diff --git a/assets/images/help/package-registry/container-registry-details-page.png b/assets/images/help/package-registry/container-registry-details-page.png new file mode 100644 index 000000000000..d0c6721fd343 Binary files /dev/null and b/assets/images/help/package-registry/container-registry-details-page.png differ diff --git a/assets/images/help/package-registry/packages-diagram-with-container-registry.png b/assets/images/help/package-registry/packages-diagram-with-container-registry.png index 215afe21eae7..d5fc52a70742 100644 Binary files a/assets/images/help/package-registry/packages-diagram-with-container-registry.png and b/assets/images/help/package-registry/packages-diagram-with-container-registry.png differ diff --git a/content/actions/guides/publishing-docker-images.md b/content/actions/guides/publishing-docker-images.md index 5a995f6ab1b0..cd73dcf07cb5 100644 --- a/content/actions/guides/publishing-docker-images.md +++ b/content/actions/guides/publishing-docker-images.md @@ -36,8 +36,9 @@ We recommend that you have a basic understanding of workflow configuration optio You might also find it helpful to have a basic understanding of the following: - "[Encrypted secrets](/actions/reference/encrypted-secrets)" -- "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)" -- "[Working with the Docker registry](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)" +- "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)"{% if currentVersion == "free-pro-team@latest" %} +- "[Working with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)"{% else %} +- "[Working with the Docker registry](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)"{% endif %} ## About image configuration @@ -63,9 +64,11 @@ The `build-push-action` options required for Docker Hub are: * `tags`: The tag of your new image in the format `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY:VERSION`. You can set a single tag as shown below, or specify multiple tags in a list. * `push`: If set to `true`, the image will be pushed to the registry if it is built successfully. -{% raw %} ```yaml{:copy} name: Publish Docker image + +{% data reusables.actions.actions-not-certified-by-github %} + on: release: types: [published] @@ -79,35 +82,50 @@ jobs: - name: Log in to Docker Hub uses: docker/login-action@v1 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + username: {% raw %}${{ secrets.DOCKER_USERNAME }}{% endraw %} + password: {% raw %}${{ secrets.DOCKER_PASSWORD }}{% endraw %} - name: Push to Docker Hub uses: docker/build-push-action@v2 with: push: true tags: my-docker-hub-namespace/my-docker-hub-repository:latest ``` -{% endraw %} -{% data reusables.github-actions.docker-tag-with-ref %} +The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to Docker Hub, and apply a tag to the image. ## Publishing images to {% data variables.product.prodname_registry %} {% data reusables.github-actions.release-trigger-workflow %} -In the example workflow below, we use the Docker `login-action` and `build-push-action` actions to build the Docker image, and if the build succeeds, push the built image to {% data variables.product.prodname_registry %}. +In the example workflow below, we use the Docker `login-action`{% if currentVersion == "free-pro-team@latest" %}, `metadata-action`,{% endif %} and `build-push-action` actions to build the Docker image, and if the build succeeds, push the built image to {% data variables.product.prodname_registry %}. The `login-action` options required for {% data variables.product.prodname_registry %} are: -* `registry`: Must be set to `docker.pkg.github.com`. +* `registry`: Must be set to {% if currentVersion == "free-pro-team@latest" %}`ghcr.io`{% else %}`docker.pkg.github.com`{% endif %}. * `username`: You can use the {% raw %}`${{ github.actor }}`{% endraw %} context to automatically use the username of the user that triggered the workflow run. For more information, see "[Context and expression syntax for GitHub Actions](/actions/reference/context-and-expression-syntax-for-github-actions#github-context)." * `password`: You can use the automatically-generated `GITHUB_TOKEN` secret for the password. For more information, see "[Authenticating with the GITHUB_TOKEN](/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)." -The `build-push-action` options required for {% data variables.product.prodname_registry %} are: -* `tags`: Must be set in the format `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION`. For example, for an image named `octo-image` stored on {% data variables.product.prodname_dotcom %} at `http://github.com/octo-org/octo-repo`, the `tags` option should be set to `docker.pkg.github.com/octo-org/octo-repo/octo-image:latest`. You can set a single tag as shown below, or specify multiple tags in a list. -* `push`: If set to `true`, the image will be pushed to the registry if it is built successfully. +{% if currentVersion == "free-pro-team@latest" %} +The `metadata-action` option required for {% data variables.product.prodname_registry %} is: +* `images`: The namespace and name for the Docker image you are building. +{% endif %} +The `build-push-action` options required for {% data variables.product.prodname_registry %} are:{% if currentVersion == "free-pro-team@latest" %} +* `context`: Defines the build's context as the set of files located in the specified path.{% endif %} +* `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.{% if currentVersion == "free-pro-team@latest" %} +* `tags` and `labels`: These are populated by output from `metadata-action`.{% else %} +* `tags`: Must be set in the format `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION`. For example, for an image named `octo-image` stored on {% data variables.product.prodname_dotcom %} at `http://github.com/octo-org/octo-repo`, the `tags` option should be set to `docker.pkg.github.com/octo-org/octo-repo/octo-image:latest`. You can set a single tag as shown below, or specify multiple tags in a list.{% endif %} + +{% if currentVersion == "free-pro-team@latest" %} +{% data reusables.package_registry.publish-docker-image %} + +The above workflow if triggered by a push to the "release" branch. It checks out the GitHub repository, and uses the `login-action` to log in to the {% data variables.product.prodname_container_registry %}. It then extracts labels and tags for the Docker image. Finally, it and uses the `build-push-action` action to build the image and publish it on the {% data variables.product.prodname_container_registry %}. + +{% else %} ```yaml{:copy} name: Publish Docker image + +{% data reusables.actions.actions-not-certified-by-github %} + on: release: types: [published] @@ -133,10 +151,11 @@ jobs: push: true tags: | {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/octo-image:${{ github.sha }}{% endraw %} - {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/octo-image:${{ github.ref }}{% endraw %} + {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/octo-image:${{ github.event.release.tag_name }}{% endraw %} ``` -{% data reusables.github-actions.docker-tag-with-ref %} +The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to the Docker registry, and apply the commit SHA and release version as image tags. +{% endif %} ## Publishing images to Docker Hub and {% data variables.product.prodname_registry %} @@ -144,8 +163,13 @@ In a single workflow, you can publish your Docker image to multiple registries b The following example workflow uses the steps from the previous sections ("[Publishing images to Docker Hub](#publishing-images-to-docker-hub)" and "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)") to create a single workflow that pushes to both registries. + + ```yaml{:copy} name: Publish Docker image + +{% data reusables.actions.actions-not-certified-by-github %} + on: release: types: [published] @@ -164,22 +188,33 @@ jobs: with: username: {% raw %}${{ secrets.DOCKER_USERNAME }}{% endraw %} password: {% raw %}${{ secrets.DOCKER_PASSWORD }}{% endraw %} - - name: Log in to GitHub Docker Registry + - name: Log in to the {% if currentVersion == "free-pro-team@latest" %}Container{% else %}Docker{% endif %} registry uses: docker/login-action@v1 with: - registry: {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %} + registry: {% if currentVersion == "free-pro-team@latest" %}ghcr.io{% elsif currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %} username: {% raw %}${{ github.actor }}{% endraw %} password: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %} - - name: Push to Docker Hub + - name: Build and push to Docker Hub uses: docker/build-push-action@v2 with: push: true - tags: my-docker-hub-namespace/my-docker-hub-repository:{% raw %}${{ github.ref }}{% endraw %} - - name: Build container image + tags: my-docker-hub-namespace/my-docker-hub-repository:{% raw %}${{ github.event.release.tag_name }}{% endraw %}{% if currentVersion == "free-pro-team@latest" %} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ghcr.io/{% raw %}${{ github.repository }}{% endraw %}{% endif %} + - name: Build and push to {% data variables.product.prodname_registry %} uses: docker/build-push-action@v2 with: - push: true - tags: {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/my-image:${{ github.ref }}{% endraw %} + push: true{% if currentVersion == "free-pro-team@latest" %} + context: . + tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %} + labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}{% else %} + tags: {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/my-image:${{ github.event.release.tag_name }}{% endraw %}{% endif %} ``` -The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` twice to log in to both registries, and then uses the `build-push-action` action twice to build and push the Docker image to Docker Hub and {% data variables.product.prodname_registry %}. For both steps, it tags the built Docker image with the Git reference of the workflow event. This workflow is triggered on publishing a {% data variables.product.prodname_dotcom %} release, so the reference for both registries will be the Git tag for the release. +The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` twice to log in to both registries, and then uses the `build-push-action` action twice to build and push the Docker image to Docker Hub and the +{% if currentVersion == "free-pro-team@latest" %}{% data variables.product.prodname_container_registry %}. For Docker Hub, it tags the built Docker image with the version tag for the release that triggered the workflow. For the {% data variables.product.prodname_container_registry %}, tags and labels are automatically generated by the `metadata-action` action. +{% else %}Docker registry. For both steps, it tags the built Docker image with the version tag for the release that triggered the workflow. +{% endif %} diff --git a/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md b/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md index 35c22d529297..a673cd6d4e3e 100644 --- a/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md +++ b/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md @@ -20,7 +20,7 @@ topics: {% note %} -**Billing update for container image storage:** During the beta phase of the {% data variables.product.prodname_container_registry %}, Docker image storage and bandwidth are free for both the previous `docker.pkg.github.com` and current `ghcr.io` hosting services. For more information, see "[Introduction to {% data variables.product.prodname_registry %}](/packages/learn-github-packages/introduction-to-github-packages)." +**Billing update for container image storage:** The period of free use for container image storage and bandwidth for the {% data variables.product.prodname_container_registry %} has been extended. If you are using {% data variables.product.prodname_container_registry %} you'll be informed at least one month in advance of billing commencing and you'll be given an estimate of how much you should expect to pay. For more information about the {% data variables.product.prodname_container_registry %}, see "[Working with the Container registry](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)." {% endnote %} diff --git a/content/packages/index.md b/content/packages/index.md index 04dd8ebc221f..a97e3d683ad7 100644 --- a/content/packages/index.md +++ b/content/packages/index.md @@ -12,13 +12,12 @@ featuredLinks: - /packages/learn-github-packages/installing-a-package popular: - /packages/working-with-a-github-packages-registry/working-with-the-npm-registry - - /packages/working-with-a-github-packages-registry/working-with-the-docker-registry + - '{% if currentVersion == "free-pro-team@latest" %}/packages/working-with-a-github-packages-registry/working-with-the-container-registry{% else %}/packages/working-with-a-github-packages-registry/working-with-the-docker-registry{% endif %}' - /packages/learn-github-packages - /packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry guideCards: - - /packages/working-with-a-github-packages-registry/working-with-the-docker-registry - - /packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry - - /packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry + - '{% if currentVersion == "free-pro-team@latest" %}/packages/working-with-a-github-packages-registry/working-with-the-container-registry{% else %}/packages/working-with-a-github-packages-registry/working-with-the-docker-registry{% endif %}' + - /packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry changelog: label: packages prefix: 'Packages: ' diff --git a/content/packages/learn-github-packages/about-permissions-for-github-packages.md b/content/packages/learn-github-packages/about-permissions-for-github-packages.md index d21efda171cd..975f5dc982ec 100644 --- a/content/packages/learn-github-packages/about-permissions-for-github-packages.md +++ b/content/packages/learn-github-packages/about-permissions-for-github-packages.md @@ -14,11 +14,11 @@ The permissions for packages are either repository-scoped or user/organization-s ## Permissions for repository-scoped packages -A repository-scoped package inherits the permissions and visibility of the repository that owns the package. You can find a package scoped to a repository by going to the main page of the repository and clicking the **Packages** link to the right of the page. +A repository-scoped package inherits the permissions and visibility of the repository that owns the package. You can find a package scoped to a repository by going to the main page of the repository and clicking the **Packages** link to the right of the page. {% if currentVersion == "free-pro-team@latest" %}For more information, see "[Connecting a repository to a package](/packages/learn-github-packages/connecting-a-repository-to-a-package)."{% endif %} The {% data variables.product.prodname_registry %} registries below use repository-scoped permissions: - - Docker registry (`docker.pkg.github.com`) + {% if currentVersion != "free-pro-team@latest" %}- Docker registry (`docker.pkg.github.com`){% endif %} - npm registry - RubyGems registry - Apache Maven registry diff --git a/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md b/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md index 133b59a89397..bd661f17638d 100644 --- a/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md +++ b/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md @@ -9,11 +9,9 @@ versions: free-pro-team: '*' --- -{% data reusables.package_registry.container-registry-beta %} - Packages with granular permissions are scoped to a personal user or organization account. You can change the access control and visibility of a package separately from the repository that it is connected (or linked) to. -Currently, only the {% data variables.product.prodname_container_registry %} offers granular permissions for your container image packages. +Currently, you can only use granular permissions with the {% data variables.product.prodname_container_registry %}. Granular permissions are not supported in our other package registries, such as the npm registry. For more information about permissions for repository-scoped packages, packages-related scopes for PATs, or managing permissions for your actions workflows, see "[About permissions for GitHub Packages](/packages/learn-github-packages/about-permissions-for-github-packages)." @@ -41,8 +39,6 @@ If you have admin permissions to an organization-owned container image, you can If your package is private or internal and owned by an organization, then you can only give access to other organization members or teams. -For organization image containers, organizations admins must enable packages before you can set the visibility to public. For more information, see "[Enabling improved container support with the Container registry](/packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry)." - {% data reusables.package_registry.package-settings-from-org-level %} 1. On the package settings page, click **Invite teams or people** and enter the name, username, or email of the person you want to give access. You can also enter a team name from the organization to give all team members access. ![Container access invite button](/assets/images/help/package-registry/container-access-invite.png) @@ -135,8 +131,6 @@ When you first publish a package, the default visibility is private and only you A public package can be accessed anonymously without authentication. Once you make your package public, you cannot make your package private again. -For organization image containers, organizations admins must enable public packages before you can set the visibility to public. For more information, see "[Enabling improved container support with the Container registry](/packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry)." - {% data reusables.package_registry.package-settings-from-org-level %} 5. Under "Danger Zone", choose a visibility setting: - To make the container image visible to anyone, click **Make public**. diff --git a/content/packages/learn-github-packages/deleting-and-restoring-a-package.md b/content/packages/learn-github-packages/deleting-and-restoring-a-package.md index 924a8fc501c6..a8b85d8f61d5 100644 --- a/content/packages/learn-github-packages/deleting-and-restoring-a-package.md +++ b/content/packages/learn-github-packages/deleting-and-restoring-a-package.md @@ -44,8 +44,6 @@ You can use the REST API to manage your packages. For more information, see the For packages that inherit their permissions and access from repositories, you can use GraphQL to delete a specific package version.{% if currentVersion == "free-pro-team@latest" %} The {% data variables.product.prodname_registry %} GraphQL API does not support containers or Docker images that use the package namespace `https://ghcr.io/OWNER/PACKAGE-NAME`. For more information about GraphQL support, see "[Deleting a version of a repository-scoped package with GraphQL](#deleting-a-version-of-a-repository-scoped-package-with-graphql)." -{% data reusables.package_registry.container-registry-beta %} - {% endif %} ## Required permissions to delete or restore a package @@ -58,15 +56,13 @@ Repository-scoped packages on {% data variables.product.prodname_registry %} inc - maven - Gradle - NuGet -- Docker images at `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME` +{% if currentVersion != "free-pro-team@latest" %}- Docker images at `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`{% endif %} {% if currentVersion == "free-pro-team@latest" %} -To delete a package that has granular permissions separate from a repository, such as containers or Docker images stored at `https://ghcr.io/OWNER/PACKAGE-NAME`, you must have admin access to the package. +To delete a package that has granular permissions separate from a repository, such as container images stored at `https://ghcr.io/OWNER/PACKAGE-NAME`, you must have admin access to the package. -{% data reusables.package_registry.container-registry-beta %} - {% endif %} ## Deleting a package version @@ -116,8 +112,6 @@ You cannot directly delete an entire package using GraphQL, but if you delete ev To delete a specific version of a user-scoped package on {% data variables.product.prodname_dotcom %}, such as for a Docker image at `ghcr.io`, use these steps. To delete an entire package, see "[Deleting an entire user-scoped package on {% data variables.product.prodname_dotcom %}](#deleting-an-entire-user-scoped-package-on-github)." -{% data reusables.package_registry.container-registry-beta %} - To review who can delete a package version, see "[Required permissions](#required-permissions-to-delete-or-restore-a-package)." {% data reusables.package_registry.package-settings-from-user-level %} @@ -133,8 +127,6 @@ To review who can delete a package version, see "[Required permissions](#require To delete a specific version of an organization-scoped package on {% data variables.product.prodname_dotcom %}, such as for a Docker image at `ghcr.io`, use these steps. To delete an entire package, see "[Deleting an entire organization-scoped package on {% data variables.product.prodname_dotcom %}](#deleting-an-entire-organization-scoped-package-on-github)." -{% data reusables.package_registry.container-registry-beta %} - To review who can delete a package version, see "[Required permissions](#required-permissions-to-delete-or-restore-a-package)." {% data reusables.package_registry.package-settings-from-org-level %} diff --git a/content/packages/learn-github-packages/introduction-to-github-packages.md b/content/packages/learn-github-packages/introduction-to-github-packages.md index b61eb15d5387..4519925afffe 100644 --- a/content/packages/learn-github-packages/introduction-to-github-packages.md +++ b/content/packages/learn-github-packages/introduction-to-github-packages.md @@ -25,15 +25,15 @@ versions: You can integrate {% data variables.product.prodname_registry %} with {% data variables.product.product_name %} APIs, {% data variables.product.prodname_actions %}, and webhooks to create an end-to-end DevOps workflow that includes your code, CI, and deployment solutions. -{% data variables.product.prodname_registry %} offers different package registries for commonly used package managers, such as npm, RubyGems, Apache Maven, Gradle, Docker, and NuGet. {% if currentVersion == "free-pro-team@latest" %}The {% data variables.product.prodname_container_registry %} is optimized for containers and supports Docker and OCI images.{% endif %} For more information on the different package registries that {% data variables.product.prodname_registry %} supports, see "[Working with a {% data variables.product.prodname_registry %} registry](/packages/working-with-a-github-packages-registry)." +{% data variables.product.prodname_registry %} offers different package registries for commonly used package managers, such as npm, RubyGems, Apache Maven, Gradle, Docker, and NuGet. {% if currentVersion == "free-pro-team@latest" %}{% data variables.product.prodname_dotcom %}'s {% data variables.product.prodname_container_registry %} is optimized for containers and supports Docker and OCI images.{% endif %} For more information on the different package registries that {% data variables.product.prodname_registry %} supports, see "[Working with a {% data variables.product.prodname_registry %} registry](/packages/working-with-a-github-packages-registry)." {% if currentVersion == "free-pro-team@latest" %} -![Diagram showing packages support for Docker, Container registry, RubyGems, npm, Apache Maven, NuGet, and Gradle](/assets/images/help/package-registry/packages-diagram-with-container-registry.png) +![Diagram showing packages support for the Container registry, RubyGems, npm, Apache Maven, NuGet, and Gradle](/assets/images/help/package-registry/packages-diagram-with-container-registry.png) {% else %} -![Diagram showing packages support for Docker, RubyGems, npm, Apache Maven, Gradle, NuGet, and Docker](/assets/images/help/package-registry/packages-diagram-without-container-registry.png) +![Diagram showing packages support for the Docker registry, RubyGems, npm, Apache Maven, Gradle, NuGet, and Docker](/assets/images/help/package-registry/packages-diagram-without-container-registry.png) {% endif %} @@ -84,7 +84,7 @@ For more information about subdomain isolation, see "[Enabling subdomain isolati For more information about configuring your package client for use with {% data variables.product.prodname_registry %}, see "[Working with a {% data variables.product.prodname_registry %} registry](/packages/working-with-a-github-packages-registry)." {% if currentVersion == "free-pro-team@latest" %} -For more information about Docker and the {% data variables.product.prodname_container_registry %}, see "[Working with the Container registry](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)" and "[Working with the Docker registry](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)." +For more information about Docker and the {% data variables.product.prodname_container_registry %}, see "[Working with the Container registry](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)." {% endif %} ## Authenticating to {% data variables.product.prodname_registry %} diff --git a/content/packages/learn-github-packages/viewing-packages.md b/content/packages/learn-github-packages/viewing-packages.md index 61cf922a3a13..b72baa3d77cd 100644 --- a/content/packages/learn-github-packages/viewing-packages.md +++ b/content/packages/learn-github-packages/viewing-packages.md @@ -22,7 +22,18 @@ versions: Your ability to view a package depends on several factors. By default, you can view all packages you have published. -{% data reusables.package_registry.repo-scoped-and-granular-permissions-packages %} +Repository-scoped packages inherit their permissions and visibility from the repository that owns the package. The registries below use this type of permissions:{% if currentVersion != "free-pro-team@latest" %} +- Docker registry (`docker.pkg.github.com`){% endif %} +- npm registry +- RubyGems registry +- Apache Maven registry +- NuGet registry + +{% if currentVersion == "free-pro-team@latest" %} +The Container registry offers you the option of granular permissions and visibility settings that can be customized for each package owned by a personal user or organization account. You can choose to use granular permissions or connect the package to a repository and inherit it's permissions. For more information, see "[Connecting a repository to a package](/packages/learn-github-packages/connecting-a-repository-to-a-package)." +{% endif %} + +For more information, see "[About permissions for GitHub Packages](/packages/learn-github-packages/about-permissions-for-github-packages){% if currentVersion == "free-pro-team@latest" %}" and "[Configuring a package's access control and visibility](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility){% endif %}." {% data reusables.package_registry.package-page-info %} diff --git a/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md b/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md index cf6dbaeb6591..58252e17790e 100644 --- a/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md +++ b/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md @@ -26,12 +26,8 @@ You can extend the CI and CD capabilities of your repository by publishing or in {% if currentVersion == "free-pro-team@latest" %} ### Authenticating to the {% data variables.product.prodname_container_registry %} -{% data reusables.package_registry.container-registry-beta %} - {% data reusables.package_registry.authenticate_with_pat_for_container_registry %} -For an authentication example, see "[Authenticating with the {% data variables.product.prodname_container_registry %}](/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry)." - {% endif %} ### Authenticating to package registries on {% data variables.product.prodname_dotcom %} @@ -44,7 +40,7 @@ You can reference the `GITHUB_TOKEN` in your workflow file using the {% raw %}`{ {% note %} -**Note:** Repository-owned packages include RubyGems, npm, Apache Maven, NuGet, Gradle, and Docker packages that use the package namespace `docker.pkg.github.com`. +**Note:** Repository-owned packages include RubyGems, npm, Apache Maven, NuGet, {% if currentVersion == "free-pro-team@latest" %}and Gradle. {% else %}Gradle, and Docker packages that use the package namespace `docker.pkg.github.com`.{% endif %} {% endnote %} @@ -85,99 +81,24 @@ You can use {% data variables.product.prodname_actions %} to automatically publi {% data reusables.package_registry.actions-configuration %} -The following example demonstrates how you can use {% data variables.product.prodname_actions %} to build and test your app, and then automatically create a Docker image and publish it to {% data variables.product.prodname_registry %}: - -- Create a new workflow file in your repository (such as `.github/workflows/deploy-image.yml`), and add the following YAML: - ```yaml{:copy} - name: Create and publish a package - on: - push: - branches: ['release'] - jobs: - run-npm-build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: npm install and build webpack - run: | - npm install - npm run build - - uses: actions/upload-artifact@main - with: - name: webpack artifacts - path: public/ - - run-npm-test: - runs-on: ubuntu-latest - needs: run-npm-build - strategy: - matrix: - os: [ubuntu-latest] - node-version: [12.x, 14.x] - steps: {% raw %} - - uses: actions/checkout@v2 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }}{% endraw %} - - uses: actions/download-artifact@main - with: - name: webpack artifacts - path: public - - name: npm install, and test - run: | - npm install - npm test - env: - CI: true - - build-and-push-image: - runs-on: ubuntu-latest - needs: run-npm-test {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %} - permissions: - contents: read - packages: write {% endif %} - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v1 - with: - registry: {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %} - username: {% raw %}${{ github.actor }}{% endraw %} - password: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %} - - name: Build container image - uses: docker/build-push-action@v2 - with: - push: true - tags: | - {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}/{% raw %}${{ github.repository }}/octo-image:${{ github.sha }}{% endraw %} - {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}/{% raw %}${{ github.repository }}/octo-image:${{ github.ref }}{% endraw %} - ``` - - The relevant settings are explained in the following table: - - - - - - - - - - - - + + +{% endif %} -- This new workflow will run automatically every time you push a change to a branch named `release` in the repository. You can view the progress in the **Actions** tab. -- A few minutes after the workflow has completed, the new package will visible in your repository. To find your available packages, see "[Viewing a repository's packages](/packages/publishing-and-managing-packages/viewing-packages#viewing-a-repositorys-packages)." +
+The following example demonstrates how you can use {% data variables.product.prodname_actions %} to build {% if currentVersion != "free-pro-team@latest" %}and test{% endif %} your app, and then automatically create a Docker image and publish it to {% data variables.product.prodname_registry %}. + +Create a new workflow file in your repository (such as `.github/workflows/deploy-image.yml`), and add the following YAML: + +{% if currentVersion == "free-pro-team@latest" %} +{% data reusables.package_registry.publish-docker-image %} + +{% else %} +```yaml{:copy} +name: Create and publish a Docker image + +{% data reusables.actions.actions-not-certified-by-github %} -{% raw %} -```yaml on: push: branches: ['release'] -``` -{% endraw %} - - Configures the Create and publish a package workflow to run every time a change is pushed to the branch called release. -
-{% raw %} - ```yaml +jobs: run-npm-build: runs-on: ubuntu-latest steps: @@ -190,31 +111,20 @@ on: with: name: webpack artifacts path: public/ - ``` - {% endraw %} - - This job installs NPM and uses it to build the app. -
-{% raw %} - ```yaml run-npm-test: runs-on: ubuntu-latest needs: run-npm-build strategy: matrix: os: [ubuntu-latest] - node-version: [14.x] - steps: + node-version: [12.x, 14.x] + steps: {% raw %} - uses: actions/checkout@v2 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v1 with: - node-version: ${{ matrix.node-version }} + node-version: ${{ matrix.node-version }}{% endraw %} - uses: actions/download-artifact@main with: name: webpack artifacts @@ -225,133 +135,344 @@ on: npm test env: CI: true - ``` + + build-and-push-image: + runs-on: ubuntu-latest + needs: run-npm-test {% if currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %} + permissions: + contents: read + packages: write {% endif %} + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Log in to GitHub Docker Registry + uses: docker/login-action@v1 + with: + registry: {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %} + username: {% raw %}${{ github.actor }}{% endraw %} + password: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %} + - name: Build and push Docker image + uses: docker/build-push-action@v2 + with: + push: true + tags: | + {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}/{% raw %}${{ github.repository }}/octo-image:${{ github.sha }}{% endraw %} +``` +{% endif %} + +The relevant settings are explained in the following table. For full details about each element in a workflow, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions)." + + + + - - - - - + + + +{% if currentVersion == "free-pro-team@latest" %} + + + + + + + - - + + + - {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %} - - + - - {% endif %} - - + + + + + + + + + + + + +{% endif %} + +{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %} + + - - - - + + +{% endif %} +{% if currentVersion == "free-pro-team@latest" %} + + + + + + + + + + +{% else %} + + - - - - + + +{% endif %} + + + + + + + - - - - + + + + + + + + +{% if currentVersion == "free-pro-team@latest" %} + + - - - - + + +{% endif %} + + + + + +{% if currentVersion == "free-pro-team@latest" %} + + + + + +{% else %} + + - - - - - - -
+{% raw %} +```yaml +on: + push: + branches: ['release'] +``` {% endraw %} - - This job uses npm test to test the code. The needs: run-npm-build command makes this job dependent on the run-npm-build job. -
+ + Configures the Create and publish a Docker image workflow to run every time a change is pushed to the branch called release. +
{% raw %} ```yaml +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} +``` +{% endraw %} + + Defines two custom environment variables for the workflow. These are used for the {% data variables.product.prodname_container_registry %} domain, and a name for the Docker image that this workflow builds. +
+{% raw %} +```yaml +jobs: build-and-push-image: runs-on: ubuntu-latest - needs: run-npm-test ``` {% endraw %} - - This job publishes the package. The needs: run-npm-test command makes this job dependent on the run-npm-test job. -
+ There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. +
+{% else %} +
{% raw %} - ```yaml - permissions: - contents: read - packages: write - ``` +```yaml +run-npm-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: npm install and build webpack + run: | + npm install + npm run build + - uses: actions/upload-artifact@main + with: + name: webpack artifacts + path: public/ +``` {% endraw %} - - Sets the permissions granted to the GITHUB_TOKEN for the actions in this job. -
+ + This job installs NPM and uses it to build the app. +
+{% raw %} +```yaml +run-npm-test: + runs-on: ubuntu-latest + needs: run-npm-build + strategy: + matrix: + os: [ubuntu-latest] + node-version: [12.x, 14.x] + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - uses: actions/download-artifact@main + with: + name: webpack artifacts + path: public + - name: npm install, and test + run: | + npm install + npm test + env: + CI: true +``` +{% endraw %} + + This job uses npm test to test the code. The needs: run-npm-build command makes this job dependent on the run-npm-build job. +
+{% raw %} +```yaml +build-and-push-image: + runs-on: ubuntu-latest + needs: run-npm-test +``` +{% endraw %} + + This job publishes the package. The needs: run-npm-test command makes this job dependent on the run-npm-test job. +
{% raw %} - ```yaml - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v1 - with: - registry: {% endraw %}{% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - ``` +```yaml +permissions: + contents: read + packages: write +``` {% endraw %} - - Creates a new step called Log in to GitHub Docker Registry, which logs in to the registry using the account and password that will publish the packages. Once published, the packages are owned by the account defined here. -
+ + Sets the permissions granted to the GITHUB_TOKEN for the actions in this job. +
+{% raw %} +```yaml +- name: Log in to the Container registry + uses: docker/login-action@v1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} +``` +{% endraw %} + + Creates a step called Log in to the {% data variables.product.prodname_container_registry %}, which logs in to the registry using the account and password that will publish the packages. Once published, the packages are owned by the account defined here. +
{% raw %} - ```yaml - - name: Build container image - ``` +```yaml +- name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} +``` +{% endraw %} + + This step uses docker/metadata-action to extract tags and labels that will be applied to the specified image. The id "meta" allows the output of this step to be referenced in a subsequent step. The images value provides the base name for the tags and labels. +
+{% raw %} +```yaml +- name: Log in to GitHub Docker Registry + uses: docker/login-action@v1 + with: + registry: {% endraw %}{% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} +``` {% endraw %} - - Creates a new step called Build container image. This step runs as part of the build-and-push-image job. -
+ + Creates a new step called Log in to GitHub Docker Registry, which logs in to the registry using the account and password that will publish the packages. Once published, the packages are owned by the account defined here. +
{% raw %} - ```yaml +```yaml +- name: Build and push Docker image +``` +{% endraw %} + + Creates a new step called Build and push Docker image. This step runs as part of the build-and-push-image job. +
+{% raw %} +```yaml uses: docker/build-push-action@v2 - ``` +``` {% endraw %} - - Uses the Docker build-push-action action to build the image, based on your repository's Dockerfile. If the build succeeds, it pushes the image to {% data variables.product.prodname_registry %}. -
- + + Uses the Docker build-push-action action to build the image, based on your repository's Dockerfile. If the build succeeds, it pushes the image to {% data variables.product.prodname_registry %}. +
{% raw %} - ```yaml +```yaml with: - ``` +``` +{% endraw %} + + Sends the required parameters to the build-push-action action. These are defined in the subsequent lines. +
+{% raw %} +```yaml +context: . +``` {% endraw %} - - Sends the required parameters to the build-push-action action. This are defined in the subsequent lines. -
+ + Defines the build's context as the set of files located in the specified path. For more information, see "Usage." +
{% raw %} - ```yaml +```yaml push: true - ``` +``` +{% endraw %} + + Pushes this image to the registry if it is built successfully. +
+{% raw %} +```yaml +tags: ${{ steps.meta.outputs.tags }} +labels: ${{ steps.meta.outputs.labels }} +``` +{% endraw %} + + Adds the tags and labels extracted in the "meta" step. +
+{% if currentVersion == "github-ae@latest" %} +{% raw %} +```yaml +tags: | +docker.YOUR-HOSTNAME.com/${{ github.repository }}/octo-image:${{ github.sha }} +``` {% endraw %} - - Push this image to the registry if it is built successfully. -
- - ```yaml +{% else %} +{% raw %} +```yaml tags: | - {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}/{% raw %}${{ github.repository }}/octo-image:${{ github.sha }}{% endraw %} - {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}/{% raw %}${{ github.repository }}/octo-image:${{ github.ref }}{% endraw %} - ``` - - Tags the published package with the git ref (for example, the name of the branch used to create the package) as well as the commit SHA. -
+docker.pkg.github.com/${{ github.repository }}/octo-image:${{ github.sha }} +``` +{% endraw %} +{% endif %} +		 + Tags the image with the SHA of the commit that triggered the workflow. +
+ +This new workflow will run automatically every time you push a change to a branch named `release` in the repository. You can view the progress in the **Actions** tab. + +A few minutes after the workflow has completed, the new package will visible in your repository. To find your available packages, see "[Viewing a repository's packages](/packages/publishing-and-managing-packages/viewing-packages#viewing-a-repositorys-packages)." ## Installing a package using an action @@ -365,25 +486,27 @@ Installing packages hosted by {% data variables.product.prodname_registry %} thr {% if currentVersion == "free-pro-team@latest" %} ## Upgrading a workflow that accesses `ghcr.io` -{% data reusables.package_registry.github-token-security-over-pat %} +The {% data variables.product.prodname_container_registry %} supports the `GITHUB_TOKEN` for easy and secure authentication in your workflows. If your workflow is using a personal access token (PAT) to authenticate to `ghcr.io`, then we highly recommend you update your workflow to use the `GITHUB_TOKEN`. + +For more information about the `GITHUB_TOKEN`, see "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow)." Using the `GITHUB_TOKEN` instead of a PAT, which includes the `repo` scope, increases the security of your repository as you don't need to use a long-lived PAT that offers unnecessary access to the repository where your workflow is run. For more information about security best practices, see "[Security hardening for GitHub Actions](/actions/learn-github-actions/security-hardening-for-github-actions#using-secrets)." 1. Navigate to your package landing page. 1. In the left sidebar, click **Actions access**. !["Actions access" option in left menu](/assets/images/help/package-registry/organization-repo-access-for-a-package.png) -2. To ensure your container package has access to your workflow, you must add the repository where the workflow is stored to your container. Click **Add repository** and search for the repository you want to add. +1. To ensure your container package has access to your workflow, you must add the repository where the workflow is stored to your container. Click **Add repository** and search for the repository you want to add. !["Add repository" button](/assets/images/help/package-registry/add-repository-button.png) {% note %} **Note:** Adding a repository to your container through the **Actions access** menu option is different than connecting your container to a repository. For more information, see "[Ensuring workflow access to your package](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package)" and "[Connecting a repository to a package](/packages/learn-github-packages/connecting-a-repository-to-a-package)." {% endnote %} -3. Optionally, using the "role" drop-down menu, select the default access level that you'd like the repository to have to your container image. +1. Optionally, using the "role" drop-down menu, select the default access level that you'd like the repository to have to your container image. ![Permission access levels to give to repositories](/assets/images/help/package-registry/repository-permission-options-for-package-access-through-actions.png) -5. Open your workflow file. On the line where you login to `ghcr.io`, replace your PAT with {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}. +1. Open your workflow file. On the line where you log in to `ghcr.io`, replace your PAT with {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}. -For example, this workflow publishes a Docker container using {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %} to authenticate. +For example, this workflow publishes a Docker image using {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %} to authenticate. ```yaml{:copy} name: Demo Push @@ -420,7 +543,7 @@ jobs: - name: Build image run: docker build . --file Dockerfile --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}" - - name: Log into registry + - name: Log in to registry # This is where you will update the PAT to GITHUB_TOKEN run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin diff --git a/content/packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry.md b/content/packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry.md deleted file mode 100644 index 6204c9492354..000000000000 --- a/content/packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Enabling improved container support with the Container registry -intro: 'To use the {% data variables.product.prodname_container_registry %}, you must enable it for your user or organization account.' -product: '{% data reusables.gated-features.packages %}' -redirect_from: - - /packages/getting-started-with-github-container-registry/enabling-improved-container-support - - /packages/guides/container-guides-for-github-packages/enabling-improved-container-support - - /packages/guides/enabling-improved-container-support -versions: - free-pro-team: '*' ---- - -{% note %} - -**Note:** The {% data variables.product.prodname_container_registry %} is currently in public beta and subject to change. During the beta, storage and bandwidth are free. For more information, see "[Introduction to {% data variables.product.prodname_registry %}](/packages/learn-github-packages/introduction-to-github-packages)." - -{% endnote %} - -{% data reusables.package_registry.docker-vs-container-registry %} - -## Enabling the {% data variables.product.prodname_container_registry %} for your personal account - -Once the {% data variables.product.prodname_container_registry %} is enabled for your personal user account, you can publish containers to the {% data variables.product.prodname_container_registry %} owned by your user account. - -To use the {% data variables.product.prodname_container_registry %} within an organization, the organization owner must enable the feature for organization members. - -{% data reusables.feature-preview.feature-preview-setting %} -2. On the left, select "Improved container support", then click **Enable**. - ![Improved container support](/assets/images/help/settings/improved-container-support.png) - -## Enabling the {% data variables.product.prodname_container_registry %} for your organization account - -Before organization owners or members can publish container images to the {% data variables.product.prodname_container_registry %}, an organization owner must enable the feature preview for the organization. - -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -4. On the left, click **Packages**. -5. Under "Improved container support", select "Enable improved container support" and click **Save**. - ![Enable container registry support option and save button](/assets/images/help/package-registry/enable-improved-container-support-for-orgs.png) -6. Under "Container creation", choose whether you want to enable the creation of public, private, or internal container images. - - To enable organization members to create public container images, select **Public**. - - To enable organization members to create private container images that are only visible to other organization members, select **Private**. You can further customize the visibility of private container images. For more information, see "[Configuring a package's access control and visibility](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)." - - **For {% data variables.product.prodname_ghe_cloud %} only:** To enable organization members to create internal container images that are only visible to other organization members, select **Internal**. - ![Visibility options for container images published by organization members](/assets/images/help/package-registry/container-creation-org-settings.png) diff --git a/content/packages/working-with-a-github-packages-registry/index.md b/content/packages/working-with-a-github-packages-registry/index.md index 904f76253cd1..fa9daeecc279 100644 --- a/content/packages/working-with-a-github-packages-registry/index.md +++ b/content/packages/working-with-a-github-packages-registry/index.md @@ -13,14 +13,13 @@ versions: enterprise-server: '>=2.22' github-ae: '*' children: - - /working-with-the-npm-registry + - /working-with-the-container-registry + - /working-with-the-docker-registry - /working-with-the-rubygems-registry + - /working-with-the-npm-registry - /working-with-the-apache-maven-registry - /working-with-the-gradle-registry - /working-with-the-nuget-registry - - /working-with-the-docker-registry - - /working-with-the-container-registry - - /enabling-improved-container-support-with-the-container-registry - /migrating-to-the-container-registry-from-the-docker-registry --- {% data reusables.package_registry.packages-ghes-release-stage %} diff --git a/content/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry.md b/content/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry.md index 7c583ac1449a..fbedaffa4f82 100644 --- a/content/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry.md +++ b/content/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry.md @@ -1,6 +1,6 @@ --- title: Migrating to the Container registry from the Docker registry -intro: 'If you''ve used the GitHub Packages Docker registry to store Docker images, you can migrate your images to the new {% data variables.product.prodname_container_registry %}.' +intro: 'Docker images previously stored in the Docker registry are being automatically migrated to the {% data variables.product.prodname_container_registry %}.' product: '{% data reusables.gated-features.packages %}' redirect_from: - /packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images @@ -10,117 +10,32 @@ versions: free-pro-team: '*' --- -## Key differences between the {% data variables.product.prodname_container_registry %} and the Docker registry - -{% data reusables.package_registry.container-registry-beta %} - -The {% data variables.product.prodname_container_registry %} supersedes the existing {% data variables.product.prodname_registry %} Docker registry and is optimized to support some of the unique needs of containers. - -With the {% data variables.product.prodname_container_registry %} you can: -- Store container images within your organization and user account, rather than a repository. -- Set granular permissions and visibility independently of repository permissions and visibility. -- Access public container images anonymously. - -| | Docker registry| {% data variables.product.prodname_container_registry %} | -|-------------------|--------------------|----| -| Hosting locations | You can host multiple Docker images in one repository. | You can host multiple container images in one organization or user account. | -| Permissions | Each image inherits the permissions of the repository where the image is hosted.

For example, anyone with read permissions for a repository can install a package as a dependency in a project, and anyone with write permissions can publish a new package version. | For each container image, you can choose the access level that others have. The permissions for container image access are separate from your organization and repository permissions. -Visibility | {% data reusables.package_registry.public-or-private-packages %} | You can set the visibility of each of your container images. A private container image is only visible to people and teams who are given access within your organization. A public container image is visible to anyone. | -Anonymous access | N/A | You can access public container images anonymously. -Foreign layer support | Doesn't support foreign layers, such as Windows images. | Supports foreign layers, such as Windows images. - -## Billing changes - -During the {% data variables.product.prodname_container_registry %} beta, both the new {% data variables.product.prodname_container_registry %} and the existing {% data variables.product.prodname_registry %} Docker registry are free of charge. For more information about the {% data variables.product.prodname_registry %} Docker registry, see "[Working with the Docker registry](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)." - -After the beta, the same billing and storage rates that other {% data variables.product.prodname_registry %} registries use will apply to the {% data variables.product.prodname_container_registry %}. For more information, see "[About billing for {% data variables.product.prodname_registry %}](/billing/managing-billing-for-github-packages/about-billing-for-github-packages)." - -## Domain changes - -The domain for the {% data variables.product.prodname_container_registry %} is `ghcr.io`. - -| Registry | Example URL | -|-----------------|-------------| -| {% data variables.product.prodname_registry %} Docker registry | `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME` -| {% data variables.product.prodname_container_registry %} | `ghcr.io/OWNER/IMAGE_NAME` +{% data variables.product.prodname_dotcom %}'s Docker registry has been replaced by the {% data variables.product.prodname_container_registry %}. If you've stored Docker images in the Docker registry, they will be automatically moved to the {% data variables.product.prodname_container_registry %}. You don't need to do anything. Any scripts or {% data variables.product.prodname_actions %} workflows that use the namespace for the Docker registry (`docker.pkg.github.com`) will continue to work after the migration to the {% data variables.product.prodname_container_registry %} (`ghcr.io`). -## Authenticating to the {% data variables.product.prodname_container_registry %} +Migration is being done gradually, rather than all at once. If your images haven't yet been moved over, hold tight, we'll get to them sometime soon. -{% data reusables.package_registry.feature-preview-for-container-registry %} +## How can you tell if your images have been migrated? -You will need to authenticate to the {% data variables.product.prodname_container_registry %} with the base URL `ghcr.io`. We recommend creating a new access token for using the {% data variables.product.prodname_container_registry %}. +After your Docker images have been migrated to the {% data variables.product.prodname_container_registry %} you will see the following changes on the details page for a package: -{% data reusables.package_registry.authenticate_with_pat_for_container_registry %} +* The icon is now the {% data variables.product.prodname_container_registry %} logo, previously it was a Docker logo. +* The domain in the pull URL is now `ghcr.io`, previously it was `docker.pkg.github.com`. -{% data reusables.package_registry.authenticate-to-container-registry-steps %} +![{% data variables.product.prodname_container_registry %} details page](/assets/images/help/package-registry/container-registry-details-page.png) -## Migrating a Docker image using the Docker CLI - -To move Docker images that you host on {% data variables.product.prodname_registry %} Docker registry, you must republish the images to {% data variables.product.prodname_container_registry %}. We recommend republishing your existing Docker images using the command line on your local machine. - -1. Sign in to the Docker registry using a temporary PAT with at least the `read:packages` scope. This PAT will only be used to sign in to the Docker registry to pull down images and can be deleted afterward. - {% raw %} - ```shell - $ echo $READ_PACKAGES_TOKEN | docker login docker.pkg.github.com -u USERNAME --password-stdin - ``` - {% endraw %} -2. Pull down the image you'd like to migrate, replacing OWNER with the name of the user or organization account that owns the repository, REPOSITORY with the name of the repository containing your project, IMAGE_NAME with name of the package or image, VERSION with tag for the image you want to install. For example, `docker pull docker.pkg.github.com/octo-org/octoshift/octoshift:latest` pulls the latest tag of the `octoshift/octoshift` image in the octo-org organization. - ```shell - $ docker pull docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION - ``` - -3. Re-tag the image with the new domain and a new image name. For more information, see "[Docker tag](https://docs.docker.com/engine/reference/commandline/tag/)" in the Docker documentation. Use the same URL that you used in the previous step for the SOURCE URL. Replace the TARGET_OWNER with the user or organization that you are migrating the container image to and replace the TARGET_IMAGE_NAME with the new {% data variables.product.prodname_container_registry %} image name. - ```shell - $ docker tag docker.pkg.github.com/SOURCE_OWNER/SOURCE_REPOSITORY/SOURCE_IMAGE_NAME:VERSION ghcr.io/TARGET_OWNER/TARGET_IMAGE_NAME:VERSION - ``` - -4. Sign in to the new {% data variables.product.prodname_container_registry %}. We recommend creating a new PAT limited to the `read:packages` and `write:packages` scopes since you no longer need the `repo` scope and your previous PAT may not have the `write:packages` scope. - {% raw %} - ```shell - $ echo $CR_PAT | docker login ghcr.io -u USERNAME --password-stdin - ``` - {% endraw %} -5. Push your re-tagged image to the {% data variables.product.prodname_container_registry %}. - ```shell - $ docker push ghcr.io/OWNER/IMAGE_NAME:VERSION - ``` - -## Updating your {% data variables.product.prodname_actions %} workflow - -{% data reusables.package_registry.feature-preview-for-container-registry %} - -If you have a {% data variables.product.prodname_actions %} workflow that uses a Docker image from the {% data variables.product.prodname_registry %} Docker registry, you may want to update your workflow to the {% data variables.product.prodname_container_registry %} to allow for anonymous access for public container images, finer-grain access permissions, and better storage and bandwidth compatibility for containers. - -1. Migrate your Docker images to the new {% data variables.product.prodname_container_registry %} at `ghcr.io`. For an example, see "[Migrating a Docker image using the Docker CLI](#migrating-a-docker-image-using-the-docker-cli)." - -2. In your {% data variables.product.prodname_actions %} workflow file, update the package url from `https://docker.pkg.github.com` to `ghcr.io`. - -3. Use the `GITHUB_TOKEN` for your authentication personal access token (PAT). For more information, see "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)." +## Key differences between the {% data variables.product.prodname_container_registry %} and the Docker registry -4. In your {% data variables.product.prodname_actions %} workflow file, use the authentication token {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %} as your {% data variables.product.prodname_container_registry %} PAT. +The {% data variables.product.prodname_container_registry %} is optimized to support some of the unique needs of containers. -### Example of updated workflow +With the {% data variables.product.prodname_container_registry %} you can: +- Store container images within your organization and user account, or connect them to a repository. +- Choose whether to inherit permissions from a repository, or set granular permissions independently of a repository. +- Access public container images anonymously. -If part of your workflow accessed a Docker image hosted by the Docker registry like this: +### API queries for details of Docker images -{% raw %} -```yaml -echo ${{ secrets.GITHUB_TOKEN }} | docker login https://docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin -docker pull docker.pkg.github.com/github/octoshift/octoshift:latest -docker build . --tag docker.pkg.github.com/github/octoshift/octoshift:$GITHUB_SHA --cache-from docker.pkg.github.com/github/octoshift/octoshift:latest -docker push docker.pkg.github.com/github/octoshift/octoshift:$GITHUB_SHA -``` -{% endraw %} +After migration you'll no longer be able to use the GraphQL API to query for packages of `PackageType` "DOCKER". Instead, you can use the REST API to query for packages with the `package_type` "container". For more information, see the REST API article "[Packages](/rest/reference/packages)." -Then you'll need to update your workflow with the new {% data variables.product.prodname_container_registry %} URL like this: +## Billing -{% raw %} -```yaml -# new login with new container registry url and PAT -echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin -# new container registry urls added -docker pull ghcr.io/github/octoshift:latest -docker build . --tag ghcr.io/github/octoshift:$GITHUB_SHA --cache-from ghcr.io/github/octoshift:latest -docker push ghcr.io/github/octoshift:$GITHUB_SHA -``` -{% endraw %} +For more information about billing for the {% data variables.product.prodname_container_registry %}, see "[About billing for {% data variables.product.prodname_registry %}](/billing/managing-billing-for-github-packages/about-billing-for-github-packages)." diff --git a/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md b/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md index 095554f8f65a..54a61df01423 100644 --- a/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md +++ b/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md @@ -8,25 +8,23 @@ redirect_from: - /packages/guides/pushing-and-pulling-docker-images - /packages/getting-started-with-github-container-registry/about-github-container-registry - /packages/managing-container-images-with-github-container-registry + - /packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry + - /packages/getting-started-with-github-container-registry/enabling-improved-container-support + - /packages/guides/container-guides-for-github-packages/enabling-improved-container-support + - /packages/guides/enabling-improved-container-support versions: free-pro-team: '*' --- -{% data reusables.package_registry.container-registry-beta %} - -{% data reusables.package_registry.docker-vs-container-registry %} - ## About {% data variables.product.prodname_container_registry %} support -To push and pull container images, an organization admin or the owner of a personal account must enable the {% data variables.product.prodname_container_registry %}. For more information, see "[Enabling improved container support with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry)." - -When installing or publishing a Docker image, the Container registry supports foreign layers, such as Windows images. - The {% data variables.product.prodname_container_registry %} currently supports the following container image formats: * [Docker Image Manifest V2, Schema 2](https://docs.docker.com/registry/spec/manifest-v2-2/) * [Open Container Initiative (OCI) Specifications](https://github.com/opencontainers/image-spec) +When installing or publishing a Docker image, the {% data variables.product.prodname_container_registry %} supports foreign layers, such as Windows images. + ## Authenticating to the {% data variables.product.prodname_container_registry %} {% data reusables.package_registry.authenticate_with_pat_for_container_registry %} diff --git a/content/packages/working-with-a-github-packages-registry/working-with-the-docker-registry.md b/content/packages/working-with-a-github-packages-registry/working-with-the-docker-registry.md index c40d2e87dc8d..da1b3840e736 100644 --- a/content/packages/working-with-a-github-packages-registry/working-with-the-docker-registry.md +++ b/content/packages/working-with-a-github-packages-registry/working-with-the-docker-registry.md @@ -1,6 +1,6 @@ --- title: Working with the Docker registry -intro: 'You can push and pull your Docker images using the {% data variables.product.prodname_registry %} Docker registry, which uses the package namespace `https://docker.pkg.github.com`.' +intro: '{% if currentVersion == "free-pro-team@latest" %}The Docker registry has now been replaced by the {% data variables.product.prodname_container_registry %}.{% else %}You can push and pull your Docker images using the {% data variables.product.prodname_registry %} Docker registry, which uses the package namespace `https://docker.pkg.github.com`.{% endif %}' product: '{% data reusables.gated-features.packages %}' redirect_from: - /articles/configuring-docker-for-use-with-github-package-registry @@ -15,13 +15,21 @@ versions: github-ae: '*' --- + +{% if currentVersion == "free-pro-team@latest" %} + +{% data variables.product.prodname_dotcom %}'s Docker registry (which used the namespace `docker.pkg.github.com`) has been replaced by the {% data variables.product.prodname_container_registry %} (which uses the namespace `https://ghcr.io`). The {% data variables.product.prodname_container_registry %} offers benefits such as granular permissions and storage optimization for Docker images. + +Docker images previously stored in the Docker registry are being automatically migrated into the {% data variables.product.prodname_container_registry %}. For more information, see "[Migrating to the {% data variables.product.prodname_container_registry %} from the Docker registry](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry)" and "[Working with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)." + +{% else %} + + {% data reusables.package_registry.packages-ghes-release-stage %} {% data reusables.package_registry.packages-ghae-release-stage %} {% data reusables.package_registry.admins-can-configure-package-types %} -{% data reusables.package_registry.docker-vs-container-registry %} - ## About Docker support When installing or publishing a Docker image, the Docker registry does not currently support foreign layers, such as Windows images. @@ -260,3 +268,5 @@ $ docker pull HOSTNAME/OWNER/REPOSITORY/IMAGE_NAME:TAG_NAME ## Further reading - "{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package){% elsif currentVersion ver_lt "enterprise-server@3.1" or currentVersion == "github-ae@latest" %}[Deleting a package](/packages/learn-github-packages/deleting-a-package){% endif %}" + +{% endif %} \ No newline at end of file diff --git a/content/rest/reference/packages.md b/content/rest/reference/packages.md index 5cb90ab60901..9b64d2b5449f 100644 --- a/content/rest/reference/packages.md +++ b/content/rest/reference/packages.md @@ -15,17 +15,10 @@ To use this API, you must authenticate using a personal access token. - To delete packages and package versions, your token must include the `read:packages` and `delete:packages` scopes. - To restore packages and package versions, your token must include the `read:packages` and `write:packages` scopes. -If your `package_type` is `npm`, `maven`, `rubygems`, or `nuget`, then your token must also include the `repo` scope since your package inherits permissions from a {% data variables.product.prodname_dotcom %} repository. For more information about scopes, see "[About scopes and permissions](/packages/learn-github-packages/about-github-packages#about-scopes-and-permissions-for-package-registries)" or "[Using the {% data variables.product.prodname_registry %} API with Docker](#using-the-github-packages-api-with-docker)." +If your `package_type` is `npm`, `maven`, `rubygems`, or `nuget`, then your token must also include the `repo` scope since your package inherits permissions from a {% data variables.product.prodname_dotcom %} repository. If your package is in the {% data variables.product.prodname_container_registry %}, then your `package_type` is `container` and your token does not need the `repo` scope to access or manage this `package_type`. `container` packages offer granular permissions separate from a repository. For more information, see "[About permissions for {% data variables.product.prodname_registry %}](/packages/learn-github-packages/about-permissions-for-github-packages#about-scopes-and-permissions-for-package-registries)." If you want to use the {% data variables.product.prodname_registry %} API to access resources in an organization with SSO enabled, then you must enable SSO for your personal access token. For more information, see "[Authorizing a personal access token for use with SAML single sign-on](/github/authenticating-to-github/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)." -#### Using the {% data variables.product.prodname_registry %} API with Docker - -If your package is a Docker image using the package namespace `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`, then your `package_type` is `docker` and your token must include the `repo` scope since your package inherits permissions from a {% data variables.product.prodname_dotcom %} repository. - -If your package is a Docker image using the package namespace `ghcr.io/OWNER/IMAGE-NAME`, then your `package_type` is `container` and your token does not need the `repo` scope to access or manage this `package_type`. `container` packages offer granular permissions separate from a repository. - - {% for operation in currentRestOperations %} {% unless operation.subcategory %}{% include rest_operation %}{% endunless %} {% endfor %} diff --git a/data/reusables/actions/actions-not-certified-by-github.md b/data/reusables/actions/actions-not-certified-by-github.md new file mode 100644 index 000000000000..6cdfc69dbd60 --- /dev/null +++ b/data/reusables/actions/actions-not-certified-by-github.md @@ -0,0 +1,4 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. \ No newline at end of file diff --git a/data/reusables/github-actions/docker-tag-with-ref.md b/data/reusables/github-actions/docker-tag-with-ref.md deleted file mode 100644 index ac946a65dc56..000000000000 --- a/data/reusables/github-actions/docker-tag-with-ref.md +++ /dev/null @@ -1 +0,0 @@ -The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to build and push the Docker image. It tags the built Docker image with the Git reference of the workflow event. This workflow is triggered on publishing a {% data variables.product.prodname_dotcom %} release, so the reference will be the Git tag for the release. diff --git a/data/reusables/github-actions/release-trigger-workflow.md b/data/reusables/github-actions/release-trigger-workflow.md index a8539f99f8a0..5604915e0cdc 100644 --- a/data/reusables/github-actions/release-trigger-workflow.md +++ b/data/reusables/github-actions/release-trigger-workflow.md @@ -1 +1 @@ -Each time you create a new release on {% data variables.product.prodname_dotcom %}, you can trigger a workflow to publish your image. The workflow in the example below runs when the `release` event triggers with the `created` activity type. For more information on the `release` event, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows#release). +Each time you create a new release on {% data variables.product.prodname_dotcom %}, you can trigger a workflow to publish your image. The workflow in the example below runs when the `release` event triggers with the `created` activity type. For more information on the `release` event, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows#release)." diff --git a/data/reusables/package_registry/authenticate_with_pat_for_container_registry.md b/data/reusables/package_registry/authenticate_with_pat_for_container_registry.md index 38994e051e95..29410d764415 100644 --- a/data/reusables/package_registry/authenticate_with_pat_for_container_registry.md +++ b/data/reusables/package_registry/authenticate_with_pat_for_container_registry.md @@ -1,13 +1,11 @@ {% if currentVersion == "free-pro-team@latest" %} -PATs can grant broad access to your account. You should select only the necessary `read:packages`, `write:packages`, or `delete:packages` scope when creating a PAT to authenticate to the {% data variables.product.prodname_container_registry %}. - -To authenticate to the {% data variables.product.prodname_container_registry %} within a {% data variables.product.prodname_actions %} workflow, use the `GITHUB_TOKEN` for the best security and experience. +To authenticate to the {% data variables.product.prodname_container_registry %} within a {% data variables.product.prodname_actions %} workflow, use the `GITHUB_TOKEN` for the best security and experience. If your workflow is using a personal access token (PAT) to authenticate to `ghcr.io`, then we highly recommend you update your workflow to use the `GITHUB_TOKEN`. For guidance on updating your workflows that authenticate to `ghcr.io` with a personal access token, see "[Upgrading a workflow that accesses `ghcr.io`](/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio)." -{% data reusables.package_registry.github-token-security-over-pat %} +For more information about the `GITHUB_TOKEN`, see "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow)." -If you'd like to use the {% data variables.product.prodname_container_registry %} in actions during the beta, follow our security best practices for PAT use at "[Security hardening for GitHub Actions](/actions/getting-started-with-github-actions/security-hardening-for-github-actions#considering-cross-repository-access)." +If you're using the {% data variables.product.prodname_container_registry %} in actions, follow our security best practices at "[Security hardening for GitHub Actions](/actions/getting-started-with-github-actions/security-hardening-for-github-actions#considering-cross-repository-access)." {% endif %} diff --git a/data/reusables/package_registry/container-registry-beta.md b/data/reusables/package_registry/container-registry-beta.md deleted file mode 100644 index 2b790bdbb1de..000000000000 --- a/data/reusables/package_registry/container-registry-beta.md +++ /dev/null @@ -1,5 +0,0 @@ -{% note %} - -**Note:** The {% data variables.product.prodname_container_registry %} is currently in public beta and subject to change. During the beta, storage and bandwidth are free. To use the {% data variables.product.prodname_container_registry %}, you must enable the feature preview. For more information, see "[Introduction to {% data variables.product.prodname_registry %}](/packages/learn-github-packages/introduction-to-github-packages)" and "[Enabling improved container support with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry)." - -{% endnote %} diff --git a/data/reusables/package_registry/docker-vs-container-registry.md b/data/reusables/package_registry/docker-vs-container-registry.md deleted file mode 100644 index 60ba872bf2cf..000000000000 --- a/data/reusables/package_registry/docker-vs-container-registry.md +++ /dev/null @@ -1,9 +0,0 @@ -{% if currentVersion == "free-pro-team@latest" %} -{% note %} - -**Comparing the Docker registry and the {% data variables.product.prodname_container_registry %}:** -- The {% data variables.product.prodname_container_registry %} (`https://ghcr.io`) offers improved performance for containers and will supercede the Docker registry in the future. -- You can migrate your Docker images and workflows from the Docker registry (`docker.pkg.github.com`) to the {% data variables.product.prodname_container_registry %} (`https://ghcr.io`) for granular permissions, container storage optimization, and more. For more information, see "[Migrating to the {% data variables.product.prodname_container_registry %} from the Docker registry](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry)." - -{% endnote %} -{% endif %} diff --git a/data/reusables/package_registry/docker_registry_deprecation_status.md b/data/reusables/package_registry/docker_registry_deprecation_status.md index 67608dc1e210..dc348578f89e 100644 --- a/data/reusables/package_registry/docker_registry_deprecation_status.md +++ b/data/reusables/package_registry/docker_registry_deprecation_status.md @@ -1,5 +1,5 @@ {% warning %} -**Note:** The {% data variables.product.prodname_registry %} Docker registry {% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} will be superseded in a future {% data variables.product.product_name %} release with the {% data variables.product.prodname_container_registry %}, which offers improved container support.{% elsif currentVersion == "free-pro-team@latest" %} is superseded by the {% data variables.product.prodname_container_registry %}, which offers improved container support. {% endif %} {% if currentVersion == "free-pro-team@latest" %} To learn how to migrate your existing Docker images and any workflows using them, see "[Migrating to the {% data variables.product.prodname_container_registry %} from the Docker registry](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry)." {% endif %} +**Note:** The {% data variables.product.prodname_registry %} Docker registry {% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} will be superseded in a future {% data variables.product.product_name %} release with the {% data variables.product.prodname_container_registry %}, which offers improved container support.{% elsif currentVersion == "free-pro-team@latest" %} is superseded by the {% data variables.product.prodname_container_registry %}, which offers improved container support. {% endif %} {% if currentVersion == "free-pro-team@latest" %} For more information, see "[Migrating to the {% data variables.product.prodname_container_registry %} from the Docker registry](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry)." {% endif %} {% endwarning %} diff --git a/data/reusables/package_registry/feature-preview-for-container-registry.md b/data/reusables/package_registry/feature-preview-for-container-registry.md deleted file mode 100644 index 3b8032849ef6..000000000000 --- a/data/reusables/package_registry/feature-preview-for-container-registry.md +++ /dev/null @@ -1,5 +0,0 @@ -{% note %} - -**Note:** Before you can use the {% data variables.product.prodname_container_registry %}, you must enable the feature for your account. For more information, see "[Enabling improved container support with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/enabling-improved-container-support-with-the-container-registry)." - -{% endnote %} diff --git a/data/reusables/package_registry/github-token-security-over-pat.md b/data/reusables/package_registry/github-token-security-over-pat.md deleted file mode 100644 index ca6ffe036013..000000000000 --- a/data/reusables/package_registry/github-token-security-over-pat.md +++ /dev/null @@ -1,3 +0,0 @@ -The {% data variables.product.prodname_container_registry %} now supports `GITHUB_TOKEN` for easy and secure authentication in your workflows. If your workflow is using a personal access token (PAT) to authenticate to `ghcr.io`, then we highly recommend you update your workflow to use `GITHUB_TOKEN`. - -For more information about `GITHUB_TOKEN`, see "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow)." diff --git a/data/reusables/package_registry/publish-docker-image.md b/data/reusables/package_registry/publish-docker-image.md new file mode 100644 index 000000000000..9a3ad84e20a6 --- /dev/null +++ b/data/reusables/package_registry/publish-docker-image.md @@ -0,0 +1,50 @@ +{% raw %} +```yaml{:copy} +name: Create and publish a Docker image + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: ['release'] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Log in to the Container registry + uses: docker/login-action@v1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + uses: docker/build-push-action@v2 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} +``` +{% endraw %} \ No newline at end of file diff --git a/data/reusables/package_registry/repo-scoped-and-granular-permissions-packages.md b/data/reusables/package_registry/repo-scoped-and-granular-permissions-packages.md deleted file mode 100644 index 9bc7ee0d6e77..000000000000 --- a/data/reusables/package_registry/repo-scoped-and-granular-permissions-packages.md +++ /dev/null @@ -1,12 +0,0 @@ -Repository-scoped packages inherit their permissions and visibility from the repository that owns the package. The registries below use this type of permissions: -- Docker registry (`docker.pkg.github.com`) -- npm registry -- RubyGems registry -- Apache Maven registry -- NuGet registry - -{% if currentVersion == "free-pro-team@latest" %} -The Container registry (`ghcr.io`) offers granular permissions and visibility settings that can be customized for each package owned by a personal user or organization account. -{% endif %} - -For more information, see "[About permissions for GitHub Packages](/packages/learn-github-packages/about-permissions-for-github-packages)"{% if currentVersion == "free-pro-team@latest" %} or "[Configuring a package's access control and visibility](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)."{% endif %}. diff --git a/javascripts/wrap-code-terms.ts b/javascripts/wrap-code-terms.ts index 25b848512ad7..dcdfbd7cebe8 100644 --- a/javascripts/wrap-code-terms.ts +++ b/javascripts/wrap-code-terms.ts @@ -11,8 +11,12 @@ export default function () { const codeTerms = document.querySelectorAll('#article-contents table code') if (!codeTerms) return - codeTerms.forEach((node) => { - // Do the wrapping on the inner text only, so we don't modify hrefs + codeTerms.forEach(node => { + // Return early if a child node is an anchor element + const hasChildAnchor = Array.from(node.childNodes).some(child => child.nodeName === 'A') + if (hasChildAnchor) return + + // Do the wrapping on the inner text only const oldText = escape(node.textContent || '') const newText = oldText.replace(wordsLongerThan18Chars, (str) => { diff --git a/lib/webhooks/static/dotcom/package.published.payload.json b/lib/webhooks/static/dotcom/package.published.payload.json index f310484f15a3..ba0e4fd18e8a 100644 --- a/lib/webhooks/static/dotcom/package.published.payload.json +++ b/lib/webhooks/static/dotcom/package.published.payload.json @@ -3,6 +3,9 @@ "package":{ "id":10696, "name":"hello-world-npm", + "namespace":"Codertocat/hello-world-npm", + "description":null, + "ecosystem":"docker", "package_type":"npm", "html_url":"https://github.com/Codertocat/hello-world-npm/packages/10696", "created_at":"2019-05-09T23:28:29Z", @@ -31,6 +34,8 @@ "id":24147, "version":"1.0.0", "summary":"A simple npm package to demonstrate GitHub Packages", + "name":"sha256:3da1996a8115d7616457760d9920b815241d0a03b34cf5f04e9a0e9d8de37498", + "description":"", "body":"# hello-world-npm\n\nThis is a simple npm package that demonstrates the [Github Packages](https://github.com/features/package).\n\n## Installation \n\n`$ npm install`\n\n## Usage\n\n```\nconst myPackage = require('hello-world-node-package');\nmyPackage.helloWorld();\n```\n\n", "body_html":"

hello-world-npm

\n

This is a simple npm package that demonstrates the Github Package Registry.

\n

Installation

\n

$ npm install

\n

Usage

\n
const myPackage = require('hello-world-node-package');\nmyPackage.helloWorld();\n
", "release":{ @@ -77,6 +82,9 @@ "metadata":[ ], + "docker_metadata":[ + + ], "package_files":[ { "download_url":"https://github-production-package-file-4f11e5.s3.amazonaws.com/185882436/3e6d9b00-7288-11e9-9d72-c0df4c711800?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190509%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190509T232830Z&X-Amz-Expires=300&X-Amz-Signature=4b825c49cd93370123a77d0f97a4ebb0d44efb76da46faf1e382f0c668b35819&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=filename%3Dhello-world-npm-1.0.0-npm.tgz&response-content-type=application%2Foctet-stream", @@ -112,6 +120,7 @@ "type":"User", "site_admin":false }, + "source_url":"ghcr.io/Codertocat/hello-world-npm/image-1:v1", "installation_command":"npm install @Codertocat/@1.0.0" }, "registry":{ diff --git a/tests/content/featured-links.js b/tests/content/featured-links.js index 5c74bcd26832..c0a2c47b8f5d 100644 --- a/tests/content/featured-links.js +++ b/tests/content/featured-links.js @@ -57,7 +57,7 @@ describe('featuredLinks', () => { // Confirm that the following Dotcom-only links are NOT included on this Enterprise page. msg = `Dotcom-only article link is rendered, but should not be, on ${enterpriseVersionedLandingPage}` - expect($productArticlesLinks.text().includes('Enabling improved container support with the Container registry')).toBe(false) + expect($productArticlesLinks.text().includes('Working with the Container registry')).toBe(false) expect($productArticlesLinks.text().includes('Migrating to the Container registry from the Docker registry'), msg).toBe(false) }) })