Add-ons from password protected docker registries

skateman · September 10, 2020, 10:16am

I’m playing with the automated build of add-ons using GitHub actions and publishing them to GitHub Packages Docker Registry. Basically my idea is to have a fully automated add-on repo that is only dependent on GH, so I don’t have to deal with storing secrets on the CI/CD server.

The GH Packages Docker Registry doesn’t allow me to pull container images anonymously, without logging in first. However, the hassio supervisor doesn’t support login, even if I’m logged in on the host machine using docker login docker.pkg.github.com. The SDK that the supervisor uses to talk to the docker daemon does have login method and it even supports logging in using the ~/.docker/config.json populated by using docker login.

My idea would be to populate the config.json from the host machine to the supervisor container, iterate through all the defined repos insite and one-by-one log in into each after the client gets initialised.

Would be something like this welcome as a PR?

skateman · September 10, 2020, 6:34pm

I was a little impatient and created the PRs:

ludeeus · September 10, 2020, 6:55pm

the GH Packages Docker Registry doesn’t allow me to pull container images anonymously,

This is not correct?

docker pull ghcr.io/OWNER/IMAGE_NAME:tag does not require authentication.

skateman · September 10, 2020, 7:13pm

Well, ghcr.io would probably work but AFAIK that’s still beta and you cannot use GITHUB_TOKEN to push anything into it, so I have to deal with secrets. I can’t even access it from current my location, it just times out.

On the other hand the docker.pkg.github.com cannot be accessed without logging in

ludeeus · June 3, 2021, 11:43am

This is implemented