Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/rssnyder/ghcr-artifact-store

use GitHub Container Registry to store regular artifacts
https://github.com/rssnyder/ghcr-artifact-store

Last synced: about 1 year ago
JSON representation

use GitHub Container Registry to store regular artifacts

Awesome Lists containing this project

README 

          
# ghcr-artifact-store



Use github container registry (or any container registry) to store artifacts for your github actions workflows



[![release](https://img.shields.io/github/v/release/rssnyder/ghcr-artifact-store?sort=semver&logo=github&color=blue)](https://github.com/rssnyder/ghcr-artifact-store/releases/latest)

[![.github/workflows/test.yml](https://github.com/rssnyder/ghcr-artifact-store/actions/workflows/test.yml/badge.svg)](https://github.com/rssnyder/ghcr-artifact-store/actions/workflows/test.yml)



## setup



You will need access to publish to github packages from your actions workflow. You can use the default `GITHUB_TOKEN` or a PAT.



The environment for your workflow will also need to have docker installed, which is included with `ubuntu-latest`.



You should run the action from the directory with your artifact to be uploaded using `working-directory`.



## usage



```yaml

inputs:

  method:

    description: 'GET or PUT. Defaults to GET.'

    required: false

    default: GET

  artifact:

    description: 'Artifact to GET or PUT'

    required: true

  tag:

    description: 'Tag for image when pushed to ghcr. Defaults to artifacts.'

    required: false

    default: artifacts

  image:

    description: 'Image to store. Defaults to ghcr.io//.'

    required: false

    default: ''

  registry_user:

    description: 'Username for pushing to ghcr. Defaults to the user who trigered the workflow.'

    required: false

    default: ''

  token:

    description: 'Token for pushing to ghcr.'

    required: true

```



### put



```yaml

- uses: rssnyder/ghcr-artifact-store@0.1.0

  with:

    method: PUT

    artifact: state.json

    token: ${{ secrets.GITHUB_TOKEN }}

```



### get



```yaml

- uses: rssnyder/ghcr-artifact-store@0.1.0

  with:

    artifact: state.json

    token: ${{ secrets.GITHUB_TOKEN }}

```



## example



See an example of storing terraform state using this method [here](https://github.com/rssnyder/isengard/blob/master/.github/workflows/terraform.yml#L28).



## bootstraping



To bootstrap an inital image for your repository, grab a github PAT with `packages:write` and set `GITHUB_TOKEN` to it and do the following steps locally:



```shell

# Login

> echo $GITHUB_TOKEN | docker login ghcr.io -u  --password-stdin



# Use busybox as source

> docker pull busybox

> docker tag busybox ghcr.io//:artifacts



# Push to ghcr

> docker push ghcr.io//:artifacts

```



Why `busybox`? I wanted to use a popular image that people could "trust" that was also as minimal as possible.



```shell

> docker pull busybox

> docker images busybox --format "{{.Repository}}:{{.Tag}} -> {{.Size}}"

busybox:latest -> 1.24MB

```



## security



By default packages are private when first created and you must change them to public. If you are using this on a repository that is already publishing a public image to ghcr then **do not store sensitive information in your artifacts**.



In addition, you should tag your references to this composite to a version you have audited.



## use locally



```shell

GITHUB_TOKEN= GITHUB_ACTOR= GITHUB_REPOSITORY=/ METHOD="PUT" sh action.sh state.json

GITHUB_TOKEN= GITHUB_ACTOR= GITHUB_REPOSITORY=/ sh action.sh state.json

```