Details
-
Wish
-
Status: Closed
-
Major
-
Resolution: Abandoned
-
None
-
None
-
Airflow
Description
Github Container Registry is going to superseed the GitHub Packages we are using. It also allows public access to images published which might eventually replace dockerhub as distribution mechanism for the images for the users.
https://docs.github.com/en/free-pro-team@latest/packages/getting-started-with-github-container-registry/about-github-container-registry
Can we enable access to Github Container Registry ?
It has some unique challenges like - publishing the images as organisation rather than project (so for example
This image:
docker.pkg.github.com/apache/airflow/master-python3.8-build:293704534
Will have to become:
ghcr.io/apache/airflow:master-python3.8-build-293704534
And somehow we would have to link the permissions 'per-project' (currently limited to committers) to particular image. The images are not connected with the projects by default. It is possible to link images to particular projects (even automatically via labels) https://docs.github.com/en/free-pro-team@latest/packages/managing-container-images-with-github-container-registry/connecting-a-repository-to-a-container-image but it is only to link it to the project's README and to be shown on the project's page rather than with permission management.
I am not sure about the permissions of individual project committers and automated permissions of GITHUB_TOKENS from CI builds - whether they will be ok for the infrastructure-managed project isolation, but as I understand this - the current "per-project" access to those images is not implemented.
https://docs.github.com/en/free-pro-team@latest/packages/getting-started-with-github-container-registry/about-github-container-registry
Can we enable access to Github Container Registry ?
It has some unique challenges like - publishing the images as organisation rather than project (so for example
This image:
docker.pkg.github.com/apache/airflow/master-python3.8-build:293704534
Will have to become:
ghcr.io/apache/airflow:master-python3.8-build-293704534
And somehow we would have to link the permissions 'per-project' (currently limited to committers) to particular image. The images are not connected with the projects by default. It is possible to link images to particular projects (even automatically via labels) https://docs.github.com/en/free-pro-team@latest/packages/managing-container-images-with-github-container-registry/connecting-a-repository-to-a-container-image but it is only to link it to the project's README and to be shown on the project's page rather than with permission management.
I am not sure about the permissions of individual project committers and automated permissions of GITHUB_TOKENS from CI builds - whether they will be ok for the infrastructure-managed project isolation, but as I understand this - the current "per-project" access to those images is not implemented.