Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
Codex Review: Here are some suggestions.
About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".
| - name: Login to GHCR | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} |
There was a problem hiding this comment.
[P1] Authenticate to GHCR with workflow actor, not repository owner
The login step uses username: ${{ github.repository_owner }} while authenticating with secrets.GITHUB_TOKEN. GitHub issues the workflow token for the triggering actor, not for the repository owner, so when the repo lives under an organization the credentials don’t match and docker/login-action returns 401 and the job never reaches the build stage. Using github.actor (the token’s principal) avoids failed releases whenever a maintainer or automation pushes a tag.
Useful? React with 👍 / 👎.
* ci: add tag-based Docker release to GHCR * ci: extend release workflow to create GitHub Release with notes * chore(ci): trigger checks for PR #4 --------- Co-authored-by: Michael <michael@localhost>
1 participant
Publishes Docker image to GHCR on tag pushes (v*).
Uses GITHUB_TOKEN with packages: write.
Image: ghcr.io/${{ github.repository_owner }}/soulfield:latest and :.