Chapter 06: Unable to Publish COntainer Image about cloud-native-spring-in-action HOT 2 CLOSED

@nmuianga when using the ${{ secrets.GITHUB_TOKEN }} placeholder, GitHub automatically injects a short-lived token configured with permissions that depend on what is configured in the workflow. The job in a workflow that is responsible for publishing images must declare the packages: write permission as follows.

package:
    name: Package and Publish
    runs-on: ubuntu-22.04
    permissions:
      contents: read
      packages: write
      security-events: write

The examples in the book follow this setup for publishing images having the following format: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}. In particular, REGISTRY must be equal to ghcr.io and IMAGE_NAME must be exactly the same as the repository name. The GitHub Actions workflows in the book don't need you to create custom Personal Access Tokens since the token automatically provided by GitHub is enough.

There might be reason for which you can't use the automatically provided token. For example, if you need IMAGE_NAME to be something else than the repository name, but you still want to publish to the GitHub Container Registry (ghcr.io), then you can create a Personal Access Token as described in the book. That token needs the write:packages scope. Is this your use case?

You can then save the value of the newly generated token into a Secret in your GitHub repository. Since GITHUB_TOKEN is the name of the token automatically injected by GitHub, your custom token should have a different name to avoid conflicts. Could this be the reason for the error you experienced? In the snippet you shared, I can see that ${{ secrets.GITHUB_TOKEN }} is used. If you want to use your Personal Access Token (let's say you saved it as a Secret with name MY_CUSTOM_TOKEN) , then the value passed to the Docker Login action should be ${{ secrets.MY_CUSTOM_TOKEN }}.

from cloud-native-spring-in-action.