How to push Docker images to GitHub Container Registry

GitHub Container Registry

GitHub Container Registry (ghcr.io) stores Docker images alongside your code. Images are linked to your GitHub account or organization and can be made public or private. No external registry account needed.

Login and Push

permissions:
  contents: read
  packages: write

jobs:
  push-image:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}

The permissions block at the top grants the built-in GITHUB_TOKEN write access to packages. Without it, the push will fail with a 403. github.repository expands to owner/repo-name, producing a valid ghcr.io image path. github.actor is the username of the user or bot that triggered the workflow.