We have a selfhosted github server with selfhosted runner and the whole infrastructure uses JFrog as Docker registry.
Now we also have custom GitHub actions that are based on images within the private JFrog registry. The problem is that the action will be build before the workflow even run and the JFrog denies access to the image.
How can I authenticate the github action runner to the docker registry before it starts the workflow? Or what would be the right way to do it?
Only way I can imagine is rewrite the action to a composite action and do the stuff within the container directly but it feels wrong.
Job and Service containers in GitHub Actions allow you to containerize your CI environment and make databases, caches, or other services available to your tests. Previously those containers had to come from a public container registry which limited the usefulness for some customers. Additionally, we had numerous requests from the GitHub community forums for private registry support.
Here’s an example of using private images from Docker Hub and GitHub Container Registry:
jobs:
build:
container:
image: octocat/ci-image:latest
credentials:
username: mona
password: ${{ secrets.docker_hub_password}}
services:
db:
image: ghcr.io/octocat/testdb:latest
credentials:
username: ${{ github.repository_owner }}
password: ${{ secrets.ghcr_password }}