48 lines
1.8 KiB
Markdown
48 lines
1.8 KiB
Markdown
# GitHub Container Registry Authentication Setup
|
|
|
|
## Problem
|
|
The deployment pipeline fails to pull Docker images from GitHub Container Registry (GHCR) with error:
|
|
```
|
|
Error response from daemon: Head "https://ghcr.io/v2/remmerinio/stiftung-management-system/manifests/latest": denied: denied
|
|
```
|
|
|
|
## Root Cause
|
|
The `GITHUB_TOKEN` used in GitHub Actions has limited permissions and cannot access private container packages.
|
|
|
|
## Solution: Create Personal Access Token
|
|
|
|
### 1. Create GitHub Personal Access Token
|
|
1. Go to GitHub → Settings → Developer settings → Personal access tokens → Tokens (classic)
|
|
2. Click "Generate new token (classic)"
|
|
3. Select these scopes:
|
|
- ✅ `read:packages` - Download packages from GitHub Package Registry
|
|
- ✅ `write:packages` - Upload packages to GitHub Package Registry
|
|
- ✅ `repo` - Full control of private repositories (if repo is private)
|
|
|
|
### 2. Add Token to Repository Secrets
|
|
1. Go to your repository → Settings → Secrets and variables → Actions
|
|
2. Click "New repository secret"
|
|
3. Name: `DEPLOY_TOKEN`
|
|
4. Value: Your personal access token
|
|
5. Click "Add secret"
|
|
|
|
### 3. Verify Token Works
|
|
Test the token manually:
|
|
```bash
|
|
echo "YOUR_TOKEN_HERE" | docker login ghcr.io -u YOUR_USERNAME --password-stdin
|
|
docker pull ghcr.io/remmerinio/stiftung-management-system:latest
|
|
```
|
|
|
|
## Alternative: Make Container Package Public
|
|
1. Go to GitHub → Your Profile → Packages
|
|
2. Find `stiftung-management-system` package
|
|
3. Click on it → Package settings
|
|
4. Change visibility to "Public"
|
|
5. No authentication needed for public packages
|
|
|
|
## Deployment Script Improvements
|
|
The updated deployment script now:
|
|
- ✅ Uses `DEPLOY_TOKEN` instead of `GITHUB_TOKEN`
|
|
- ✅ Has fallback to local build if GHCR pull fails
|
|
- ✅ Provides clear error messages
|
|
- ✅ Continues deployment even if registry is unavailable |