actions/login-action
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: actions:master
Branches Tags
actions:master
actions:dependabot/npm_and_yarn/aws-sdk-dependencies-266769c46e
actions:dependabot/npm_and_yarn/docker/actions-toolkit-0.18.0
actions:dependabot/npm_and_yarn/proxy-agent-dependencies-33417434f1
actions:releases/v2
actions:releases/v1
actions:v3.0.0
actions:v3
actions:v2.2.0
actions:v2
actions:v2.1.0
actions:v2.0.0
actions:v1.14.1
actions:v1
actions:v1.14.0
actions:v1.13.0
actions:v1.12.0
actions:v1.11.0
actions:v1.10.0
actions:v1.9.0
actions:v1.8.0
actions:v1.7.0
actions:v1.6.0
actions:v1.5.0
actions:v1.4.1
actions:v1.4.0
actions:v1.3.0
actions:v1.2.0
actions:v1.1.1
actions:v1.1.0
actions:v1.0.1
actions:v1.0.0
..
compare: actions:releases/v1
Branches Tags
actions:dependabot/npm_and_yarn/aws-sdk-dependencies-266769c46e
actions:dependabot/npm_and_yarn/docker/actions-toolkit-0.18.0
actions:dependabot/npm_and_yarn/proxy-agent-dependencies-33417434f1
actions:master
actions:releases/v2
actions:releases/v1
actions:v3.0.0
actions:v3
actions:v2.2.0
actions:v2
actions:v2.1.0
actions:v2.0.0
actions:v1.14.1
actions:v1
actions:v1.14.0
actions:v1.13.0
actions:v1.12.0
actions:v1.11.0
actions:v1.10.0
actions:v1.9.0
actions:v1.8.0
actions:v1.7.0
actions:v1.6.0
actions:v1.5.0
actions:v1.4.1
actions:v1.4.0
actions:v1.3.0
actions:v1.2.0
actions:v1.1.1
actions:v1.1.0
actions:v1.0.1
actions:v1.0.0

No commits in common. "master" and "releases/v1" have entirely different histories.
master ... releases/v

37 changed files with 34537 additions and 16145 deletions
Show Stats Expand all files Collapse all files

3
.eslintignore
View File

@ -1,3 +0,0 @@
/dist/**
/coverage/**
/node_modules/**

24
.eslintrc.json
View File

@ -1,24 +0,0 @@
{
"env": {
"node": true,
"es6": true,
"jest": true
},
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/eslint-recommended",
"plugin:@typescript-eslint/recommended",
"plugin:jest/recommended",
"plugin:prettier/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": "latest",
"sourceType": "module"
},
"plugins": [
"@typescript-eslint",
"jest",
"prettier"
]
}

1
.github/CODEOWNERS vendored Normal file
View File

@ -0,0 +1 @@
* @crazy-max

3
.github/CODE_OF_CONDUCT.md vendored
View File

@ -1,3 +0,0 @@
# Code of conduct
- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)

101
.github/ISSUE_TEMPLATE/bug.yml vendored
View File

@ -1,101 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
name: Bug Report
description: Report a bug
labels:
- status/triage
body:
- type: markdown
attributes:
value: |
Thank you for taking the time to report a bug!
If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
- type: checkboxes
attributes:
label: Contributing guidelines
description: >
Make sure you've read the contributing guidelines before proceeding.
options:
- label: I've read the [contributing guidelines](https://github.com/docker/login-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
required: true
- type: checkboxes
attributes:
label: "I've found a bug, and:"
description: |
Make sure that your request fulfills all of the following requirements.
If one requirement cannot be satisfied, explain in detail why.
options:
- label: The documentation does not mention anything about my problem
- label: There are no open or closed issues that are related to my problem
- type: textarea
attributes:
label: Description
description: >
Provide a brief description of the bug in 1-2 sentences.
validations:
required: true
- type: textarea
attributes:
label: Expected behaviour
description: >
Describe precisely what you'd expect to happen.
validations:
required: true
- type: textarea
attributes:
label: Actual behaviour
description: >
Describe precisely what is actually happening.
validations:
required: true
- type: input
attributes:
label: Repository URL
description: >
Enter the URL of the repository where you are experiencing the
issue. If your repository is private, provide a link to a minimal
repository that reproduces the issue.
- type: input
attributes:
label: Workflow run URL
description: >
Enter the URL of the GitHub Action workflow run if public (e.g.
`https://github.com/<user>/<repo>/actions/runs/<id>`)
- type: textarea
attributes:
label: YAML workflow
description: |
Provide the YAML of the workflow that's causing the issue.
Make sure to remove any sensitive information.
render: yaml
validations:
required: true
- type: textarea
attributes:
label: Workflow logs
description: >
[Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
and make sure to remove any sensitive information.
- type: textarea
attributes:
label: BuildKit logs
description: >
If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
render: text
- type: textarea
attributes:
label: Additional info
description: |
Provide any additional information that could be useful.

34
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@ -0,0 +1,34 @@
---
name: Bug report
about: Create a report to help us improve
---
### Behaviour
#### Steps to reproduce this issue
1.
2.
3.
#### Expected behaviour
> Tell us what should happen
#### Actual behaviour
> Tell us what happens instead
### Configuration
* Repository URL (if public):
* Build URL (if public):
```yml
# paste your YAML workflow file here and remove sensitive data
```
### Logs
> Download the [log file of your build](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
> and [attach it](https://docs.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.

9
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -1,9 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
blank_issues_enabled: true
contact_links:
- name: Questions and Discussions
url: https://github.com/docker/login-action/discussions/new
about: Use Github Discussions to ask questions and/or open discussion topics.
- name: Documentation
url: https://docs.docker.com/build/ci/github-actions/
about: Read the documentation.

15
.github/ISSUE_TEMPLATE/feature.yml vendored
View File

@ -1,15 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
name: Feature request
description: Missing functionality? Come tell us about it!
labels:
- kind/enhancement
- status/triage
body:
- type: textarea
id: description
attributes:
label: Description
description: What is the feature you want to see?
validations:
required: true

12
.github/SECURITY.md vendored
View File

@ -1,12 +0,0 @@
# Reporting security issues
The project maintainers take security seriously. If you discover a security
issue, please bring it to their attention right away!
**Please _DO NOT_ file a public issue**, instead send your report privately to
[security@docker.com](mailto:security@docker.com).
Security reports are greatly appreciated, and we will publicly thank you for it.
We also like to send gifts&mdash;if you'd like Docker swag, make sure to let
us know. We currently do not offer a paid security bounty program, but are not
ruling it out in the future.

29
.github/SUPPORT.md vendored Normal file
View File

@ -0,0 +1,29 @@
# Support [![](https://isitmaintained.com/badge/resolution/docker/login-action.svg)](https://isitmaintained.com/project/docker/login-action)
## Reporting an issue
Please do a search in [open issues](https://github.com/docker/login-action/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed.
If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment.
:+1: - upvote
:-1: - downvote
If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
## Writing good bug reports and feature requests
File a single issue per problem and feature request.
* Do not enumerate multiple bugs or feature requests in the same issue.
* Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
You are now ready to [create a new issue](https://github.com/docker/login-action/issues/new/choose)!
## Closure policy
* Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
* Issues that go a week without a response from original poster are subject to closure at our discretion.

8
.github/dependabot.yml vendored
View File

@ -11,14 +11,6 @@ updates:
directory: "/"
schedule:
interval: "daily"
versioning-strategy: "increase"
groups:
aws-sdk-dependencies:
patterns:
- "*aws-sdk*"
proxy-agent-dependencies:
patterns:
- "*-proxy-agent"
allow:
- dependency-type: "production"
labels:

38
.github/workflows/ci.yml vendored
View File

@ -1,9 +1,5 @@
name: ci
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
schedule:
@ -19,7 +15,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Stop docker
run: |
@ -43,7 +39,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to GitHub Container Registry
uses: ./
@ -60,7 +56,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to GitHub Container Registry
uses: ./
@ -85,7 +81,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to ACR
uses: ./
@ -105,7 +101,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to Docker Hub
uses: ./
@ -124,7 +120,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to ECR
uses: ./
@ -144,10 +140,10 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -169,10 +165,9 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to Public ECR
continue-on-error: ${{ matrix.os == 'windows-latest' }}
uses: ./
with:
registry: public.ecr.aws
@ -192,17 +187,16 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
-
name: Login to Public ECR
continue-on-error: ${{ matrix.os == 'windows-latest' }}
name: Login to ECR
uses: ./
with:
registry: public.ecr.aws
@ -218,7 +212,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to GitHub Container Registry
uses: ./
@ -238,7 +232,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to GitLab
uses: ./
@ -258,7 +252,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to Google Artifact Registry
uses: ./
@ -278,7 +272,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Login to Google Container Registry
uses: ./

50
.github/workflows/codeql.yml vendored
View File

@ -1,50 +0,0 @@
name: codeql
on:
push:
branches:
- 'master'
- 'releases/v*'
paths:
- '.github/workflows/codeql.yml'
- 'dist/**'
- 'src/**'
pull_request:
paths:
- '.github/workflows/codeql.yml'
- 'dist/**'
- 'src/**'
permissions:
actions: read
contents: read
security-events: write
jobs:
analyze:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language:
- javascript-typescript
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
config: |
paths:
- src
-
name: Autobuild
uses: github/codeql-action/autobuild@v3
-
name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

19
.github/workflows/test.yml vendored
View File

@ -1,15 +1,14 @@
name: test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- 'master'
- 'releases/v*'
pull_request:
branches:
- 'master'
- 'releases/v*'
jobs:
test:
@ -17,15 +16,19 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Validate
uses: docker/bake-action@v1
with:
targets: validate
-
name: Test
uses: docker/bake-action@v4
uses: docker/bake-action@v1
with:
targets: test
-
name: Upload coverage
uses: codecov/codecov-action@v4
uses: codecov/codecov-action@v2
with:
file: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }}

45
.github/workflows/validate.yml vendored
View File

@ -1,45 +0,0 @@
name: validate
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- 'master'
- 'releases/v*'
pull_request:
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.targets.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Targets matrix
id: targets
run: |
echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
validate:
runs-on: ubuntu-latest
needs:
- prepare
strategy:
fail-fast: false
matrix:
target: ${{ fromJson(needs.prepare.outputs.targets) }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Validate
uses: docker/bake-action@v4
with:
targets: ${{ matrix.target }}

5
.gitignore vendored
View File

@ -1,6 +1,11 @@
/.dev
node_modules/
lib
# Jetbrains
/.idea
/*.iml
# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs
logs

177
README.md
View File

@ -1,7 +1,7 @@
[![GitHub release](https://img.shields.io/github/release/docker/login-action.svg?style=flat-square)](https://github.com/docker/login-action/releases/latest)
[![GitHub marketplace](https://img.shields.io/badge/marketplace-docker--login-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/docker-login)
[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/login-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/login-action/actions?workflow=ci)
[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/login-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/login-action/actions?workflow=test)
[![CI workflow](https://img.shields.io/github/workflow/status/docker/login-action/ci?label=ci&logo=github&style=flat-square)](https://github.com/docker/login-action/actions?workflow=ci)
[![Test workflow](https://img.shields.io/github/workflow/status/docker/login-action/test?label=test&logo=github&style=flat-square)](https://github.com/docker/login-action/actions?workflow=test)
[![Codecov](https://img.shields.io/codecov/c/github/docker/login-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/login-action)
## About
@ -31,9 +31,8 @@ ___
### Docker Hub
When authenticating to [Docker Hub](https://hub.docker.com) with GitHub Actions,
use a [personal access token](https://docs.docker.com/docker-hub/access-tokens/).
Don't use your account password.
To authenticate against [Docker Hub](https://hub.docker.com) it's strongly recommended to create a
[personal access token](https://docs.docker.com/docker-hub/access-tokens/) as an alternative to your password.
```yaml
name: ci
@ -48,7 +47,7 @@ jobs:
steps:
-
name: Login to Docker Hub
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
@ -56,9 +55,9 @@ jobs:
### GitHub Container Registry
To authenticate to the [GitHub Container Registry](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry),
use the [`GITHUB_TOKEN`](https://docs.github.com/en/actions/reference/authentication-in-a-workflow)
secret.
To authenticate against the [GitHub Container Registry](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry),
use the [`GITHUB_TOKEN`](https://docs.github.com/en/actions/reference/authentication-in-a-workflow) for the best
security and experience.
```yaml
name: ci
@ -73,7 +72,7 @@ jobs:
steps:
-
name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -101,23 +100,18 @@ jobs:
steps:
-
name: Login to GitLab
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: registry.gitlab.com
username: ${{ secrets.GITLAB_USERNAME }}
password: ${{ secrets.GITLAB_PASSWORD }}
```
If you have [Two-Factor Authentication](https://gitlab.com/help/user/profile/account/two_factor_authentication)
enabled, use a [Personal Access Token](https://gitlab.com/help/user/profile/personal_access_tokens)
instead of a password.
### Azure Container Registry (ACR)
[Create a service principal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal#create-a-service-principal)
with access to your container registry through the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
and take note of the generated service principal's ID (also called _client ID_)
and password (also called _client secret_).
and take note of the generated service principal's ID (also called _client ID_) and password (also called _client secret_).
```yaml
name: ci
@ -132,7 +126,7 @@ jobs:
steps:
-
name: Login to ACR
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: <registry-name>.azurecr.io
username: ${{ secrets.AZURE_CLIENT_ID }}
@ -143,21 +137,16 @@ jobs:
### Google Container Registry (GCR)
> [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of
> Google Container Registry. As a fully-managed service with support for both
> container images and non-container artifacts. If you currently use Google
> Container Registry, use the information [on this page](https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr)
> [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of Google Container Registry. As a
> fully-managed service with support for both container images and non-container artifacts. If you currently use
> Google Container Registry, use the information [on this page](https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr)
> to learn about transitioning to Google Artifact Registry.
You can authenticate with workload identity federation or a service account.
You can use either workload identity federation based keyless authentication or service account based authentication.
#### Workload identity federation
#### Workload identity federation based authentication
Configure the workload identity federation for GitHub Actions in Google Cloud,
[see here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation).
Your service account must have permission to push to GCR. Use the
`google-github-actions/auth` action to authenticate using workload identity as
shown in the following example:
Configure the workload identity federation for github actions in gcloud (for steps, [refer here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation)). In the steps, your service account should the ability to push to GCR. Then use google-github-actions/auth action for authentication using workload identity like below:
```yaml
name: ci
@ -170,35 +159,32 @@ jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v1
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v0'
with:
token_format: access_token
workload_identity_provider: <workload_identity_provider>
service_account: <service_account>
-
name: Login to GCR
uses: docker/login-action@v3
token_format: 'access_token'
workload_identity_provider: '<workload_identity_provider>'
service_account: '<service_account>'
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: gcr.io
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
```
> Replace `<workload_identity_provider>` with configured workload identity
> provider. For steps to configure, [see here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation).
> Replace `<workload_identity_provider>` with configured workload identity provider. For steps to configure, [refer here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation).
> Replace `<service_account>` with configured service account in workload
> identity provider which has access to push to GCR
> Replace `<service_account>` with configured service account in workload identity provider which has access to push to GCR
#### Service account based authentication
Use a service account with permission to push to GCR and [configure access control](https://cloud.google.com/container-registry/docs/access-control).
Download the key for the service account as a JSON file. Save the contents of
the file [as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
named `GCR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`,
Use a service account with the ability to push to GCR and [configure access control](https://cloud.google.com/container-registry/docs/access-control).
Then create and download the JSON key for this service account and save content of `.json` file
[as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
called `GCR_JSON_KEY` in your GitHub repo. Ensure you set the username to `_json_key`,
or `_json_key_base64` if you use a base64-encoded key.
```yaml
@ -214,7 +200,7 @@ jobs:
steps:
-
name: Login to GCR
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: gcr.io
username: _json_key
@ -223,14 +209,11 @@ jobs:
### Google Artifact Registry (GAR)
You can authenticate with workload identity federation or a service account.
You can use either workload identity federation based keyless authentication or service account based authentication.
#### Workload identity federation
#### Workload identity federation based authentication
Download the key for the service account as a JSON file. Save the contents of
the file [as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
named `GCR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`,
or `_json_key_base64` if you use a base64-encoded key.
Configure the workload identity federation for github actions in gcloud (for steps, [refer here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation)). In the steps, your service account should the ability to push to GAR. Then use google-github-actions/auth action for authentication using workload identity like below:
```yaml
name: ci
@ -243,38 +226,34 @@ jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v1
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v0'
with:
token_format: access_token
workload_identity_provider: <workload_identity_provider>
service_account: <service_account>
-
name: Login to GAR
uses: docker/login-action@v3
token_format: 'access_token'
workload_identity_provider: '<workload_identity_provider>'
service_account: '<service_account>'
- name: Login to GAR
uses: docker/login-action@v1
with:
registry: <location>-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
```
> Replace `<workload_identity_provider>` with configured workload identity provider
> Replace `<workload_identity_provider>` with configured workload identity
> provider
> Replace `<service_account>` with configured service account in workload
> identity provider which has access to push to GCR
> Replace `<service_account>` with configured service account in workload identity provider which has access to push to GCR
> Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
> of the repository where the image is stored.
#### Service account based authentication
Use a service account with permission to push to GAR and [configure access control](https://cloud.google.com/artifact-registry/docs/access-control).
Download the key for the service account as a JSON file. Save the contents of
the file [as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
named `GCR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`,
Use a service account with the ability to push to GAR and [configure access control](https://cloud.google.com/artifact-registry/docs/access-control).
Then create and download the JSON key for this service account and save content of `.json` file
[as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
called `GAR_JSON_KEY` in your GitHub repo. Ensure you set the username to `_json_key`,
or `_json_key_base64` if you use a base64-encoded key.
```yaml
@ -290,7 +269,7 @@ jobs:
steps:
-
name: Login to GAR
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: <location>-docker.pkg.dev
username: _json_key
@ -303,7 +282,7 @@ jobs:
### AWS Elastic Container Registry (ECR)
Use an IAM user with the ability to [push to ECR with `AmazonEC2ContainerRegistryPowerUser` managed policy for example](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html#AmazonEC2ContainerRegistryPowerUser).
Download the access keys and save them as `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` [as secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
Then create and download access keys and save `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` [as secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
in your GitHub repo.
```yaml
@ -319,15 +298,15 @@ jobs:
steps:
-
name: Login to ECR
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
```
If you need to log in to Amazon ECR registries associated with other accounts,
you can use the `AWS_ACCOUNT_IDS` environment variable:
If you need to log in to Amazon ECR registries associated with other accounts, you can use the `AWS_ACCOUNT_IDS`
environment variable:
```yaml
name: ci
@ -342,7 +321,7 @@ jobs:
steps:
-
name: Login to ECR
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
@ -353,8 +332,8 @@ jobs:
> Only available with [AWS CLI version 1](https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html)
You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials)
action in combination with this action:
You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials) action in
combination with this action:
```yaml
name: ci
@ -369,14 +348,14 @@ jobs:
steps:
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: <region>
-
name: Login to ECR
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
```
@ -385,10 +364,9 @@ jobs:
### AWS Public Elastic Container Registry (ECR)
Use an IAM user with permission to push to ECR Public, for example using [managed policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonEC2ContainerRegistryPowerUser).
Download the access keys and save them as `AWS_ACCESS_KEY_ID` and
`AWS_SECRET_ACCESS_KEY` [secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
in your GitHub repository.
Use an IAM user with the ability to [push to ECR Public with `AmazonElasticContainerRegistryPublicPowerUser` managed policy for example](https://docs.aws.amazon.com/AmazonECR/latest/public/public-ecr-managed-policies.html#AmazonElasticContainerRegistryPublicPowerUser).
Then create and download access keys and save `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` [as secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
in your GitHub repo.
```yaml
name: ci
@ -403,7 +381,7 @@ jobs:
steps:
-
name: Login to Public ECR
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
@ -437,7 +415,7 @@ jobs:
steps:
-
name: Login to OCIR
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: <region>.ocir.io
username: ${{ secrets.OCI_USERNAME }}
@ -448,8 +426,7 @@ jobs:
### Quay.io
Use a [Robot account](https://docs.quay.io/glossary/robot-accounts.html) with
permission to push to a Quay.io repository.
Use a [Robot account](https://docs.quay.io/glossary/robot-accounts.html) with the ability to push to a public/private Quay.io repository.
```yaml
name: ci
@ -464,7 +441,7 @@ jobs:
steps:
-
name: Login to Quay.io
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
@ -475,15 +452,15 @@ jobs:
### inputs
The following inputs can be used as `step.with` keys:
Following inputs can be used as `step.with` keys
| Name | Type | Default | Description |
|------------|--------|---------|-------------------------------------------------------------------------------|
| `registry` | String | | Server address of Docker registry. If not set then will default to Docker Hub |
| `username` | String | | Username for authenticating to the Docker registry |
| `password` | String | | Password or personal access token for authenticating the Docker registry |
| `ecr` | String | `auto` | Specifies whether the given registry is ECR (`auto`, `true` or `false`) |
| `logout` | Bool | `true` | Log out from the Docker registry at the end of a job |
| Name | Type | Default | Description |
|------------------|---------|-----------------------------|------------------------------------|
| `registry` | String | | Server address of Docker registry. If not set then will default to Docker Hub |
| `username` | String | | Username used to log against the Docker registry |
| `password` | String | | Password or personal access token used to log against the Docker registry |
| `ecr` | String | `auto` | Specifies whether the given registry is ECR (`auto`, `true` or `false`) |
| `logout` | Bool | `true` | Log out from the Docker registry at the end of a job |
## Keep up-to-date with GitHub Dependabot

1
__tests__/aws.test.ts
View File

@ -1,6 +1,5 @@
import {beforeEach, describe, expect, jest, test} from '@jest/globals';
import {AuthorizationData} from '@aws-sdk/client-ecr';
import * as aws from '../src/aws';
describe('isECR', () => {

3
__tests__/context.test.ts
View File

@ -1,5 +1,4 @@
import {expect, test} from '@jest/globals';
import {getInputs} from '../src/context';
test('with password and username getInputs does not throw error', async () => {
@ -8,5 +7,5 @@ test('with password and username getInputs does not throw error', async () => {
process.env['INPUT_LOGOUT'] = 'true';
expect(() => {
getInputs();
}).not.toThrow();
}).not.toThrowError();
});

19
__tests__/docker.test.ts
View File

@ -1,15 +1,13 @@
import {expect, jest, test} from '@jest/globals';
import * as path from 'path';
import {loginStandard, logout} from '../src/docker';
import {Exec} from '@docker/actions-toolkit/lib/exec';
import * as path from 'path';
import * as exec from '@actions/exec';
process.env['RUNNER_TEMP'] = path.join(__dirname, 'runner');
test('loginStandard calls exec', async () => {
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
const execSpy = jest.spyOn(Exec, 'getExecOutput').mockImplementation(async () => {
const execSpy = jest.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
return {
exitCode: expect.any(Number),
stdout: expect.any(Function),
@ -17,9 +15,9 @@ test('loginStandard calls exec', async () => {
};
});
const username = 'dbowie';
const password = 'groundcontrol';
const registry = 'https://ghcr.io';
const username: string = 'dbowie';
const password: string = 'groundcontrol';
const registry: string = 'https://ghcr.io';
await loginStandard(registry, username, password);
@ -31,9 +29,8 @@ test('loginStandard calls exec', async () => {
});
test('logout calls exec', async () => {
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
const execSpy = jest.spyOn(Exec, 'getExecOutput').mockImplementation(async () => {
const execSpy = jest.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
return {
exitCode: expect.any(Number),
stdout: expect.any(Function),
@ -41,7 +38,7 @@ test('logout calls exec', async () => {
};
});
const registry = 'https://ghcr.io';
const registry: string = 'https://ghcr.io';
await logout(registry);

72
__tests__/main.test.ts Normal file
View File

@ -0,0 +1,72 @@
import {expect, jest, test} from '@jest/globals';
import osm = require('os');
import {run} from '../src/main';
import * as docker from '../src/docker';
import * as stateHelper from '../src/state-helper';
import * as core from '@actions/core';
test('errors without username and password', async () => {
const platSpy = jest.spyOn(osm, 'platform').mockImplementation(() => 'linux');
process.env['INPUT_LOGOUT'] = 'true'; // default value
const coreSpy = jest.spyOn(core, 'setFailed');
await run();
expect(coreSpy).toHaveBeenCalledWith('Username and password required');
});
test('successful with username and password', async () => {
const platSpy = jest.spyOn(osm, 'platform').mockImplementation(() => 'linux');
const setRegistrySpy = jest.spyOn(stateHelper, 'setRegistry');
const setLogoutSpy = jest.spyOn(stateHelper, 'setLogout');
const dockerSpy = jest.spyOn(docker, 'login').mockImplementation(jest.fn());
const username: string = 'dbowie';
process.env[`INPUT_USERNAME`] = username;
const password: string = 'groundcontrol';
process.env[`INPUT_PASSWORD`] = password;
const ecr: string = 'auto';
process.env['INPUT_ECR'] = ecr;
const logout: boolean = false;
process.env['INPUT_LOGOUT'] = String(logout);
await run();
expect(setRegistrySpy).toHaveBeenCalledWith('');
expect(setLogoutSpy).toHaveBeenCalledWith(logout);
expect(dockerSpy).toHaveBeenCalledWith('', username, password, ecr);
});
test('calls docker login', async () => {
const platSpy = jest.spyOn(osm, 'platform').mockImplementation(() => 'linux');
const setRegistrySpy = jest.spyOn(stateHelper, 'setRegistry');
const setLogoutSpy = jest.spyOn(stateHelper, 'setLogout');
const dockerSpy = jest.spyOn(docker, 'login');
dockerSpy.mockImplementation(jest.fn());
const username: string = 'dbowie';
process.env[`INPUT_USERNAME`] = username;
const password: string = 'groundcontrol';
process.env[`INPUT_PASSWORD`] = password;
const registry: string = 'ghcr.io';
process.env[`INPUT_REGISTRY`] = registry;
const ecr: string = 'auto';
process.env['INPUT_ECR'] = ecr;
const logout: boolean = true;
process.env['INPUT_LOGOUT'] = String(logout);
await run();
expect(setRegistrySpy).toHaveBeenCalledWith(registry);
expect(setLogoutSpy).toHaveBeenCalledWith(logout);
expect(dockerSpy).toHaveBeenCalledWith(registry, username, password, ecr);
});

2
action.yml
View File

@ -26,6 +26,6 @@ inputs:
required: false
runs:
using: 'node20'
using: 'node12'
main: 'dist/index.js'
post: 'dist/index.js'

49
dev.Dockerfile
View File

@ -1,6 +1,8 @@
# syntax=docker/dockerfile:1
# syntax=docker/dockerfile:1.3-labs
ARG NODE_VERSION=20
ARG NODE_VERSION=12
ARG DOCKER_VERSION=20.10.10
ARG BUILDX_VERSION=0.7.0
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git
@ -16,14 +18,14 @@ COPY --from=deps /vendor /
FROM deps AS vendor-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock
exit 1
fi
set -e
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock
exit 1
fi
EOT
FROM deps AS build
@ -36,14 +38,14 @@ COPY --from=build /out /
FROM build AS build-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist
exit 1
fi
set -e
git add -A
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist
exit 1
fi
EOT
FROM deps AS format
@ -55,17 +57,22 @@ RUN --mount=type=bind,target=.,rw \
FROM scratch AS format-update
COPY --from=format /out /
FROM deps AS lint
FROM deps AS format-validate
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run lint
yarn run format-check
FROM docker:${DOCKER_VERSION} as docker
FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
FROM deps AS test
ENV RUNNER_TEMP=/tmp/github_runner
ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run test --coverage --coverageDirectory=/tmp/coverage
--mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
--mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
yarn run test --coverageDirectory=/tmp/coverage
FROM scratch AS test-coverage
COPY --from=test /tmp/coverage /

32410
dist/index.js generated vendored
View File

File diff suppressed because one or more lines are too long

1
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

12378
dist/licenses.txt generated vendored
View File

File diff suppressed because it is too large Load Diff

1
dist/sourcemap-register.js generated vendored
View File

File diff suppressed because one or more lines are too long

6
docker-bake.hcl
View File

@ -7,7 +7,7 @@ group "pre-checkin" {
}
group "validate" {
targets = ["lint", "build-validate", "vendor-validate"]
targets = ["format-validate", "build-validate", "vendor-validate"]
}
target "build" {
@ -28,9 +28,9 @@ target "format" {
output = ["."]
}
target "lint" {
target "format-validate" {
dockerfile = "dev.Dockerfile"
target = "lint"
target = "format-validate"
output = ["type=cacheonly"]
}

10
jest.config.js Normal file
View File

@ -0,0 +1,10 @@
module.exports = {
clearMocks: true,
moduleFileExtensions: ['js', 'ts'],
setupFiles: ["dotenv/config"],
testMatch: ['**/*.test.ts'],
transform: {
'^.+\\.ts$': 'ts-jest'
},
verbose: false
}

30
jest.config.ts
View File

@ -1,30 +0,0 @@
import fs from 'fs';
import os from 'os';
import path from 'path';
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-login-action-')).split(path.sep).join(path.posix.sep);
process.env = Object.assign({}, process.env, {
TEMP: tmpDir,
GITHUB_REPOSITORY: 'docker/login-action',
RUNNER_TEMP: path.join(tmpDir, 'runner-temp').split(path.sep).join(path.posix.sep),
RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache').split(path.sep).join(path.posix.sep)
}) as {
[key: string]: string;
};
module.exports = {
clearMocks: true,
testEnvironment: 'node',
moduleFileExtensions: ['js', 'ts'],
testMatch: ['**/*.test.ts'],
transform: {
'^.+\\.ts$': 'ts-jest'
},
moduleNameMapper: {
'^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
},
collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__tests__/'],
verbose: true
};

57
package.json
View File

@ -3,15 +3,11 @@
"description": "GitHub Action to login against a Docker registry",
"main": "lib/main.js",
"scripts": {
"build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
"lint": "yarn run prettier && yarn run eslint",
"format": "yarn run prettier:fix && yarn run eslint:fix",
"eslint": "eslint --max-warnings=0 .",
"eslint:fix": "eslint --fix .",
"prettier": "prettier --check \"./**/*.ts\"",
"prettier:fix": "prettier --write \"./**/*.ts\"",
"test": "jest",
"all": "yarn run build && yarn run format && yarn test"
"build": "tsc && ncc build",
"format": "prettier --write '**/*.ts'",
"format-check": "prettier --check '**/*.ts'",
"test": "jest --coverage",
"pre-checkin": "yarn run format && yarn run build"
},
"repository": {
"type": "git",
@ -22,29 +18,30 @@
"docker",
"login"
],
"author": "Docker Inc.",
"license": "Apache-2.0",
"author": "Docker",
"contributors": [
{
"name": "CrazyMax",
"url": "https://crazymax.dev"
}
],
"license": "MIT",
"dependencies": {
"@actions/core": "^1.10.1",
"@aws-sdk/client-ecr": "^3.435.0",
"@aws-sdk/client-ecr-public": "^3.435.0",
"@docker/actions-toolkit": "^0.14.0",
"http-proxy-agent": "^7.0.0",
"https-proxy-agent": "^7.0.2"
"@actions/core": "^1.6.0",
"@actions/exec": "^1.1.0",
"@actions/io": "^1.1.1",
"@aws-sdk/client-ecr": "^3.53.0",
"@aws-sdk/client-ecr-public": "^3.53.0",
"http-proxy-agent": "^5.0.0",
"https-proxy-agent": "^5.0.0"
},
"devDependencies": {
"@types/node": "^20.5.9",
"@typescript-eslint/eslint-plugin": "^6.6.0",
"@typescript-eslint/parser": "^6.6.0",
"@vercel/ncc": "^0.38.0",
"eslint": "^8.48.0",
"eslint-config-prettier": "^9.0.0",
"eslint-plugin-jest": "^27.2.3",
"eslint-plugin-prettier": "^5.0.0",
"jest": "^29.6.4",
"prettier": "^3.0.3",
"ts-jest": "^29.1.1",
"ts-node": "^10.9.1",
"typescript": "^5.2.2"
"@types/node": "^16.11.26",
"@vercel/ncc": "^0.33.3",
"dotenv": "^16.0.0",
"jest": "^27.2.5",
"prettier": "^2.5.1",
"ts-jest": "^27.1.2",
"typescript": "^4.4.4"
}
}

12
src/aws.ts
View File

@ -1,7 +1,7 @@
import * as core from '@actions/core';
import {ECR} from '@aws-sdk/client-ecr';
import {ECRPUBLIC} from '@aws-sdk/client-ecr-public';
import {NodeHttpHandler} from '@smithy/node-http-handler';
import {NodeHttpHandler} from '@aws-sdk/node-http-handler';
import {HttpProxyAgent} from 'http-proxy-agent';
import {HttpsProxyAgent} from 'https-proxy-agent';
@ -34,7 +34,7 @@ export const getAccountIDs = (registry: string): string[] => {
if (!matches) {
return [];
}
const accountIDs: Array<string> = [matches[2]];
let accountIDs: Array<string> = [matches[2]];
if (process.env.AWS_ACCOUNT_IDS) {
accountIDs.push(...process.env.AWS_ACCOUNT_IDS.split(','));
}
@ -57,14 +57,14 @@ export const getRegistriesData = async (registry: string, username?: string, pas
authTokenRequest['registryIds'] = accountIDs;
}
let httpProxyAgent;
let httpProxyAgent: any = null;
const httpProxy = process.env.http_proxy || process.env.HTTP_PROXY || '';
if (httpProxy) {
core.debug(`Using http proxy ${httpProxy}`);
httpProxyAgent = new HttpProxyAgent(httpProxy);
}
let httpsProxyAgent;
let httpsProxyAgent: any = null;
const httpsProxy = process.env.https_proxy || process.env.HTTPS_PROXY || '';
if (httpsProxy) {
core.debug(`Using https proxy ${httpsProxy}`);
@ -96,8 +96,6 @@ export const getRegistriesData = async (registry: string, username?: string, pas
}
const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
return [
{
registry: 'public.ecr.aws',
@ -124,8 +122,6 @@ export const getRegistriesData = async (registry: string, username?: string, pas
for (const authData of authTokenResponse.authorizationData) {
const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
regDatas.push({
registry: authData.proxyEndpoint || '',
username: creds[0],

64
src/docker.ts
View File

@ -1,6 +1,6 @@
import * as aws from './aws';
import * as core from '@actions/core';
import {Exec} from '@docker/actions-toolkit/lib/exec';
import * as exec from '@actions/exec';
export async function login(registry: string, username: string, password: string, ecr: string): Promise<void> {
if (/true/i.test(ecr) || (ecr == 'auto' && aws.isECR(registry))) {
@ -11,13 +11,15 @@ export async function login(registry: string, username: string, password: string
}
export async function logout(registry: string): Promise<void> {
await Exec.getExecOutput('docker', ['logout', registry], {
ignoreReturnCode: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
core.warning(res.stderr.trim());
}
});
await exec
.getExecOutput('docker', ['logout', registry], {
ignoreReturnCode: true
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
core.warning(res.stderr.trim());
}
});
}
export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
@ -25,7 +27,7 @@ export async function loginStandard(registry: string, username: string, password
throw new Error('Username and password required');
}
const loginArgs: Array<string> = ['login', '--password-stdin'];
let loginArgs: Array<string> = ['login', '--password-stdin'];
loginArgs.push('--username', username);
loginArgs.push(registry);
@ -34,16 +36,18 @@ export async function loginStandard(registry: string, username: string, password
} else {
core.info(`Logging into Docker Hub...`);
}
await Exec.getExecOutput('docker', loginArgs, {
ignoreReturnCode: true,
silent: true,
input: Buffer.from(password)
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr.trim());
}
core.info(`Login Succeeded!`);
});
await exec
.getExecOutput('docker', loginArgs, {
ignoreReturnCode: true,
silent: true,
input: Buffer.from(password)
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr.trim());
}
core.info(`Login Succeeded!`);
});
}
export async function loginECR(registry: string, username: string, password: string): Promise<void> {
@ -51,15 +55,17 @@ export async function loginECR(registry: string, username: string, password: str
const regDatas = await aws.getRegistriesData(registry, username, password);
for (const regData of regDatas) {
core.info(`Logging into ${regData.registry}...`);
await Exec.getExecOutput('docker', ['login', '--password-stdin', '--username', regData.username, regData.registry], {
ignoreReturnCode: true,
silent: true,
input: Buffer.from(regData.password)
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr.trim());
}
core.info('Login Succeeded!');
});
await exec
.getExecOutput('docker', ['login', '--password-stdin', '--username', regData.username, regData.registry], {
ignoreReturnCode: true,
silent: true,
input: Buffer.from(regData.password)
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr.trim());
}
core.info('Login Succeeded!');
});
}
}

25
src/main.ts
View File

@ -1,21 +1,28 @@
import * as actionsToolkit from '@docker/actions-toolkit';
import * as core from '@actions/core';
import * as context from './context';
import * as docker from './docker';
import * as stateHelper from './state-helper';
export async function main(): Promise<void> {
const input: context.Inputs = context.getInputs();
stateHelper.setRegistry(input.registry);
stateHelper.setLogout(input.logout);
await docker.login(input.registry, input.username, input.password, input.ecr);
export async function run(): Promise<void> {
try {
const input: context.Inputs = context.getInputs();
stateHelper.setRegistry(input.registry);
stateHelper.setLogout(input.logout);
await docker.login(input.registry, input.username, input.password, input.ecr);
} catch (error: any) {
core.setFailed(error.message);
}
}
async function post(): Promise<void> {
async function logout(): Promise<void> {
if (!stateHelper.logout) {
return;
}
await docker.logout(stateHelper.registry);
}
actionsToolkit.run(main, post);
if (!stateHelper.IsPost) {
run();
} else {
logout();
}

5
src/state-helper.ts
View File

@ -1,5 +1,6 @@
import * as core from '@actions/core';
export const IsPost = !!process.env['STATE_isPost'];
export const registry = process.env['STATE_registry'] || '';
export const logout = /true/i.test(process.env['STATE_logout'] || '');
@ -10,3 +11,7 @@ export function setRegistry(registry: string) {
export function setLogout(logout: boolean) {
core.saveState('logout', logout);
}
if (!IsPost) {
core.saveState('isPost', 'true');
}

17
tsconfig.json
View File

@ -1,21 +1,14 @@
{
"compilerOptions": {
"esModuleInterop": true,
"target": "es6",
"target": "esnext",
"module": "commonjs",
"strict": true,
"newLine": "lf",
"outDir": "./lib",
"rootDir": "./src",
"forceConsistentCasingInFileNames": true,
"strict": true,
"noImplicitAny": false,
"resolveJsonModule": true,
"useUnknownInCatchVariables": false,
"esModuleInterop": true,
"sourceMap": true
},
"exclude": [
"./__tests__/**/*",
"./lib/**/*",
"node_modules",
"jest.config.ts"
]
"exclude": ["node_modules", "**/*.test.ts"]
}

4947
yarn.lock
View File

File diff suppressed because it is too large Load Diff