I'm trying to preconfigure a private container registry in a CodeSpace so workshop participants can use it. According to the docs it's all pretty straight forward, but it looks like I'm missing something, because it won't work, and the docs aren't clear on what I need to expect on the receiving end.
What I've done so far:
- I have a custom CodeSpace container image that inherits from univesal-linux:1.6.4
- I have configured the 3 documented variables:
- GH_CONTAINER_REGISTRY_SERVER=ghcr.io
- GH_CONTAINER_REGISTRY_USER=jessehouwing
- GH_CONTAINER_REGISTRY_PASSWORD=PAT with Packages (Read) permission
- I have rebuilt the codespace
- I tried a different prefix than
GH_
to no avail.
If I read the docs correctly, this should make sure docker can pull from ghcr using my credentials, but all I get is an error:
codespace ➜ /workspaces/attendee-jessehouwing (main) $ docker pull ghcr.io/xxxxx-customers/xxxxx-cli
Using default tag: latest
Error response from daemon: Head "https://ghcr.io/v2/xxxxx-customers/xxxxx-cli/manifests/latest": unauthorized
I searched the vscode-container repository for a hint to something I may have to configure on my custom container, but I don't really see anything wrong.
Custom container dockerfile:
FROM mcr.microsoft.com/vscode/devcontainers/universal:1-linux
USER codespace
RUN az extension add --name azure-devops
I tried in the standard vscode container and see the same behavior. I must be doing something wrong.
The secrets are registered in the same repository as a set of repository secrets and I'm launching the codespace from the same repo:
Of course it's very simple once you see it!
When you open the Secrets in your GitHub settings you end up on the ACTIONS Secrets page. And the fact that there are 3 other secrets pages is hidden because the expanded settings menu has scrolled off screen.
So make sure you add these secrets to the CODESPACES Secrets page:
Then rebuild the Codespace.