api7 · AlinsRan · May 7, 2026 · May 7, 2026 · May 7, 2026 · May 7, 2026
diff --git a/.github/workflows/conformance-test.yml b/.github/workflows/conformance-test.yml
@@ -35,6 +35,9 @@ jobs:
       CONFORMANCE_TEST_REPORT_OUTPUT: /tmp/api7-ingress-controller-conformance-report.yaml
     timeout-minutes: 60
     runs-on: ubuntu-latest
+    permissions:
+      packages: read
-    permissions:
-      packages: read
+    permissions:
+      contents: read
+      packages: read
+      pull-requests: write
-    permissions:
-      packages: read
+    permissions:
+      contents: read
+      packages: read
+      pull-requests: write
+      pull-requests: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -56,19 +59,12 @@ jobs:
           chmod 700 get_helm.sh
           ./get_helm.sh
 
-      - name: Login to Registry
+      - name: Login to GHCR
         uses: docker/login-action@v3
         with:
-          registry: ${{ secrets.DOCKER_REGISTRY }}
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Login to Private Registry
-        uses: docker/login-action@v3
-        with:
-          registry: hkccr.ccs.tencentyun.com
-          username: ${{ secrets.PRIVATE_DOCKER_USERNAME }}
-          password: ${{ secrets.PRIVATE_DOCKER_PASSWORD }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build images
         env:

diff --git a/.github/workflows/e2e-test-k8s.yml b/.github/workflows/e2e-test-k8s.yml
@@ -38,6 +38,9 @@ jobs:
         cases_subset:
         - v2
     runs-on: self-hosted
+    permissions:
+      contents: read
+      packages: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -58,12 +61,12 @@ jobs:
           chmod 700 get_helm.sh
           ./get_helm.sh
 
-      - name: Login to Private Registry
+      - name: Login to GHCR
         uses: docker/login-action@v3
         with:
-          registry: hkccr.ccs.tencentyun.com
-          username: ${{ secrets.PRIVATE_DOCKER_USERNAME }}
-          password: ${{ secrets.PRIVATE_DOCKER_PASSWORD }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Launch Kind Cluster
         env:

diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml
@@ -41,6 +41,9 @@ jobs:
         - webhook
       fail-fast: false
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -65,19 +68,12 @@ jobs:
       - name: Install ginkgo
         run: make install-ginkgo
 
-      - name: Login to Registry
+      - name: Login to GHCR
         uses: docker/login-action@v3
         with:
-          registry: ${{ secrets.DOCKER_REGISTRY }}
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Login to Private Registry
-        uses: docker/login-action@v3
-        with:
-          registry: hkccr.ccs.tencentyun.com
-          username: ${{ secrets.PRIVATE_DOCKER_USERNAME }}
-          password: ${{ secrets.PRIVATE_DOCKER_PASSWORD }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build images
         env:

diff --git a/Makefile b/Makefile
@@ -202,22 +202,22 @@ kind-down:
 
 .PHONY: kind-load-images
 kind-load-images: pull-infra-images kind-load-ingress-image kind-load-adc-image
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev --name $(KIND_NAME)
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
+	@kind load docker-image ghcr.io/api7/api7-ee-3-gateway:dev --name $(KIND_NAME)
+	@kind load docker-image ghcr.io/api7/api7-ee-dp-manager:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
+	@kind load docker-image ghcr.io/api7/api7-ee-3-integrated:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
 	@kind load docker-image kennethreitz/httpbin:latest --name $(KIND_NAME)
 	@kind load docker-image jmalloc/echo-server:latest --name $(KIND_NAME)
 	@kind load docker-image apache/apisix:dev --name $(KIND_NAME)
 	@kind load docker-image openresty/openresty:1.27.1.2-4-bullseye-fat --name $(KIND_NAME)
 
 .PHONY: kind-load-gateway-image
 kind-load-gateway-image:
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev --name $(KIND_NAME)
+	@kind load docker-image ghcr.io/api7/api7-ee-3-gateway:dev --name $(KIND_NAME)
 
 .PHONY: kind-load-dashboard-images
 kind-load-dashboard-images:
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
-	@kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
+	@kind load docker-image ghcr.io/api7/api7-ee-dp-manager:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
+	@kind load docker-image ghcr.io/api7/api7-ee-3-integrated:$(DASHBOARD_VERSION)  --name $(KIND_NAME)
 
 .PHONY: kind-load-ingress-image
 kind-load-ingress-image:
@@ -231,9 +231,9 @@ kind-load-adc-image:
 
 .PHONY: pull-infra-images
 pull-infra-images:
-	@docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev
-	@docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION)
-	@docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated:$(DASHBOARD_VERSION)
+	@docker pull ghcr.io/api7/api7-ee-3-gateway:dev
+	@docker pull ghcr.io/api7/api7-ee-dp-manager:$(DASHBOARD_VERSION)
+	@docker pull ghcr.io/api7/api7-ee-3-integrated:$(DASHBOARD_VERSION)
 	@docker pull kennethreitz/httpbin:latest
 	@docker pull jmalloc/echo-server:latest
 	@docker pull ghcr.io/api7/adc:dev

diff --git a/test/e2e/framework/api7_dashboard.go b/test/e2e/framework/api7_dashboard.go
@@ -45,7 +45,7 @@ func init() {
 	tmpl, err := template.New("values.yaml").Parse(`
 dashboard:
   image:
-    repository: hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated
+    repository: ghcr.io/api7/api7-ee-3-integrated
     pullPolicy: IfNotPresent
     tag: {{ .Tag }}
   extraEnvVars:
@@ -61,7 +61,7 @@ dashboard:
       mountPath: /app/covdatafiles
 dp_manager:
   image:
-    repository: hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager
+    repository: ghcr.io/api7/api7-ee-dp-manager
     pullPolicy: IfNotPresent
     tag: {{ .Tag }}
   extraEnvVars:

diff --git a/test/e2e/framework/manifests/dp.yaml b/test/e2e/framework/manifests/dp.yaml
@@ -181,7 +181,7 @@ spec:
     spec:
       #serviceAccountName: ginkgo
       containers:
-      - image: hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev
+      - image: ghcr.io/api7/api7-ee-3-gateway:dev
         imagePullPolicy: IfNotPresent
         env:
     {{- if not .TLSEnabled }}