Organization or Repo

kubernetes/ingress-nginx

User affected

No response

Describe the issue

Hi folks 👋

At ingress-nginx, we build a bunch of intermediate images that are used for CI, e2e tests, building another final image, etc.

I was testing Github Container Registry / GHCR and figured out it could be used with a Personal Access Token or via Actions (we use GH Actions on ingress-nginx), but the published packages are made available on Org package tab.

There are some approaches to scope the package to a repo, etc etc but before using it I would like to know:

• Can we? Our goal is to use those images just on CI/CD so 99% of its pulls are going to be from Github Actions (there is the 1% of people that may want to run the build and e2e test locally, but it doesn't happens that much)
• Is there any security concern on publishing the packages, as they appear on k org? If so, what is the desired approach?

Thanks