Preparing and Registering the Docker Image

To control a CI/CD workflow, GitHub supports adding custom functionality to a workflow via containers. Each container needs to be registered in the GitHub container registry. Repositories wanting to use iCR CI/CD are then associated with the container. iCR implements its GitHub Actions CI/CD via the supplied Docker container image. To learn more about GitHub’s support for Docker in their container registry you can visit their Website.

Included in the iCR CI/CD directory is a script named prep-container. This script is used to prepare and register the provided iCR Docker container for use with GitHub CI/CD. To register this component within a specific User’s container registry, execute the command below from within the directory where the container image resides:

./prep-container github <username> <authentication-token> [<project-name> <enterprise-URL>]

Where <username> is the name of the user who owns the project to be analyzed and <authentication-token> is a Personal Access Token (PAT) that the User must create within GitHub to authorize the login to the GitHub container registry. This method insures that authenticated access to the registry will succeed even if two-factor authentication is enabled for that User.

If the user is planning on pulling the source code from a GitHub Enterprise server, then a specific project name must be specified as part of the package registration so <project-name> is used to identify the specific project. This is followed by the URL of the Enterprise server itself specified using <enterprise-URL>.

Staying with the examples used in the User Guide for Private Platform, and assuming a cloud-based VCS, the command would look like:

./prep-container github or-testuser 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

This command causes the icr-github.tar image that is included in the CI/CD directory to be inserted into the local Docker registry where it can then be pushed to the User’s container registry in the GitHub cloud VCS. The output looks like:

8cffb9f8f141: Loading layer [==================================================>] 191.8MB/191.8MB
8e29cb707506: Loading layer [==================================================>] 423.9MB/423.9MB
Loaded image: icr-github:latest
Untagged: icr-github:latest
WARNING! Your password will be stored unencrypted in /home/or-testuser/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
The push refers to repository \[ghcr.io/or-testuser/icr-github]
8e29cb707506: Pushed
8cffb9f8f141: Pushed
21639b09744f: Pushed
latest: digest: sha256:e816c2673200f0dcfeb53371b3ad38de664aaf253c359d471950041a9346146c size: 955

Once registered, the container will appear in the GitHub packages listing.

To verify this, from the User home page in GitHub select Packages from the top menu.

This will bring you to the package registry page for this User displaying all of the currently registered container packages. On our example, we just have the one new container that we just pushed to the registry: icr-github.