According to the GitHub docs, you can only authenticate to the GitHub Container Registry via a personal access token or via the GITHUB_TOKEN (only available in GitHub actions). The GITHUB_TOKEN is an installation access token of a GitHub App.
When you enable GitHub Actions, GitHub installs a GitHub App on your repository. The GITHUB_TOKEN secret is a GitHub App installation access token. [source]
Is it possible to use the installation access token of another GitHub App to authenticate to the GitHub Container registry?
EDIT 08-30-2023: According to a GitHub employee, this feature is missing as of now, but they are working on it.
I was successful in authenticating to the github container registry. However I can't get it to pull or push any container images.
Looking at the REST API documentation: https://docs.github.com/en/rest/packages/packages?apiVersion=2022-11-28#get-a-package-for-an-organization
It doesn't say that it works with github apps, like it does for this endpoint for instance: https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#list-organization-repositories
From my experience some of the things in github isn't well documented so I did try, but in the end I couldn't get it to work.
I managed to successfully login using
docker loginwith a github app token, but still getting blocked by packages permissions when trying to push an image.This is what I did to be able to login at least:
docker login ghcr.io -u <YOUR_GITHUB_APP_ID>and when prompted for password enter the token from the response in step 2.My problem might be that the app is installed on the organization and I don't have enough permissions. When you generate your access token in the response you will see what kind of permissions it has. For it to work I guess it should have "packages" in the "permissions"
This is what I got in my response:
But still failed with this when trying to push an image: