mirror of
https://github.com/docker/login-action.git
synced 2026-07-01 21:51:41 +00:00
Compare commits
6 Commits
fb977e7c59
...
5ef05762b9
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
5ef05762b9 | ||
|
|
bdf14dc173 | ||
|
|
21ddfdf39a | ||
|
|
d5f9e03fca | ||
|
|
9b3389107c | ||
|
|
8852fa90d2 |
30
.github/workflows/ci.yml
vendored
30
.github/workflows/ci.yml
vendored
@ -19,7 +19,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Stop docker
|
||||
run: |
|
||||
@ -43,7 +43,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to GitHub Container Registry
|
||||
uses: ./
|
||||
@ -60,7 +60,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to GitHub Container Registry
|
||||
uses: ./
|
||||
@ -85,7 +85,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to ACR
|
||||
uses: ./
|
||||
@ -105,7 +105,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to Docker Hub
|
||||
uses: ./
|
||||
@ -124,7 +124,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to ECR
|
||||
uses: ./
|
||||
@ -144,10 +144,10 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
uses: aws-actions/configure-aws-credentials@v5
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
@ -169,7 +169,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to Public ECR
|
||||
continue-on-error: ${{ matrix.os == 'windows-latest' }}
|
||||
@ -192,10 +192,10 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
uses: aws-actions/configure-aws-credentials@v5
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
@ -218,7 +218,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to GitHub Container Registry
|
||||
uses: ./
|
||||
@ -238,7 +238,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to GitLab
|
||||
uses: ./
|
||||
@ -258,7 +258,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to Google Artifact Registry
|
||||
uses: ./
|
||||
@ -278,7 +278,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Login to Google Container Registry
|
||||
uses: ./
|
||||
|
||||
2
.github/workflows/codeql.yml
vendored
2
.github/workflows/codeql.yml
vendored
@ -31,7 +31,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v3
|
||||
|
||||
2
.github/workflows/publish.yml
vendored
2
.github/workflows/publish.yml
vendored
@ -15,7 +15,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Publish
|
||||
uses: actions/publish-immutable-action@v0.0.4
|
||||
|
||||
2
.github/workflows/test.yml
vendored
2
.github/workflows/test.yml
vendored
@ -17,7 +17,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: Test
|
||||
uses: docker/bake-action@v6
|
||||
|
||||
2
.github/workflows/validate.yml
vendored
2
.github/workflows/validate.yml
vendored
@ -19,7 +19,7 @@ jobs:
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
-
|
||||
name: List targets
|
||||
id: generate
|
||||
|
||||
33
README.md
33
README.md
@ -227,8 +227,9 @@ You can authenticate with workload identity federation or a service account.
|
||||
|
||||
#### Workload identity federation
|
||||
|
||||
Your service account must have permission to push to GAR. Use the
|
||||
`google-github-actions/auth` action to authenticate using workload identity as
|
||||
Configure [Direct Workload Identity Federation](https://github.com/google-github-actions/auth/blob/v2.1.10/README.md#preferred-direct-workload-identity-federation) for GitHub Actions in Google Cloud and avoid long-lived GCP credentials.
|
||||
Make sure to grant the [principal identity](https://cloud.google.com/iam/docs/workload-identity-federation#principal-types) enough permissions to the GAR repository (E.g.: `roles/artifactregistry.writer`).
|
||||
Use the `google-github-actions/auth@v2` action to authenticate using workload identity as
|
||||
shown in the following example:
|
||||
|
||||
```yaml
|
||||
@ -238,6 +239,11 @@ on:
|
||||
push:
|
||||
branches: main
|
||||
|
||||
env:
|
||||
GCP_PROJECT: ${{ secrets.GCP_PROJECT }}
|
||||
WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
|
||||
REGISTRY_URL: ${{ secrets.REGISTRY_URL }}
|
||||
|
||||
jobs:
|
||||
login:
|
||||
runs-on: ubuntu-latest
|
||||
@ -245,28 +251,23 @@ jobs:
|
||||
-
|
||||
name: Authenticate to Google Cloud
|
||||
id: auth
|
||||
uses: google-github-actions/auth@v1
|
||||
uses: google-github-actions/auth@v2
|
||||
with:
|
||||
token_format: access_token
|
||||
workload_identity_provider: <workload_identity_provider>
|
||||
service_account: <service_account>
|
||||
project_id: ${{ env.GCP_PROJECT }}
|
||||
workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
|
||||
|
||||
-
|
||||
name: Login to GAR
|
||||
name: Login to Google Artifact Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: <location>-docker.pkg.dev
|
||||
registry: ${{ env.REGISTRY_URL}}
|
||||
username: oauth2accesstoken
|
||||
password: ${{ steps.auth.outputs.access_token }}
|
||||
password: ${{ steps.auth.outputs.auth_token }}
|
||||
```
|
||||
|
||||
> Replace `<workload_identity_provider>` with configured workload identity
|
||||
> provider
|
||||
> Set `WORKLOAD_IDENTITY_PROVIDER` to the configured workload identity provider. For steps to configure, [see here](https://github.com/google-github-actions/auth/blob/v2.1.10/README.md#inputs).
|
||||
|
||||
> Replace `<service_account>` with configured service account in workload
|
||||
> identity provider which has access to push to GCR
|
||||
|
||||
> Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
|
||||
> of the repository where the image is stored.
|
||||
> Set `REGISTRY_URL` to the regional or multi-regional [repository URL](https://cloud.google.com/artifact-registry/docs/repo-organize#locations).
|
||||
|
||||
#### Service account based authentication
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user