GitHub App authentication for GitHub packages

[jdbruijn]

Select Topic Area

Question

Body

The documentation notes using a PAT for GitHub Packages authentication. I'm trying the same thing but with a GitHub App, which has the packages permissions as well. However, when trying to push to the registry I get the denied: permission_denied: installation not allowed to Write organization package error. I've tried pushing with a PAT and that seems to work, locally as I didn't try this in the Action yet but pretty sure that would work too. After pushing with the PAT and linking the repository, I've tried again with an App but still can't push (initially I got not allowed to Create and now I get not allowed to Write).

Is it not possible to push to the GitHub Packages registry from a GitHub App token?

[thequailman]

This seems to block using tokens from the GitHub Vault Secrets Engine: martinbaillie/vault-plugin-secrets-github#115. Which is really unfortunate...

[ALISHERpy]

yeah,i had one.
https://github.com/Dastirchiyigit/Market-place_eBazar
take at the look at this

[perillamint]

Also experiencing same issue with this. Granted read:packages and write:packages to the app, but the app token unable to push to the GHCR.

I noticed this from tokens from Jenkins Github branch source plugin is unable to push to GHCR.

Then, I attempted to issue a token using GitHub official method. Sign JWT, exchange it to the token, login to docker, try to push. Of course, it failed.

Even if I grant all permission to App, it still fails to push to the repository. Still says denied: permission_denied: installation not allowed to Write organization package

[garyy7811]

this is exactly what I'm facing too!

[BernhardRode]

Any news on that front?

We just want to install npm packages from another repo :/

[psweeney-subaru]

I have been struggling with this for a few days now. I want to upload to github packages from jenkins using github app credentials. Has anybody managed to get this working?

[auirarrazaval]

Similar issue here.

Just for the sake of documentation:
I have a GitHub App that has repository packages write access for the repository that is triggering the workflow, however upon publishing a package using npm publish with the app's token, i get the
denied: permission_denied: installation not allowed to Write organization package error.

One workaround was change the organization settings to allow workflows to push packages, and then use the workflow token to publish. However, this is not ideal as I would like the app to 'own' the publish.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬