Compare commits

..

6 Commits

Author SHA1 Message Date
CrazyMax
3d793fe111
chore: update generated content
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-09-12 18:17:17 +02:00
CrazyMax
9fc23e88e3
raw authentication to registries
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-09-12 18:16:00 +02:00
CrazyMax
bdf14dc173
Merge pull request #884 from docker/dependabot/github_actions/actions/checkout-5
build(deps): bump actions/checkout from 4 to 5
2025-09-08 16:20:39 +02:00
CrazyMax
21ddfdf39a
Merge pull request #886 from docker/dependabot/github_actions/aws-actions/configure-aws-credentials-5
build(deps): bump aws-actions/configure-aws-credentials from 4 to 5
2025-09-08 16:20:21 +02:00
dependabot[bot]
d5f9e03fca
build(deps): bump aws-actions/configure-aws-credentials from 4 to 5
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4 to 5.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v4...v5)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-09-04 11:17:32 +00:00
dependabot[bot]
9b3389107c
build(deps): bump actions/checkout from 4 to 5
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-08-12 14:16:25 +00:00
11 changed files with 144 additions and 112 deletions

View File

@ -19,7 +19,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Stop docker name: Stop docker
run: | run: |
@ -43,7 +43,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@ -60,7 +60,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@ -85,7 +85,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to ACR name: Login to ACR
uses: ./ uses: ./
@ -105,7 +105,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to Docker Hub name: Login to Docker Hub
uses: ./ uses: ./
@ -124,7 +124,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to ECR name: Login to ECR
uses: ./ uses: ./
@ -144,10 +144,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Configure AWS Credentials name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4 uses: aws-actions/configure-aws-credentials@v5
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -169,7 +169,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to Public ECR name: Login to Public ECR
continue-on-error: ${{ matrix.os == 'windows-latest' }} continue-on-error: ${{ matrix.os == 'windows-latest' }}
@ -192,10 +192,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Configure AWS Credentials name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4 uses: aws-actions/configure-aws-credentials@v5
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -218,7 +218,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@ -238,7 +238,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to GitLab name: Login to GitLab
uses: ./ uses: ./
@ -258,7 +258,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to Google Artifact Registry name: Login to Google Artifact Registry
uses: ./ uses: ./
@ -278,7 +278,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to Google Container Registry name: Login to Google Container Registry
uses: ./ uses: ./
@ -287,69 +287,72 @@ jobs:
username: _json_key username: _json_key
password: ${{ secrets.GCR_JSON_KEY }} password: ${{ secrets.GCR_JSON_KEY }}
multi: registry-auth:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Login to registries name: Login to registries
uses: ./ uses: ./
with:
registry-auth: |
- username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- registry: registry.gitlab.com
username: ${{ secrets.GITLAB_USERNAME }}
password: ${{ secrets.GITLAB_TOKEN }}
registry-auth-dup:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: Login to registries
uses: ./
with:
registry-auth: |
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry-auth-exclusive:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: Login to registries
id: login
continue-on-error: true
uses: ./
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
logins: | registry-auth: |
- username: ${{ secrets.DOCKERHUB_USERNAME }} - username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- registry: registry.gitlab.com
username: ${{ secrets.GITLAB_USERNAME }}
password: ${{ secrets.GITLAB_TOKEN }}
multi-logins-only:
runs-on: ubuntu-latest
steps:
- -
name: Checkout name: Check
uses: actions/checkout@v4 run: |
- if [ "${{ steps.login.outcome }}" != "failure" ] || [ "${{ steps.login.conclusion }}" != "success" ]; then
name: Login to registries echo "::error::Should have failed"
uses: ./ exit 1
with: fi
logins: |
- username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- registry: registry.gitlab.com
username: ${{ secrets.GITLAB_USERNAME }}
password: ${{ secrets.GITLAB_TOKEN }}
multi-dup:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Login to registries
uses: ./
with:
logins: |
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

View File

@ -31,7 +31,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Initialize CodeQL name: Initialize CodeQL
uses: github/codeql-action/init@v3 uses: github/codeql-action/init@v3

View File

@ -15,7 +15,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Publish name: Publish
uses: actions/publish-immutable-action@v0.0.4 uses: actions/publish-immutable-action@v0.0.4

View File

@ -17,7 +17,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: Test name: Test
uses: docker/bake-action@v6 uses: docker/bake-action@v6

View File

@ -19,7 +19,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
- -
name: List targets name: List targets
id: generate id: generate

View File

@ -497,9 +497,42 @@ jobs:
### Authenticate to multiple registries ### Authenticate to multiple registries
You can authenticate to multiple registries by using the `logins` input. Define To authenticate against multiple registries, you can specify the login-action
the registries as YAML objects. Each object can contain `registry`, `username`, step multiple times in your workflow:
`password` and `ecr` keys similar to current inputs:
```yaml
name: ci
on:
push:
branches: main
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
```
You can also use the `registry-auth` input for raw authentication to
registries, defined as YAML objects. Each object can contain `registry`,
`username`, `password` and `ecr` keys similar to current inputs:
> [!WARNING]
> We don't recommend using this method, it's better to use the action multiple
> times as shown above.
```yaml ```yaml
name: ci name: ci
@ -516,7 +549,7 @@ jobs:
name: Login to registries name: Login to registries
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
logins: | registry-auth: |
- username: ${{ vars.DOCKERHUB_USERNAME }} - username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- registry: ghcr.io - registry: ghcr.io
@ -530,14 +563,18 @@ jobs:
The following inputs can be used as `step.with` keys: The following inputs can be used as `step.with` keys:
| Name | Type | Default | Description | | Name | Type | Default | Description |
|------------|--------|---------|-------------------------------------------------------------------------------| |-----------------|--------|-------------|-------------------------------------------------------------------------------|
| `registry` | String | | Server address of Docker registry. If not set then will default to Docker Hub | | `registry` | String | `docker.io` | Server address of Docker registry. If not set then will default to Docker Hub |
| `username` | String | | Username for authenticating to the Docker registry | | `username` | String | | Username for authenticating to the Docker registry |
| `password` | String | | Password or personal access token for authenticating the Docker registry | | `password` | String | | Password or personal access token for authenticating the Docker registry |
| `ecr` | String | `auto` | Specifies whether the given registry is ECR (`auto`, `true` or `false`) | | `ecr` | String | `auto` | Specifies whether the given registry is ECR (`auto`, `true` or `false`) |
| `logout` | Bool | `true` | Log out from the Docker registry at the end of a job | | `logout` | Bool | `true` | Log out from the Docker registry at the end of a job |
| `logins` | YAML | | Add multiple registries to authenticate to, defined as YAML objects | | `registry-auth` | YAML | | Raw authentication to registries, defined as YAML objects |
> [!NOTE]
> The `registry-auth` input is mutually exclusive with `registry`, `username`,
> `password` and `ecr` inputs.
## Contributing ## Contributing

View File

@ -18,14 +18,13 @@ inputs:
required: false required: false
ecr: ecr:
description: 'Specifies whether the given registry is ECR (auto, true or false)' description: 'Specifies whether the given registry is ECR (auto, true or false)'
default: 'auto'
required: false required: false
logout: logout:
description: 'Log out from the Docker registry at the end of a job' description: 'Log out from the Docker registry at the end of a job'
default: 'true' default: 'true'
required: false required: false
logins: registry-auth:
description: 'Add multiple registries to authenticate to, defined as YAML objects' description: 'Raw authentication to registries, defined as YAML objects'
required: false required: false
runs: runs:

2
dist/index.js generated vendored

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

View File

@ -6,7 +6,7 @@ export interface Inputs {
password: string; password: string;
ecr: string; ecr: string;
logout: boolean; logout: boolean;
logins: string; registryAuth: string;
} }
export function getInputs(): Inputs { export function getInputs(): Inputs {
@ -16,6 +16,6 @@ export function getInputs(): Inputs {
password: core.getInput('password'), password: core.getInput('password'),
ecr: core.getInput('ecr'), ecr: core.getInput('ecr'),
logout: core.getBooleanInput('logout'), logout: core.getBooleanInput('logout'),
logins: core.getInput('logins') registryAuth: core.getInput('registry-auth')
}; };
} }

View File

@ -17,19 +17,19 @@ export async function main(): Promise<void> {
const inputs: context.Inputs = context.getInputs(); const inputs: context.Inputs = context.getInputs();
stateHelper.setLogout(inputs.logout); stateHelper.setLogout(inputs.logout);
const auths: Array<Auth> = []; if (inputs.registryAuth && (inputs.registry || inputs.username || inputs.password || inputs.ecr)) {
if (inputs.registry || inputs.username) { throw new Error('Cannot use registry-auth with other inputs');
auths.push({
registry: inputs.registry,
username: inputs.username,
password: inputs.password,
ecr: inputs.ecr
});
} }
const logins = yaml.load(inputs.logins) as Auth[]; if (!inputs.registryAuth) {
if (Array.isArray(logins)) { stateHelper.setRegistries([inputs.registry || 'docker.io']);
auths.push(...logins); await docker.login(inputs.registry || 'docker.io', inputs.username, inputs.password, inputs.ecr || 'auto');
return;
}
const auths = yaml.load(inputs.registryAuth) as Auth[];
if (auths.length == 0) {
throw new Error('No registry to login');
} }
const registries: string[] = []; const registries: string[] = [];
@ -42,17 +42,10 @@ export async function main(): Promise<void> {
} }
stateHelper.setRegistries(registries.filter((value, index, self) => self.indexOf(value) === index)); stateHelper.setRegistries(registries.filter((value, index, self) => self.indexOf(value) === index));
if (auths.length == 0) { for (const auth of auths) {
throw new Error('No registry to login'); await core.group(`Login to ${auth.registry || 'docker.io'}`, async () => {
} await docker.login(auth.registry || 'docker.io', auth.username, auth.password, auth.ecr || 'auto');
if (auths.length === 1) { });
await docker.login(auths[0].registry || 'docker.io', auths[0].username, auths[0].password, auths[0].ecr || 'auto');
} else {
for (const auth of auths) {
await core.group(`Login to ${auth.registry || 'docker.io'}`, async () => {
await docker.login(auth.registry || 'docker.io', auth.username, auth.password, auth.ecr || 'auto');
});
}
} }
} }