Answer a question

I have a Github organization and try to migrate container registry from docker hub to GitHub Packages. By using Github Workflows, here's the yaml I used to push docker to GitHub Packages:

name: ghcr_test
on:
  push:
    branches:
      - dev

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Login to GitHub Packages
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push Docker image
        uses: docker/build-push-action@v2
        with:
          context: .
          push: true
          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}

GitHub recommends using GITHUB_TOKEN in action workflows, I'm already double check it has read and write permission in my organization settings, but they gave me this error

Error: buildx failed with: error: denied: permission_denied: write_package

Any help?

Answers

Check if this is related to actions/runner issue 1039

Seems like GITHUB_TOKEN works only on default branch... You need to use custom PAT when running on PR branches

Check also if this is similar to this discussion:

It turns out another org member had pushed the same package, which was private by default and was owned by that org member.
Since nobody else could even see the package as existing, we were very confused.

I think this default behavior of new packages being privately owned by the user uploading and not being visible to even the org owners is quite confusing.

If not, try, as described here, to do the push manually, in order to validate your token (with a docker login -u USERNAME -p TOKEN ghcr.io, then a docker push). The GitHub action might then work.