Skip to content
/ ghcr-artifact-store Public

use GitHub Container Registry to store regular artifacts

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rssnyder/ghcr-artifact-store

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
README.md
README.md
 
 
action.sh
action.sh
 
 
action.yml
action.yml
 
 

Repository files navigation

ghcr-artifact-store

Use github container registry (or any container registry) to store artifacts for your github actions workflows

release .github/workflows/test.yml

setup

You will need access to publish to github packages from your actions workflow. You can use the default GITHUB_TOKEN or a PAT.

The environment for your workflow will also need to have docker installed, which is included with ubuntu-latest.

You should run the action from the directory with your artifact to be uploaded using working-directory.

usage

inputs:
  method:
    description: 'GET or PUT. Defaults to GET.'
    required: false
    default: GET
  artifact:
    description: 'Artifact to GET or PUT'
    required: true
  tag:
    description: 'Tag for image when pushed to ghcr. Defaults to artifacts.'
    required: false
    default: artifacts
  image:
    description: 'Image to store. Defaults to ghcr.io/<owner>/<repo>.'
    required: false
    default: ''
  registry_user:
    description: 'Username for pushing to ghcr. Defaults to the user who trigered the workflow.'
    required: false
    default: ''
  token:
    description: 'Token for pushing to ghcr.'
    required: true

put

- uses: rssnyder/ghcr-artifact-store@0.1.0
  with:
    method: PUT
    artifact: state.json
    token: ${{ secrets.GITHUB_TOKEN }}

get

- uses: rssnyder/ghcr-artifact-store@0.1.0
  with:
    artifact: state.json
    token: ${{ secrets.GITHUB_TOKEN }}

example

See an example of storing terraform state using this method here.

bootstraping

To bootstrap an inital image for your repository, grab a github PAT with packages:write and set GITHUB_TOKEN to it and do the following steps locally:

# Login
> echo $GITHUB_TOKEN | docker login ghcr.io -u <owner> --password-stdin

# Use busybox as source
> docker pull busybox
> docker tag busybox ghcr.io/<owner>/<repo>:artifacts

# Push to ghcr
> docker push ghcr.io/<owner>/<repo>:artifacts

Why busybox? I wanted to use a popular image that people could "trust" that was also as minimal as possible.

> docker pull busybox
> docker images busybox --format "{{.Repository}}:{{.Tag}} -> {{.Size}}"
busybox:latest -> 1.24MB

security

By default packages are private when first created and you must change them to public. If you are using this on a repository that is already publishing a public image to ghcr then do not store sensitive information in your artifacts.

In addition, you should tag your references to this composite to a version you have audited.

use locally

GITHUB_TOKEN=<pat> GITHUB_ACTOR=<username> GITHUB_REPOSITORY=<owner>/<repo> METHOD="PUT" sh action.sh state.json
GITHUB_TOKEN=<pat> GITHUB_ACTOR=<username> GITHUB_REPOSITORY=<owner>/<repo> sh action.sh state.json

About

use GitHub Container Registry to store regular artifacts

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

0.1.0: Merge pull request #1 from rssnyder/feat/inital-work Latest
Sep 20, 2021

Packages

No packages published

Languages