GitHub Community
Unexpected Behavior in GitHub Container Registry (GHCR) - Duplicate Registry URL Handling #150662
Unanswered
marccortinas
asked this question in
Repositories
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Question
Body
Description
We have observed an unexpected behavior in GitHub Container Registry (GHCR) where it allows pulling container images even when the registry URL is malformed by duplicating ghcr.io. Normally, an incorrect URL should return an error, but GHCR still resolves the image successfully.
Steps to Reproduce
podman pull ghcr.io/external-secrets/external-secrets:v0.10.2Expected Result: The image is downloaded successfully. ✅
podman pull ghcr.io/ghcr.io/external-secrets/external-secrets:v0.10.2Expected Result: An error indicating an incorrect repository URL. ❌
Actual Result: The image is still downloaded successfully. ✅
Additional Tests
Tested with docker pull instead of podman → Same behavior observed.
Tested with another public image (library/alpine) → Same behavior observed.
Potential Issues
Could cause confusion in CI/CD workflows or automation scripts that expect strict validation of registry URLs.
Might indicate that GHCR normalizes URLs in a more flexible way than intended.
Expected Behavior
GHCR should strictly validate the registry URL and return an error when an incorrect format is used.
Suggested Action
Investigate whether this behavior is intentional or a bug.
Improve registry URL validation to prevent misconfigurations and unexpected behavior.
Environment Details
GHCR Service
Tested with podman and docker
Date of issue: 04/02/2025
Would appreciate any insights from the GitHub team on whether this is a known behavior or something that should be addressed.
Beta Was this translation helpful? Give feedback.
All reactions