Github Actions Push to Github Container Registry Forbidden [SOLVED]
Issue
When using GITHUB_TOKEN (dynamic token that is generated per each Gitub Actions run) to push images from Github Actions the following error shows up:
ERROR: failed to solve: failed to push ghcr.io/<repo>:<sha>: unexpected status from HEAD request to https://ghcr.io/v2/<repo>/blobs/sha256:<sha>: 403 Forbidden
Research & Root Cause
Reserach landed on the following links:
So the issue is related to the lack of permissions of Github Actions. The ultimate solution mentioned here.
It seems there are mulitple ways how GH will create a package. Depending on which path you take It seems to assign different set of “Action Permissions” to the packge/docker repository when it gets implicitly crated by the first push. This implicit creation of the package/docker repository can be triggered by a manual/remote (PAT) based initial push or by GH Actions using the configured authentication. Results seem to differ.
So to fix this, head over to $yourOrganization → Packages → $yourPackage → Package settings (to the right / bottom)
And configure “Manage Actions access” section to allow the git repository in question write permissions on this package/docker repository
Solution
The solution is to do the following
Add the Repository to the Package.
Configure Admin (or at least Write) permissions
![[SOLVED] GITHUB_TOKEN causes an error when pushing to Github Container Registry Forbidden](/deploying-python-fastapi-with-kamal/deploying-python-fastapi-with-kamal.webp "[SOLVED] GITHUB_TOKEN causes an error when pushing to Github Container Registry Forbidden")