Access github package from github actions services section

Question

With GitHub Actions I'm trying to set up a service that runs a specific image (MySQL preloaded with a database) that I have pushed to ghcr.io however when it runs I get this error:

Error response from daemon: denied
Warning: Docker pull failed with exit code 1, back off 8.976 seconds before retry.

Workflow:

services:
  mysql:
    image: ghcr.io/my-name/my-image
    ports:
      - 3306:3306

I see it does the following:

/usr/bin/docker --config /home/runner/work/_temp/.docker_[...] login ghcr.io -u myusername --password-stdin

There is no feedback so not sure if it is logged in or not. And, then:

/usr/bin/docker --config /home/runner/work/_temp/.docker[...] pull ghcr.io/my-name/my-image

And then I get that error.

I have found many examples (see below) to use GITHUB_TOKEN but not how to use it within the services section so I am not sure if this works or what the syntax would be. So is it even possible to use with services or not? Also have given the repository in which the GitHub action is defined access to the specific package.

steps:
  - name: Checkout repository
    uses: actions/checkout@v3

  - name: Log in to the Container registry
    uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
    with:
      registry: ${{ env.REGISTRY }}
      username: ${{ github.actor }}
      password: ${{ secrets.GITHUB_TOKEN }}

Answer 1

So I finally found the issue, in my workflow (started from default template) I had:

permissions:
  contents: read

Then I saw this:

Setting permissions in the workflow

A new permissions key supported at the workflow and job level enables you to specify which permissions you want for the token. Any permission that is absent from the list will be set to none.

This caused packages to be set to none. Removing the whole permissions or adding:

packages: read

fixes this issue I had, thanks for the help.