Working with the Container registry --- 使用github做docker镜像仓库

Working with the Container registry

https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry

 

Pushing container images

This example pushes the latest version of IMAGE_NAME.

docker push ghcr.io/NAMESPACE/IMAGE_NAME:latest

Replace NAMESPACE with the name of the personal account or organization to which you want the image to be scoped.

This example pushes the 2.5 version of the image.

docker push ghcr.io/NAMESPACE/IMAGE_NAME:2.5

When you first publish a package, the default visibility is private. To change the visibility or set access permissions, see "Configuring a package's access control and visibility." You can link a published package to a repository using the user interface or command line. For more information, see "Connecting a repository to a package."

When you push a container image from the command line, the image is not linked to a repository by default. This is the case even if you tag the image with a namespace that matches the name of the repository, such as ghcr.io/octocat/my-repo:latest.

The easiest way to connect a repository to a container package is to publish the package from a workflow using ${{secrets.GITHUB_TOKEN}}, as the repository that contains the workflow is linked automatically. Note that the GITHUB_TOKEN will not have permission to push the package if you have previously pushed a package to the same namespace, but have not connected the package to the repository.

To connect a repository when publishing an image from the command line, and to ensure your GITHUB_TOKEN has appropriate permissions when using a GitHub Actions workflow, we recommend adding the label org.opencontainers.image.source to your Dockerfile. For more information, see “Labelling container images” in this article and “Publishing and installing a package with GitHub Actions.”

 

 

Pulling container images

Pull by digest

To ensure you're always using the same image, you can specify the exact container image version you want to pull by the digest SHA value.

1. To find the digest SHA value, use docker inspect or docker pull and copy the SHA value after Digest:

   docker inspect ghcr.io/NAMESPACE/IMAGE_NAME
   

   Replace NAMESPACE with the name of the personal account or organization to which the image is scoped.

2. Remove image locally as needed.

   docker rmi ghcr.io/NAMESPACE/IMAGE_NAME:latest
   

3. Pull the container image with @YOUR_SHA_VALUE after the image name.

   docker pull ghcr.io/NAMESPACE/IMAGE_NAME@sha256:82jf9a84u29hiasldj289498uhois8498hjs29hkuhs
   

Pull by name

docker pull ghcr.io/NAMESPACE/IMAGE_NAME

Replace NAMESPACE with the name of the personal account or organization to which the image is scoped.

Pull by name and version

Docker CLI example showing an image pulled by its name and the 1.14.1 version tag:

$ docker pull ghcr.io/NAMESPACE/IMAGE_NAME:1.14.1
> 5e35bd43cf78: Pull complete
> 0c48c2209aab: Pull complete
> fd45dd1aad5a: Pull complete
> db6eb50c2d36: Pull complete
> Digest: sha256:ae3b135f133155b3824d8b1f62959ff8a72e9cf9e884d88db7895d8544010d8e
> Status: Downloaded newer image for ghcr.io/NAMESPACE/IMAGE_NAME/release:1.14.1
> ghcr.io/NAMESPACE/IMAGE_NAME/release:1.14.1

Replace NAMESPACE with the name of the personal account or organization to which the image is scoped.

Pull by name and latest version

$ docker pull ghcr.io/NAMESPACE/IMAGE_NAME:latest
> latest: Pulling from NAMESPACE/IMAGE_NAME
> Digest: sha256:b3d3e366b55f9a54599220198b3db5da8f53592acbbb7dc7e4e9878762fc5344
> Status: Downloaded newer image for ghcr.io/NAMESPACE/IMAGE_NAME:latest
> ghcr.io/NAMESPACE/IMAGE_NAME:latest

Replace NAMESPACE with the name of the personal account or organization to which the image is scoped.