Updated the Solus workflow to grant packages: read (alongside contents: read) at workflow scope, so the Actions token can authenticate for GHCR package pulls.

Added a conditional GHCR login step (docker/login-action@v3) that runs when the selected image is under ghcr.io/*, using ${{ github.actor }} and ${{ github.token }} before docker pull. Left the existing build/pull flow intact after authentication, so behavior is unchanged except for fixing anonymous-pull denial cases.
2026-03-10 07:50:19 +00:00 · 2026-02-18 10:44:45 -07:00
parent 10f6b4913e
commit e8f4044f8c
1 changed files with 12 additions and 0 deletions
--- a/.github/workflows/solus-eopkg-build.yml
+++ b/.github/workflows/solus-eopkg-build.yml
@@ -16,6 +16,10 @@ on:
      - main
      - master

+permissions:
+  contents: read
+  packages: read
+
 jobs:
  build-eopkg:
    runs-on: ubuntu-latest
@@ -26,6 +30,14 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4

+      - name: Log in to GHCR (for ghcr.io images)
+        if: startsWith(env.SOLUS_IMAGE, 'ghcr.io/')
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
      - name: Build eopkg package in Solus container
        run: |
          if [ ! -f "$PACKAGE_YML" ]; then