Updated the Solus workflow to grant packages: read (alongside contents: read) at workflow scope, so the Actions token can authenticate for GHCR package pulls.

Added a conditional GHCR login step (docker/login-action@v3) that runs when the selected image is under ghcr.io/*, using ${{ github.actor }} and ${{ github.token }} before docker pull.

Left the existing build/pull flow intact after authentication, so behavior is unchanged except for fixing anonymous-pull denial cases.

.github/workflows/solus-eopkg-build.yml

@@ -16,6 +16,10 @@ on:
       - main
       - master
 
+permissions:
+  contents: read
+  packages: read
+
 jobs:
   build-eopkg:
     runs-on: ubuntu-latest
@@ -26,6 +30,14 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Log in to GHCR (for ghcr.io images)
+        if: startsWith(env.SOLUS_IMAGE, 'ghcr.io/')
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
       - name: Build eopkg package in Solus container
         run: |
           if [ ! -f "$PACKAGE_YML" ]; then