Skip to content

Clarified use of public vs. private repositories and access tokens when using CES and GHCR #267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Clarified use of public vs. private repositories and access tokens when using CES and GHCR #267

wants to merge 1 commit into from

Conversation

mikej888
Copy link
Contributor

EIDF Documentation Pull Request

Description

At present, the TRE CES user documentation implies that only private GHCR repositories can be used. Users of the TRE container execution service 'ces-tools' can use either public or private GHCR repositories. However, when using 'ces-tools' they must provide both a username and an access token.

Updated docs/safe-haven-services/tre-container-user-guide/*md:

  • Removed any mention of 'private' repositories.
  • Stated that 'ces-pull' username/namespace and token arguments are mandatory.
  • Clarified that, for pushing containers, a GitHub access token with 'repo' and 'write:packages' scopes is required.
  • Clarified that, for pulling containers within the test environment or the TRE, a GitHub access token with 'read:packages' scopes is recommended to keep the user's GHCR secure.
  • For pulling containers, a read-only access token (not a password or read-write access token) is recommended.

Fixes #266

Type of change

  • Incorrect Documentation
  • Incomplete Documentation

What has to be reviewed

docs/safe-haven-services/tre-container-user-guide/development-workflow.md
docs/safe-haven-services/tre-container-user-guide/workflow-examples.md
docs/safe-haven-services/tre-container-user-guide/introduction.md # Note, fixed typo only

Checklist

  • Documentation follows the project style guidelines
  • Ensure Contact details contain Service Emails and Numbers
  • Self-review of documentation using mkdocs on local system
  • Spellcheck has been performed
  • Pre-commit has been run and passed

@mikej888
Clarified use of public vs. private repositories and access tokens wh…
2e028a8 
…en using CES and GHCR

At present, the TRE CES user documentation implies that only private GHCR repositories can be used. Users of the TRE container execution service 'ces-tools' can use either public or private GHCR repositories. However, when using 'ces-tools' they must provide both a username and an access token.

Updated `docs/safe-haven-services/tre-container-user-guide/*md`:
* Removed any mention of 'private' repositories.
* Stated that 'ces-pull' username/namespace and token arguments are mandatory.
* Clarified that, for pushing containers, a GitHub access token with 'repo' and 'write:packages' scopes is required.
* Clarified that, for pulling containers within the test environment or the TRE, a GitHub access token with 'read:packages' scopes is recommended to keep the user's GHCR secure.
* For pulling containers, a read-only access token (not a password or read-write access token) is recommended.
@mikej888 mikej888 requested review from kavousan and rkm October 17, 2025 11:30
@mikej888 mikej888 added the documentation Improvements or additions to documentation label Oct 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kavousan kavousan Awaiting requested review from kavousan

@rkm rkm Awaiting requested review from rkm

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Documentation]: Clarify use of public vs. private repositories and access tokens when using CES and GHCR

1 participant

@mikej888