Like Docker Hub, Azure Container Registry and others, GitHub has its own container registry. GitHub Container Registry, is located at ghcr.io
Here are a series of steps to getting underway with publishing container images within your GitHub Organisation.
Enabling GitHub Container Registry
In order to publish container images to the registry, the feature for managing containers must be enabled in the GitHub organisation.
To do this, open Settings in your GitHub organisation (
Check Enable improved container support
Authenticating with GitHub Container Registry
A simple yet secure method of authenticating, from your laptop, to the GitHub Container Registry is to use a Personal Access Token (PAT).
First, obtain a PAT.
Obtaining a PAT from GitHub
- On GitHub.com, expand your profile menu and choose Settings
2. From the menu, choose Developer settings
3. From the menu, choose Person access tokens
4. Choose Generate new token
5. Give a meaningful description for the token – this can be used to identify which service ought to be renewed or revoked, when applicable
6. Select write:packages and delete:packages at the Select scopes section
7. Select Generate token
8. Copy the token
Connecting to GHCR
Using the PAT obtained in the previous section, save your PAT as an environment variable
With your GitHub username, run the docker login command consuming the value of the environment variable as your password
echo $CR_PAT | docker login ghcr.io -u <<Your-GitHub-Username>> --password-stdin
Working with Images on GHCR
Tag your Container Image
Below shows an example of building a contained image and tagging it for GHCR. Here are the assets for building an Azure DevOps Agent container image
drwxr-xr-x 5 markpatton staff 160 23 Dec 01:09 . drwxr-xr-x 5 markpatton staff 160 23 Dec 01:10 .. -rw-r--r-- 1 markpatton staff 2268 20 Jan 23:43 Dockerfile -rw-r--r-- 1 markpatton staff 201 21 Oct 15:24 ms-packs.sh -rw-r--r-- 1 markpatton staff 2581 9 Dec 12:13 start.sh
Build and Tag the image
Avoid the use of
latest to denote the tag
docker build --no-cache -t ghcr.io/mark-patton-cloud/ado-linux-agent:1.1.0 .
List the docker images to show the latest created version
REPOSITORY TAG IMAGE ID ghcr.io/mark-patton-cloud/ado-linux-agent 1.1.0 69ece9a5ca5d
Publish Images on GHCR
When the image is ready, push to GHCR
docker push ghcr.io/mark-patton-cloud/ado-linux-agent:1.1.0
Open GitHub Packages and note the published image