e71021ae66
* Add actions category name as first commit * Package reorganization: rename articles for "Learning..." and "Managing..." categories (#18880) * Initial prep work for Packages reorg * Make changes for Learning and Managing categories * Match file name to revised article title * Rework packages guides (#18902) * Create new directory * Delete guides directory and index.md link * Remove duplicated redirects to fix test * fix folder name * delete temporary directory of old content * Add Gradle article * Update landing page with new links * Update test to fix CI failure for deleted articles * Update links and titles for reorg-ed articles * Fix broken links Co-authored-by: hubwriter <hubwriter@github.com> * Update more changed article titles in links (#18911) * remove test line to test PR build failure * Add sections to permissions article * Add draft reusable * restore versioning tests * Remove accidental inclusion of new reusable from a different branch * Package registry content redesign updates (#18930) * Update container registry product variable * First round of edits * Update tidbit * Apply suggestions from code review Co-authored-by: hubwriter <hubwriter@github.com> * Update docker-vs-container-registry.md * Update authentication section to resolve bug/confusion * Revisions * Last touchups * Migration from intro article Co-authored-by: hubwriter <hubwriter@github.com> * Add versioned diagrams * Add packages actions revisions (#18956) * Add refreshed content * Update content/packages/managing-github-packages-using-github-actions-workflows/example-workflows-for-publishing-a-package.md Due to tightness of time on this I'm going to commit this suggestion so that I can merge this PR into the Packages megabranch. Co-authored-by: hubwriter <hubwriter@github.com> * Packages reorg: "Introduction to GitHub Packages" article (#18906) * Initial commit. Remove stray comma * Initial CC work - WiP * More changes for the Introduction article * Make changes as per Jessica's review * Fix broken reusable ref * improve test failure message and add clarifying comments * Packages reorganization: More updates to the 'Learn GitHub Packages' articles" (#18961) * Viewing - WiP * More updates to the 'Learn...' category * revisions to intro article * Add permissions article and make a few other streamlined updates * Fix links 🌿 Co-authored-by: jmarlena <> * Apply suggestions from code review * Apply product input * Fix versioning * Apply some straight-forward suggested changes ⚡ Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Apply suggestions from code review * Add "GitHub Packages" before container registry mention * Standardize visibility & permsisions section into a reusable * Add link * Replace outdated link * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * ✂️ cut note * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Superseded rewrite? * bye single-use reusable * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Condense packages & actions conceptual content * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * remove "package registries" * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Add reusable * Add these redirects from the deleted containers conceptual article * Incorporate changes from main into retitled articles 💫 * Missing endif * Fix unexpected redirect behavior * Revamp and consolidate actions access settings * Further reading section * Last fix for now * standardize steps * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: hubwriter <hubwriter@github.com> Co-authored-by: Sarah Schneider <sarahs@github.com> Co-authored-by: jmarlena <> Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>
6.6 KiB
title, intro, product, versions
| title | intro | product | versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| About permissions for GitHub Packages | Learn about how to manage permissions for your packages. | {% data reusables.gated-features.packages %} |
|
{% if currentVersion == "free-pro-team@latest" %} The permissions for packages are either repository-scoped or user/organization-scoped. {% endif %}
Permissions for repository-scoped packages
A repository-scoped package inherits the permissions and visibility of the repository that owns the package. You can find a package scoped to a repository by going to the main page of the repository and clicking the Packages link to the right of the page.
The {% data variables.product.prodname_registry %} registries below use repository-scoped permissions:
- Docker registry (
docker.pkg.github.com) - npm registry
- RubyGems registry
- Apache Maven registry
- NuGet registry
{% if currentVersion == "free-pro-team@latest" %}
Granular permissions for user/organization-scoped packages
Packages with granular permissions are scoped to a personal user or organization account. You can change the access control and visibility of the package separately from a repository that is connected (or linked) to a package.
Currently, only the {% data variables.product.prodname_capitalized_container_registry %} offers granular permissions for your container image packages.
Visibility and access permissions for container images
{% data reusables.package_registry.visibility-and-access-permissions %}
For more information, see "Configuring a package's access control and visibility."
{% endif %}
About scopes and permissions for package registries
To use or manage a package hosted by a package registry, you must use a token with the appropriate scope, and your user account must have appropriate permissions.
For example:
- To download and install packages from a repository, your token must have the
read:packagesscope, and your user account must have read permission. - {% if currentVersion == "free-pro-team@latest" or if currentVersion ver_gt "enterprise-server@3.0" %}To delete a package on {% data variables.product.product_name %}, your token must at least have the
delete:packagesandread:packagesscope. Thereposcope is also required for repo-scoped packages.{% elsif currentVersion ver_lt "enterprise-server@3.1" %}To delete a specified version of a private package on {% data variables.product.product_name %}, your token must have thedelete:packagesandreposcope. Public packages cannot be deleted.{% elsif currentVersion == "github-ae@latest" %}To delete a specified version of a package on {% data variables.product.product_name %}, your token must have thedelete:packagesandreposcope.{% endif %} For more information, see "{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}Deleting and restoring a package{% elsif currentVersion ver_lt "enterprise-server@3.1" or currentVersion == "github-ae@latest" %}Deleting a package{% endif %}."
| Scope | Description | Required permission |
|---|---|---|
read:packages |
Download and install packages from {% data variables.product.prodname_registry %} | read |
write:packages |
Upload and publish packages to {% data variables.product.prodname_registry %} | write |
delete:packages |
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} Delete packages from {% data variables.product.prodname_registry %} {% elsif currentVersion ver_lt "enterprise-server@3.1" %} Delete specified versions of private packages from {% data variables.product.prodname_registry %}{% elsif currentVersion == "github-ae@latest" %} Delete specified versions of packages from {% data variables.product.prodname_registry %} {% endif %} | admin |
repo |
Upload and delete packages (along with write:packages, or delete:packages) |
write or admin |
When you create a {% data variables.product.prodname_actions %} workflow, you can use the GITHUB_TOKEN to publish and install packages in {% data variables.product.prodname_registry %} without needing to store and manage a personal access token.
For more information, see:{% if currentVersion == "free-pro-team@latest" %}
- "Configuring a package’s access control and visibility"{% endif %}
- "Publishing and installing a package with {% data variables.product.prodname_actions %}"
- "Creating a personal access token"
- "Available scopes"
Maintaining access to packages in {% data variables.product.prodname_actions %} workflows
To ensure your workflows will maintain access to your packages, ensure that you're using the right access token in your workflow and that you've enabled {% data variables.product.prodname_actions %} access to your package.
For more conceptual background on {% data variables.product.prodname_actions %} or examples of using packages in workflows, see "Managing GitHub Packages using GitHub Actions workflows."
Access tokens
- To publish packages associated with the workflow repository, use
GITHUB_TOKEN. - To install packages associated with other private repositories that
GITHUB_TOKENcan't access, use a personal access token
For more information about GITHUB_TOKEN used in {% data variables.product.prodname_actions %} workflows, see "Authentication in a workflow."
{% if currentVersion == "free-pro-team@latest" %}
{% data variables.product.prodname_actions %} access for container images
To ensure your workflows have access to your container image, you must enable {% data variables.product.prodname_actions %} access to the repositories where your workflow is run. You can find this setting on your package's settings page. For more information, see "Ensuring workflow access to your package."
{% endif %}