docker/login-action: Authenticate to a Registry
login-action authenticates Docker to a registry so later steps can push images.
Use it before build-push-action when you push. It supports Docker Hub, GHCR, ECR, GCR, and any registry with username/password or token auth.
Key inputs (with:)
- registry: registry host, e.g. ghcr.io (omit for Docker Hub).
- username: registry username or actor.
- password: token or password (use a secret).
- logout: log out at job end (default true).
Example workflow
.github/workflows/ci.yml
jobs:
push:
runs-on: ubuntu-latest
permissions:
packages: write
steps:
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}On any runner
login-action runs on any runner. Latchkey managed runners run it unchanged.
Key takeaways
- For GHCR, use github.actor and GITHUB_TOKEN with packages: write.
- Always pass the password from a secret, never inline.
- Run it before build-push-action when pushing.
Related guides
docker/build-push-action: Build & Push Images in CIReference for docker/build-push-action: build a Docker image with BuildKit and push it to a registry, with ta…
docker/metadata-action: Generate Tags & LabelsReference for docker/metadata-action: derive Docker image tags and OCI labels from Git refs, SHAs, and semver…
aws-actions/configure-aws-credentials: Auth to AWS in CIReference for aws-actions/configure-aws-credentials: assume an IAM role via OIDC (no static keys) and set AWS…