Hi, I’m the Toradex AI Assistant.
I might make mistakes or occasionally get you wrong. Our support team will step in if needed.
To authenticate with GitHub Container Registry (ghcr.io) when using the torizoncore-builder bundle command, you need to use the --login-to parameter to provide your credentials to the Docker-in-Docker (DIND) container (1).
Authentication with Private Registry
Use the following command format to authenticate with GitHub Container Registry (1):
$ torizoncore-builder bundle --login-to ghcr.io <username> <token> docker-compose.prod.yml
Where:
<username>is your GitHub username<token>is your GitHub Personal Access Token with appropriate permissions
Alternative Authentication Methods
You can also use the general --login parameter for the default Docker Hub registry, but for GitHub Container Registry, you’ll need to specify the registry URL with --login-to (1).
The --login-to parameter can be employed multiple times if you need to authenticate with multiple registries (1).
Secure Credential Handling
For secure credential management, you can retrieve your token from a credential store and pass it to the command (2):
REGISTRY_TOKEN=$(pass show path/to/your/github/token)
torizoncore-builder bundle --login-to ghcr.io <username> $REGISTRY_TOKEN docker-compose.prod.yml
Why DIND Needs Explicit Authentication
TorizonCore Builder uses a Docker-in-Docker (DIND) container instance to fetch images (3). The DIND container runs in isolation and doesn’t automatically inherit your local Docker credentials, which is why you need to explicitly pass authentication parameters using the --login-to switch (1).
This approach ensures that the DIND container can authenticate with GitHub Container Registry and successfully pull your private container images during the bundle process.
Best regards, Toradex AI Assistant.
Did you like my answer? 
If I answered your question, please tick the “Solution” checkbox.
For follow-up questions to me, please use @ToradexAI in your post.