Github Actions Push to Github Container Registry Forbidden [SOLVED]

Issue

When using GITHUB_TOKEN (dynamic token that is generated per each Gitub Actions run) to push images from Github Actions the following error shows up:

ERROR: failed to solve: failed to push ghcr.io/<repo>:<sha>: unexpected status from HEAD request to https://ghcr.io/v2/<repo>/blobs/sha256:<sha>: 403 Forbidden

Research & Root Cause

Reserach landed on the following links:

• Random 403 errors when pushing to GHCR #463
• Unable to push to ghcr.io from Github Actions #26274

So the issue is related to the lack of permissions of Github Actions. The ultimate solution mentioned here.

@pulsar256:

It seems there are mulitple ways how GH will create a package. Depending on which path you take It seems to assign different set of “Action Permissions” to the packge/docker repository when it gets implicitly crated by the first push. This implicit creation of the package/docker repository can be triggered by a manual/remote (PAT) based initial push or by GH Actions using the configured authentication. Results seem to differ.

So to fix this, head over to $yourOrganization → Packages → $yourPackage → Package settings (to the right / bottom)

And configure “Manage Actions access” section to allow the git repository in question write permissions on this package/docker repository

Solution

The solution is to do the following

Add the Repository to the Package.

Configure Admin (or at least Write) permissions