fix(ci): verify anonymous GHCR pull even when visibility API is unavailable (#801)

2026-02-18 07:34:25 -05:00 · 2026-02-18 07:34:25 -05:00 · 80b60d7b70
commit 80b60d7b70
parent 50fd5b81e1
1 changed files with 17 additions and 17 deletions
--- a/.github/workflows/pub-docker-img.yml
+++ b/.github/workflows/pub-docker-img.yml
@ -139,32 +139,32 @@ jobs:
                  owner="${GITHUB_REPOSITORY_OWNER,,}"
                  repo="${GITHUB_REPOSITORY#*/}"
-                  # Package path can be either "<repo>" or URL-encoded "<owner>/<repo>".
+                  # Package path can vary depending on repository/package linkage.
                  candidates=(
                    "$repo"
                    "${owner}%2F${repo}"
                  )
                  for scope in orgs users; do
                    for pkg in "${candidates[@]}"; do
                      code="$(curl -sS -o /tmp/ghcr-visibility.json -w "%{http_code}" \
                        -X PATCH \
                        -H "Authorization: Bearer ${GH_TOKEN}" \
                        -H "Accept: application/vnd.github+json" \
                        -H "X-GitHub-Api-Version: 2022-11-28" \
-                      "https://api.github.com/orgs/${owner}/packages/container/${pkg}/visibility" \
+                        "https://api.github.com/${scope}/${owner}/packages/container/${pkg}/visibility" \
                        -d '{"visibility":"public"}' || true)"
                      if [ "$code" = "200" ] || [ "$code" = "204" ]; then
-                      echo "GHCR package visibility is public for ${pkg}."
+                        echo "GHCR package visibility is public (${scope}/${owner}/${pkg})."
                        exit 0
                      fi
-                    echo "Attempt for ${pkg} returned HTTP ${code}."
+                      echo "Visibility attempt ${scope}/${owner}/${pkg} returned HTTP ${code}."
-                    cat /tmp/ghcr-visibility.json || true
+                    done
                  done
-                  echo "::error::Failed to set GHCR package visibility to public."
+                  echo "::warning::Unable to update GHCR visibility via API in this run; proceeding to direct anonymous pull verification."
                  exit 1
            - name: Verify anonymous GHCR pull access
              shell: bash