Today we are talking about a very new feature for GitHub Actions: Job and service containers from private registries.
What does that mean? Let's discover it together.
Video
If you are a visual learner, or simply prefer to watch and listen instead of reading, here you have the video with the whole explanation and demo, which to be fair is much more complete than this post.
(Link to the video: https://youtu.be/S5eZ0YOLJDc)
If you rather prefer reading, well... let's just continue :)
What are Job Containers and Service Containers?
First off, what are job containers and service containers?
Job containers allow you to provide the environment and tools that your workflow needs, they are a great way to ensure your dependencies are always exactly met and under your control.
Similarly, service containers provide a way to stand up additional networked services that your workflow may need to build or test against, like a database, an API, and so forth.
The old way
Previously you may have had a workflow like this:
name: JobContainers
on: [workflow_dispatch]
jobs:
build:
runs-on: ubuntu-latest
services:
redis: redis:latest
container: alpine:3
steps:
- run: ./build.sh
In the workflow we have both the service container (a redis image under services) and the job container (an alpine image under container), and as you can see both images comes from a public container registry.
Unfortunately there has not been a way to consume these containers from private registries, or more generally if pulling them required you be logged in. Until now!
The new way!
With the new feature, in fact, you can just provide the username and password in a new credentials property as you would if you were running docker login.
name: JobContainers Private reg
on: [workflow_dispatch]
jobs:
private:
runs-on: ubuntu-latest
services:
redis:
image: ghcr.io/n3wt0n/modified-redis
credentials:
username: n3wt0n
password: ${{ secrets.GHCR_TOKEN }}
container:
image: ghcr.io/n3wt0n/modified-alpine
credentials:
username: n3wt0n
password: ${{ secrets.GHCR_TOKEN }}
steps:
- run: echo secret!
As you can see above, we now have this now credentials property that allows us to specify the credentials to authenticate to any private registry.
In that example I'm using the new GitHub Container Registry, but in fact that would work for any registry which requires authentication: Private Docker Hub, Azure Container Registry, etc... you name it...
Easy right?
Conclusion
Let me know in the comment section below what you think of this new feature. I personally think it's a great addition to GitHub Actions that finally opens so many new scenarios.
Once again, watch the video on YouTube to see this live with the whole explanation.
Top comments (0)