> ## Documentation Index > Fetch the complete documentation index at: https://www.qovery.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # GitHub Container Registry > Connect GitHub Container Registry (GHCR) with Qovery ## Overview GitHub Container Registry (GHCR) is GitHub's container image registry service, integrated with GitHub repositories and Actions. It provides free storage for public images and supports private images for GitHub users. ## Registry URL ``` https://ghcr.io ``` ## Image Format ``` ghcr.io//: ``` Examples: * `ghcr.io/mycompany/api:latest` * `ghcr.io/myusername/frontend:v1.2.3` ## Authentication GitHub Container Registry uses GitHub Personal Access Tokens (PAT) for authentication. ### Required Permissions Your Personal Access Token (classic) needs the following scopes: * `read:packages` - Pull images from GHCR * `read:org` - Required for Qovery to validate your organization access * `write:packages` - Push images (only if needed) * `repo` - Required only if your container packages are linked to private repositories (this is the default behavior on GitHub) If your container packages inherit their visibility from private repositories (GitHub's default), the `repo` scope is required even for read-only access. This is a GitHub limitation, not a Qovery requirement. You can avoid this by configuring your package visibility independently in your GitHub package settings. ## Configuration in Qovery 1. Go to GitHub → **Settings** → **Developer settings** 2. Click **Personal access tokens** → **Tokens (classic)** 3. Click **Generate new token (classic)** 4. Give it a descriptive name (e.g., "Qovery GHCR Access") 5. Select required scopes: * `read:packages` * `read:org` * `repo` (if your packages are linked to private repositories) * `write:packages` (only if pushing images) 6. Click **Generate token** and copy immediately GitHub shows the token only once. Save it securely. Navigate to **Organization Settings** → **Container Registries** in Qovery Click **Add Registry** Choose **GitHub Container Registry** from the registry type dropdown Provide: * **Container Registry Prefix**: Your GitHub organization name or username (e.g., `mycompany` for images like `ghcr.io/mycompany/my-app`) * **Personal Access Token**: Your GitHub Personal Access Token (classic) with the required scopes Qovery will verify the credentials and save the configuration ## Organization Access For organization-owned packages: * Ensure your PAT has access to the organization * The token owner must be a member of the organization * If your organization enforces SAML SSO, you must authorize the token for SSO after creation: go to **GitHub Settings** → **Developer settings** → **Personal access tokens (classic)** → select your token → **Configure SSO** → **Authorize** for your organization * If your packages inherit visibility from private repositories, the `repo` scope is required on the token ## Integration with GitHub Actions GHCR integrates seamlessly with GitHub Actions for CI/CD workflows: ```yaml theme={null} - name: Push to GitHub Container Registry run: | echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin docker push ghcr.io/${{ github.repository }}/${{ env.IMAGE_NAME }}:${{ github.sha }} ``` ## Related Resources Manage all container registries Deploy applications from container images Alternative Git-based registry Public container registry option