fix: use GITHUB_TOKEN instead of GHA_CR_TOKEN for GHCR authentication#53
Merged
fix: use GITHUB_TOKEN instead of GHA_CR_TOKEN for GHCR authentication#53
Conversation
Prevent worktree contents from being tracked in the repository. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The custom GHA_CR_TOKEN PAT was invalid/expired, causing all push events to fail when publishing Docker images to ghcr.io. Changes: - Add permissions block with `packages: write` for GITHUB_TOKEN - Replace GHA_CR_TOKEN with GITHUB_TOKEN (always available) - Simplify push logic (no need to check for token existence) - Update docker/login-action from v1 to v3 - Replace deprecated `::set-output` with GITHUB_OUTPUT env file Benefits: - No manual token management required - Token is automatically rotated by GitHub - Proper permissions scoped per-workflow Fixes #52 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes authentication failures in the Docker image publishing workflow by replacing the custom GHA_CR_TOKEN personal access token with the built-in GITHUB_TOKEN, which is automatically provided and managed by GitHub Actions.
Key Changes:
- Replaced custom PAT authentication with
GITHUB_TOKENand added requiredpackages: writepermission - Updated from deprecated
::set-outputcommand to theGITHUB_OUTPUTenvironment file approach - Upgraded
docker/login-actionfrom v1 to v3
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.gitignore |
Added .worktrees/ entry for Git worktree support |
.github/workflows/publish-docker-image.yml |
Fixed GHCR authentication by switching to GITHUB_TOKEN, added permissions block, updated to non-deprecated output mechanism, and upgraded login action version |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| print("Skipping GitHub Container Repository (ghcr.io)") | ||
| print("Skipping GitHub Container Repository (ghcr.io) for non-push events") | ||
|
|
||
| l = ",".join(i) |
There was a problem hiding this comment.
The variable name l (lowercase L) is ambiguous and easily confused with the number 1 or uppercase I. Consider renaming it to something more descriptive like locations or images_list.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GHA_CR_TOKENPAT with built-inGITHUB_TOKENpermissionsblock withpackages: writedocker/login-actionfrom v1 to v3::set-outputcommandBackground
The "Publish Docker image" workflow was failing on all
pushevents becauseGHA_CR_TOKENwas invalid/expired. Pull requests succeeded only because they skip the ghcr.io push entirely.See issue #52 for the full investigation.
Changes
GHA_CR_TOKEN)GITHUB_TOKEN::set-output(deprecated)GITHUB_OUTPUTenv filedocker/login-action@v1docker/login-action@v3Test plan
Fixes #52
🤖 Generated with Claude Code