jwtutil .. it seems my ghcr.io/goware/jwtutil package is "private", even though the repo is public. It's too bad as this is a very elegant integration I'm sure many GH engineers worked hard to provide, yet it doesn't work if people can't use it easily..

0 replies

zachspar · 2024-04-10T15:20:20Z

zachspar
Apr 10, 2024

Any updates on this issue? It's unacceptable that GH doesn't have this built-in, especially when using GHCR.

0 replies

leandromsft · 2023-12-11T20:44:49Z

leandromsft
Dec 11, 2023

I have the same issue here :(
Any workaround?

1 reply

mroy-seedbox Dec 18, 2025

Here.

TheDiggster13 · 2025-10-10T14:18:47Z

TheDiggster13
Oct 10, 2025

I'm staggered to find out that I can't pull a container image from my organisation'g GHCR from a workflow in the same organisation. Despite the fact that a lot of the Github docs infer that this should be possible by setting the Repo access on the image, and the package permissions on the GITHUB_TOKEN. This seems like a massive miss, really hope this arrives soon.

1 reply

mroy-seedbox Dec 18, 2025

I was baffled by this as well. Does the workaround I provided below work for you?

iamstarkov · 2024-07-24T13:42:50Z

iamstarkov
Jul 24, 2024

ran in the same issue with crown's docker based action crowdin/crowdin-cli#827

0 replies

mpern · 2024-12-11T12:20:07Z

mpern
Dec 11, 2024

I don't get why this feature request is problematic or hard to solve(?) in the first place.

Now that jobs can use container in a private registry, all the basics for also providing the same capability for actions should be there, no?

By basics I mean fetching the workflow file early enough in the overall processing to configure the runner's Docker config.json with the auth information of job.container (no idea how it's actually implemented, but you get the idea). Just extend that part to additionally loop over all steps in the job and do the same, done? 🤷

At the very least, please provide support for actions in private registries for GH Enterprise ASAP. My employer for example simply doesn't allow anything related to building our software on the public internet with anonymous access, period.

4 replies

joshjohanning Dec 11, 2024

If you're using self-hosted runners, use the container.hooks to pre-auth yourself.

https://github.com/orgs/community/discussions/45981#discussioncomment-8025062

If you're using GitHub-hosted runners, this model can still work you just have to build the composite action in such a way that you can authorize to the docker registry before the image is pulled. See the same linked comment for insights into that with an example.

mpern Dec 12, 2024

I know, and thanks for investigating and documenting the workarounds!

But my point is, this feature must be provided by GH out-of-the-box

Especially now that I had a look a the runner and hook code + ADR.

The implementation is 90% there, the only thing missing is adding fields for username and password in the action metadata syntax.

Let's look at the runner first

Internal DTOs for container-based actions already have fields username and password of the registry
Before pulling the image, login if fields are set
- to a temporary/throwaway config.json
pull image using temp config.json
- which explains why a regular docker login to the private registry as a step in the job doesn't work. The runner doesn't use the default docker comfig.json to pull the image.
delete temp comfig

But here comes the rub:

Because MSFT is being MSFT, username and password are only ever set for ghcr.io, with some GH-internal credentials (?) to make it work seamlessly and increase vendor lock-in.

I guess thats also the reason for using a temp config.json to pull: to prevent leaking those credentials. But why not do something like

IF credentials_provided(registry) THEN
 temp-config.json = docker_login(registry) 
 docker ---config temp-config.json pull ...
ELSE
 docker pull ....

instead?
At least then the behaviour would be consistent with using a Dockerfile for your action. Runner and hook simply execute docker build , without flag --config

Next, hooks:

Schema for container hooks already defines fields for username/password
Reference hook implementation performs the same logic I described above for pulling the image of the action
but: same limitation applies: the fields are only populated for ghcr.io

Seriously, how hard can it be to add optional fields for user/pass of the registry to the action schema. They did it for jobs and services already.

joshjohanning Dec 13, 2024

Many great points here. My opinion is that requiring authentication for private registry Actions may be a slippery slope, at least from an open-source perspective. It would probably only work behind a paid GitHub tier. You wouldn't want to attempt to consume a public Action and find out there's an auth barrier to even attempt to run it.

mpern Dec 13, 2024

Agreed, if your action is open source and/or on the action marketplace, it must "just work".

But my focus is on paid tiers like you mentioned, specifically GH Enterprise. Here I see it as missing "table stakes".

william-stacken · 2024-11-01T15:56:31Z

william-stacken
Nov 1, 2024

Another comment requesting a fix to this problem.

0 replies

BryantChris · 2024-10-02T16:39:22Z

BryantChris
Oct 2, 2024

My experience was that I had to use the workaround #3 as listed above : the jobs.<job_id>.container.image syntax worked to pull the image in (given appropriate credentials and configuration of repo visibility in the package repository, also as indicated in the thread above).

The job.<job_id>.steps.uses syntax pulling the action.yaml from a peer private repository (wherein the yaml references the image as a docker step) did not work no matter which way I tried. It does seem that the docker pull tries to fetch the dependent image before any workflow steps proceed (and therefore it seems before any credentials are established).

The documentation on this process is internally confusing and inconsistent. The implication is that either path should work, but it clearly does not.

0 replies

mhemken-vts · 2024-07-26T18:57:03Z

mhemken-vts
Jul 26, 2024

I've configured all the relevant permissions but still, github actions is unauthorized at ghcr.io?

My use case:

composite workflows are written as YAML and thus cannot be tested or run locally
I want to write my CI logic with Go and run as a Container Action
I follow the documentation to build and push my container to ghcr.io
I define a workflow to reference that container
the Pull step happens before any of the user defined steps
thus I cannot authenticate with ghcr.io from github actions

Trying to get this to work has been a miserable user experience.

2 replies

joshjohanning Jul 26, 2024

It would have to be a public ghcr image. Assuming yours is private, you would have to do one of the workarounds mentioned here to provide authentication.

TLDR, to provide authentication, you can:

pre-auth in self-hosted runner environment ahead of time
use a pre-step job/task in Actions to run logic before every job
use a composite action to hide the docker action and pre-auth before it runs - this would work with github-hosted runners

From an open source / marketplace perspective, having public actions gated around requiring docker creds would be somewhat of a slipper slope, but I do agree for enterprise customers it makes things a touch trickier.

mhemken-vts Jul 29, 2024

<vent><rant>

Thanks for the reply, @joshjohanning , I appreciate the documentation you've provided in this thread. It is very helpful. Authentication is a hard problem and I definitely see how it's even harder at GitHub scale.

Unfortunately the reality of the user experience for a quick and dirty proof of concept is that it's bad. I'm trying to get something working to show the team it is possible. My use case is a pre-alpha-v0.0.1 candidate throw-away hello world example. I don't have the time to set up the authentication scaffolding for self-hosted runners. I have to tip-toe around new things because my team is very skeptical of changing things that already work. I have not built the necessary consensus with the team to put it on the roadmap as a solution to issues that the team is happy to ignore for now but have been and will continue to be nagging problems.

One would think a GitHub git repo could have an easy path to authenticate with a GitHub ghcr.io package repo that's created by the same user under the same account with the same credentials.

"Just make it public" is not a reasonable default for users doing work for an employer. I'd even argue it is a bad default for users working on their own but that's besides the point.

Maybe I'll try for option 3. Or use my personal GitHub account. Neither option compares well with what would be the path of least surprise which would be for my git repo to auth with its eponymous ghcr.io package repo.

</vent></rant>

marcinkubica · 2024-07-26T08:57:53Z

marcinkubica
Jul 26, 2024

I'm on self-hosted runners and have exactly the same problem. No reasonable solution there apart from Github to start respecting the permissions model where we already allow packages to be pulled.

And we allow it in two places - permissions: in the workflow and the package settings allowing to read for a set repo.

1 reply

joshjohanning Jul 26, 2024

permissions are just what types of resources inside of a repository that a particular workflow can access. The permissions on the package could potentially work, but there are still no "docker login" running ahead of time to authenticate to the container registry in order for the container to be pulled.

See another response here https://github.com/orgs/community/discussions/45981#discussioncomment-10163954

sabralod · 2024-04-30T03:59:40Z

sabralod
Apr 30, 2024

Solved the issue by using the 2. workaround with my local development environment, like:

dockerized github-action in private repo with image on ghcr.io
action is used by another repo, which got read permissions to the specific ghcr.io package/image
added ACTIONS_RUNNER_HOOK_JOB_STARTED=exact-path-to-runner-or-script-folder/ghcr-login.sh to local runner's .env file and
created simple script ghcr-login.sh with the command: echo "xxx" | docker login ghcr.io -u xxx --password-stdin

for now I'm fine with it; cause I can develop my action with private images like the way the action would be consumed.

Is it possible to inject / set the ACTIONS_RUNNER_HOOK_JOB_STARTED env var from workflow side?

3 replies

joshjohanning May 22, 2024

Awesome! No, sadly you cannot set it from the workflow side :(. That's why the solution only supports self-hosted runners, you have to set it on the .env file on the runner such that the environment variable exists before the job starts.

zachspar May 22, 2024

@joshjohanning are there any plans to build a feature to pull private package repos in workflow job steps? Particularly from GHCR?

joshjohanning May 22, 2024

@zachspar sadly nothing on the public roadmap for this :(

J-B-Blankenship · 2025-08-21T14:18:27Z

J-B-Blankenship
Aug 21, 2025

For my specific case, being authenticated on the self-hosted runner with a docker login before running ./run.sh did not work. I could pull private images when not running the self-hosted runner, but the self-hosted runner itself was failing.

The authentication method is a classic PAT token. Permissions are correct on the PAT token (READ for packages). Package is available to my user. All of this was confirmed by a successful pull outside of the self-hosted runner.

Here is the code that eventually allowed it to work (step only):

      - name: Pull Docker Image
        id: pull_image
        run: |
          rm -f gh_token.txt
          echo ${{ secrets.CLASSIC_PAT_TOKEN }} >> gh_token.txt
          cat gh_token.txt | docker login ghcr.io -u [Username] --password-stdin
          docker pull ghcr.io/[org]/[repo]/[image_name]:[tag]

0 replies

joshjohanning · 2023-12-11T21:38:11Z

joshjohanning
Dec 11, 2023

I think the main issue is that GitHub doesn't natively support pulling in containers in docker actions from a private feed. Some workarounds:

make your registry public
pre-authenticate / have the container available using a pre-job step on a self-hosted runner
use a container or service job where you can specify credentials
use a composite action to authenticate, pull, and run the docker image yourself via command line
Do something like this where you expect the env vars to be there in order to be able to pull container from the private feed
reference the dockerfile directly when using docker actions

runs.image
Required The Docker image to use as the container to run the action. The value can be the Docker base image name, a local Dockerfile in your repository, or a public image in Docker Hub or another registry. To reference a Dockerfile local to your repository, the file must be named Dockerfile and you must use a path relative to your action metadata file. The docker application will execute this file.

Edit: see my comment for 2 other options.

5 replies

sumanth-kondru Dec 20, 2023

Having same issue , when I call same action from market place action it pulls image from docker hub and working , when I clone the same repo to org goin account and point to jfrog image it’s failing with authentication needed though I am passing the auth step any one found fix ?

tremblaysimon Jan 5, 2024

Workaround are ok, but in the end GitHub Actions should support it natively to be able to use a private regsitry requiring authentication.

joshjohanning Jan 5, 2024

I have two more workarounds / solutions to share:

Using a composite Action you can sort of bury the Docker action by making it a local action (cloning the docker action repo and running it from a local directory). Then, it won't auth to Docker at the beginning of the job and you can auth to docker yourself before that action runs. There are 2 examples of this in this repo.
Use Container Hooks
- Example code
- Example action being ran
- Using container hooks with self-hosted runners would allow you to customize how docker actions are referenced, therefore being able to inject docker auth logic without the end-user having to do it themselves in the action workflow.

For those finding this comment later, I wrote on points 7 and 8 in a blog post here.

tremblaysimon Jan 22, 2024

Your point 7 could work with an image already built but it will not work with a Dockerfile (when the param image is like image: "Dockerfile").

mroy-seedbox Dec 18, 2025

I tried # 4, and it was a terrible experience (because GH handles so much out of the box vs calling docker run ourselves).

I ended up accidentally discovering this workaround (just run a docker pull ahead of time), which was much simpler.

@tremblaysimon: I think it might work for you too (with a Dockerfile). 🤞

mroy-seedbox · 2025-12-18T10:33:20Z

mroy-seedbox
Dec 18, 2025

Just sharing a simple solution/workaround that worked for me (but I understand that it won't work for people who want to run the entire job on a container from GHCR):

Pulling the image ahead of time allows it to then be used by the following steps/actions without requiring auth:

      - uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Pull docker image
        run: docker pull ghcr.io/org/repo
        shell: bash
      # other steps can now use the image, because it is local and Docker won't even check the auth

So to solve the OP's problem, this should work:

jobs:
  repo-sync-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          persist-credentials: false
          token: ${{ secrets.PAT }}
      - uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }} # Or maybe ${{ secrets.PAT }} ?
      - name: Pull docker image
        run: docker pull ghcr.io/org/repo
        shell: bash
      # Now this should work!
      - name: repo-sync-gomisha
        uses: gomisha/[email protected]
        with:
          source_repo: "https://github.com/gomisha/repo-sync-test-public"
          source_branch: "main"
          destination_branch: "main"
          github_token: ${{ secrets.PAT }}

0 replies

zachspar · 2024-09-28T03:31:20Z

github-actions[bot]
bot Sep 28, 2024

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

1 reply

zachspar Sep 28, 2024

Still an issue.

2024-07-22T03:28:07Z

github-actions[bot]
bot Jul 22, 2024

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

0 replies

2025-02-12T03:30:12Z

github-actions[bot]
bot Feb 12, 2025

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

0 replies

Ciocotisan · 2025-11-17T19:34:30Z

Ciocotisan
Nov 17, 2025

Still facing the same insane issue...

0 replies

Can't pull docker image from GitHub Packages registry from GitHub Actions workflow - unauthorized error #45981

Uh oh!

Uh oh!

Select Topic Area

Body

Solutions Attempted

Replies: 20 comments · 18 replies

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Replies: 20 comments 18 replies