Preconfigure Container Registry in Codespaces

454 views Asked by At

I'm trying to preconfigure a private container registry in a CodeSpace so workshop participants can use it. According to the docs it's all pretty straight forward, but it looks like I'm missing something, because it won't work, and the docs aren't clear on what I need to expect on the receiving end.

What I've done so far:

  • I have a custom CodeSpace container image that inherits from univesal-linux:1.6.4
  • I have configured the 3 documented variables:
    • GH_CONTAINER_REGISTRY_SERVER=ghcr.io
    • GH_CONTAINER_REGISTRY_USER=jessehouwing
    • GH_CONTAINER_REGISTRY_PASSWORD=PAT with Packages (Read) permission

enter image description here

  • I have rebuilt the codespace
  • I tried a different prefix than GH_ to no avail.

If I read the docs correctly, this should make sure docker can pull from ghcr using my credentials, but all I get is an error:

codespace ➜ /workspaces/attendee-jessehouwing (main) $ docker pull ghcr.io/xxxxx-customers/xxxxx-cli
Using default tag: latest
Error response from daemon: Head "https://ghcr.io/v2/xxxxx-customers/xxxxx-cli/manifests/latest": unauthorized

I searched the vscode-container repository for a hint to something I may have to configure on my custom container, but I don't really see anything wrong.

Custom container dockerfile:

FROM mcr.microsoft.com/vscode/devcontainers/universal:1-linux

USER codespace
    
RUN az extension add --name azure-devops

I tried in the standard vscode container and see the same behavior. I must be doing something wrong.

The secrets are registered in the same repository as a set of repository secrets and I'm launching the codespace from the same repo:

Launching codespace from repo

Secrets stored in the same repository's settings

2

There are 2 answers

0
jessehouwing On BEST ANSWER

Of course it's very simple once you see it!

When you open the Secrets in your GitHub settings you end up on the ACTIONS Secrets page. And the fact that there are 3 other secrets pages is hidden because the expanded settings menu has scrolled off screen.

So make sure you add these secrets to the CODESPACES Secrets page:

Use the Codespaces secrets page

Then rebuild the Codespace.

1
Allison Weins On

A few questions to try and unblock you -

  1. Have you ensured that your secrets are available to the repository you're creating the codespace off of? You can click "Update" to see which repos have access to these secrets. More info here
  2. Did you create this codespace before your secrets were created? Secrets are only injected at codespace creation or restarting so if you added these secrets after creating the codespace, they won't be accessible in the codespace until after a restart. You can verify your secrets are accessible in the codespace by typing in echo {SECRET_NAME} and ensuring the secret is output.

Nothing looks out of sorts from what I can see but can investigate further once you verify the two questions above!