I’m trying to properly authenticate with GHCR to use the NethServer Docker images in our CI/CD pipeline, but despite following the recommended steps, I keep getting DENIED: invalid token errors. Here’s what I’ve tried:
Token Configuration:
Created new GitHub tokens with:
Only read:packages scope
Tried adding repo scope (for private repos)
Verified token length (40 chars) and no trailing spaces
Is the nethserver/ns8 image repository private? If so, what are the access requirements?
Are there special organization-level permissions needed?
Could you share a working example of CI/CD authentication?
… the context
I’m creating the documentation for a project approved by “El Sistema” for the presentation “Orchestrating the Educational Experience: Asset Management | Audiovisual Archive” where we used NethServer + Proxmox-VE as our fundamental node. I want to finish the documentation to share it with those who will help me implement it. Of course, I want to share it with this community, with much gratitude.
Of course not!
All ns8 images are public including the repository that contains the code of the image.
Nope: you can pull the image without authentication.
I think the problem is that there is no image named ghcr.io/nethserver/ns8:8.4.
The version 8.4 is just a milestone name for a bunch of containers.
The core includes many containers like core, ldapproxy and many other.
To pull the only main core image, just execute:
docker pull ghcr.io/nethserver/core:3.9.0
Inside the testing CI, the requests are not authenticated.
The CI authenticates itself only when pushing new images.
This a workflow using Github CLI, but you do not need it for download:
