Skip to content
Latchkey

docker/login-action

Log in to Docker Hub, GHCR, ECR, or any registry before pushing an image.

Official actionCategory: Docker & ContainersLatest v3View on GitHub

What it does

docker/login-action authenticates the Docker CLI to a registry using credentials from secrets, so a subsequent build-push or push succeeds.

For GitHub Container Registry (ghcr.io) it can use the built-in GITHUB_TOKEN.

Usage

workflow (.yml)
steps:
  - uses: docker/login-action@v3
    with:
      registry: ghcr.io
      username: ${{ github.actor }}
      password: ${{ secrets.GITHUB_TOKEN }}

Inputs

InputDescriptionDefaultRequired
registryRegistry host. Omit for Docker Hub.docker.ioNo
usernameRegistry username.-No
passwordRegistry password or token.-No
logoutLog out at the end of the job.trueNo

Notes

To push to ghcr.io with GITHUB_TOKEN the job needs permissions: packages: write.

Common errors

  • unauthorized: authentication required on push means login did not run or used the wrong registry host. Match registry to the image prefix.
  • GHCR pushes failing with a permission error usually lack packages: write in the job permissions:.

Security and pinning

  • Always source password from a secret. Prefer short-lived tokens (GITHUB_TOKEN for GHCR, OIDC for cloud registries) over long-lived credentials.

Alternatives and related

Frequently asked questions

How do I push to GitHub Container Registry?
Log in to ghcr.io with github.actor and GITHUB_TOKEN, and grant the job packages: write permission.
Running docker/login-action? Run it on Latchkey managed runners - self-healing and caching included. Start free → 30-day trial · No credit card