mirror of
https://github.com/docker/login-action.git
synced 2026-07-18 12:00:00 +08:00
Compare commits
No commits in common. "master" and "v4.2.0" have entirely different histories.
19 changed files with 2172 additions and 1008 deletions
3
.github/dependabot.yml
vendored
3
.github/dependabot.yml
vendored
|
|
@ -10,9 +10,6 @@ updates:
|
||||||
crazy-max-dot-github:
|
crazy-max-dot-github:
|
||||||
patterns:
|
patterns:
|
||||||
- "crazy-max/.github/*"
|
- "crazy-max/.github/*"
|
||||||
codeql-actions:
|
|
||||||
patterns:
|
|
||||||
- "github/codeql-action/*"
|
|
||||||
labels:
|
labels:
|
||||||
- "dependencies"
|
- "dependencies"
|
||||||
- "bot"
|
- "bot"
|
||||||
|
|
|
||||||
171
.github/workflows/ci.yml
vendored
171
.github/workflows/ci.yml
vendored
|
|
@ -7,9 +7,6 @@ concurrency:
|
||||||
group: ${{ github.workflow }}-${{ github.ref }}
|
group: ${{ github.workflow }}-${{ github.ref }}
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
|
||||||
env:
|
|
||||||
GHCR_TEST_IMAGE: ghcr.io/docker/login-action-test:ci-${{ github.sha }}
|
|
||||||
|
|
||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
schedule:
|
schedule:
|
||||||
|
|
@ -25,7 +22,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Stop docker
|
name: Stop docker
|
||||||
run: |
|
run: |
|
||||||
|
|
@ -49,7 +46,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
|
|
@ -59,75 +56,44 @@ jobs:
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
logout: ${{ matrix.logout }}
|
logout: ${{ matrix.logout }}
|
||||||
|
|
||||||
push-ghcr:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
packages: write
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
||||||
-
|
|
||||||
name: Login to GitHub Container Registry
|
|
||||||
uses: ./
|
|
||||||
with:
|
|
||||||
registry: ghcr.io
|
|
||||||
username: ${{ github.actor }}
|
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
-
|
|
||||||
name: Build and push test image
|
|
||||||
run: |
|
|
||||||
docker buildx build --push -t "${GHCR_TEST_IMAGE}" - <<EOF
|
|
||||||
FROM scratch
|
|
||||||
LABEL org.opencontainers.image.title="docker/login-action CI test image"
|
|
||||||
LABEL org.opencontainers.image.description="Empty image used by CI to verify GHCR authentication."
|
|
||||||
LABEL org.opencontainers.image.source="https://github.com/${GITHUB_REPOSITORY}"
|
|
||||||
EOF
|
|
||||||
|
|
||||||
dind:
|
dind:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs:
|
|
||||||
- push-ghcr
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
packages: read
|
|
||||||
env:
|
env:
|
||||||
DOCKER_CONFIG: $HOME/.docker
|
DOCKER_CONFIG: $HOME/.docker
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ secrets.GHCR_USERNAME }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GHCR_PAT }}
|
||||||
-
|
-
|
||||||
name: DinD
|
name: DinD
|
||||||
uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
|
uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
|
||||||
with:
|
with:
|
||||||
entrypoint: docker
|
entrypoint: docker
|
||||||
args: pull ${{ env.GHCR_TEST_IMAGE }}
|
args: pull ghcr.io/docker-ghactiontest/test
|
||||||
-
|
-
|
||||||
name: Pull test image
|
name: Pull private image
|
||||||
run: |
|
run: |
|
||||||
docker image prune -a -f >/dev/null 2>&1
|
docker image prune -a -f >/dev/null 2>&1
|
||||||
docker pull "${GHCR_TEST_IMAGE}"
|
docker pull ghcr.io/docker-ghactiontest/test
|
||||||
|
|
||||||
acr:
|
acr:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to ACR
|
name: Login to ACR
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
registry: officialgithubactions.azurecr.io
|
registry: ${{ secrets.AZURE_REGISTRY_NAME }}.azurecr.io
|
||||||
username: ${{ secrets.AZURE_CLIENT_ID }}
|
username: ${{ secrets.AZURE_CLIENT_ID }}
|
||||||
password: ${{ secrets.AZURE_CLIENT_SECRET }}
|
password: ${{ secrets.AZURE_CLIENT_SECRET }}
|
||||||
|
|
||||||
|
|
@ -142,13 +108,13 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to Docker Hub
|
name: Login to Docker Hub
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
ecr:
|
ecr:
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
|
|
@ -161,12 +127,12 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to ECR
|
name: Login to ECR
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com
|
registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.us-east-1.amazonaws.com
|
||||||
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||||
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
|
|
||||||
|
|
@ -181,10 +147,10 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Configure AWS Credentials
|
name: Configure AWS Credentials
|
||||||
uses: aws-actions/configure-aws-credentials@517a711dbcd0e402f90c77e7e2f81e849156e31d # v6.2.2
|
uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1
|
||||||
with:
|
with:
|
||||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
|
|
@ -193,34 +159,7 @@ jobs:
|
||||||
name: Login to ECR
|
name: Login to ECR
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com
|
registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.us-east-1.amazonaws.com
|
||||||
|
|
||||||
ecr-oidc:
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
id-token: write
|
|
||||||
runs-on: ${{ matrix.os }}
|
|
||||||
strategy:
|
|
||||||
fail-fast: false
|
|
||||||
matrix:
|
|
||||||
os:
|
|
||||||
- ubuntu-latest
|
|
||||||
- windows-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
||||||
-
|
|
||||||
name: Configure AWS Credentials
|
|
||||||
uses: aws-actions/configure-aws-credentials@517a711dbcd0e402f90c77e7e2f81e849156e31d # v6.2.2
|
|
||||||
with:
|
|
||||||
role-to-assume: arn:aws:iam::175142243308:role/official_gha_cicd_login_action
|
|
||||||
aws-region: us-east-1
|
|
||||||
-
|
|
||||||
name: Login to ECR
|
|
||||||
uses: ./
|
|
||||||
with:
|
|
||||||
registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com
|
|
||||||
|
|
||||||
ecr-public:
|
ecr-public:
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
|
|
@ -233,7 +172,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to Public ECR
|
name: Login to Public ECR
|
||||||
continue-on-error: ${{ matrix.os == 'windows-latest' }}
|
continue-on-error: ${{ matrix.os == 'windows-latest' }}
|
||||||
|
|
@ -256,10 +195,10 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Configure AWS Credentials
|
name: Configure AWS Credentials
|
||||||
uses: aws-actions/configure-aws-credentials@517a711dbcd0e402f90c77e7e2f81e849156e31d # v6.2.2
|
uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1
|
||||||
with:
|
with:
|
||||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
|
|
@ -271,34 +210,6 @@ jobs:
|
||||||
with:
|
with:
|
||||||
registry: public.ecr.aws
|
registry: public.ecr.aws
|
||||||
|
|
||||||
ecr-public-oidc:
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
id-token: write
|
|
||||||
runs-on: ${{ matrix.os }}
|
|
||||||
strategy:
|
|
||||||
fail-fast: false
|
|
||||||
matrix:
|
|
||||||
os:
|
|
||||||
- ubuntu-latest
|
|
||||||
- windows-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
||||||
-
|
|
||||||
name: Configure AWS Credentials
|
|
||||||
uses: aws-actions/configure-aws-credentials@517a711dbcd0e402f90c77e7e2f81e849156e31d # v6.2.2
|
|
||||||
with:
|
|
||||||
role-to-assume: arn:aws:iam::175142243308:role/official_gha_cicd_login_action
|
|
||||||
aws-region: us-east-1
|
|
||||||
-
|
|
||||||
name: Login to Public ECR
|
|
||||||
continue-on-error: ${{ matrix.os == 'windows-latest' }}
|
|
||||||
uses: ./
|
|
||||||
with:
|
|
||||||
registry: public.ecr.aws
|
|
||||||
|
|
||||||
ghcr:
|
ghcr:
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
|
|
@ -310,7 +221,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
|
|
@ -330,7 +241,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to GitLab
|
name: Login to GitLab
|
||||||
uses: ./
|
uses: ./
|
||||||
|
|
@ -350,12 +261,12 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to Google Artifact Registry
|
name: Login to Google Artifact Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
registry: us-east4-docker.pkg.dev
|
registry: ${{ secrets.GAR_LOCATION }}-docker.pkg.dev
|
||||||
username: _json_key
|
username: _json_key
|
||||||
password: ${{ secrets.GAR_JSON_KEY }}
|
password: ${{ secrets.GAR_JSON_KEY }}
|
||||||
|
|
||||||
|
|
@ -370,7 +281,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to Google Container Registry
|
name: Login to Google Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
|
|
@ -384,14 +295,14 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to registries
|
name: Login to registries
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
registry-auth: |
|
registry-auth: |
|
||||||
- username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
|
- username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
- registry: ghcr.io
|
- registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
@ -407,7 +318,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to registries
|
name: Login to registries
|
||||||
uses: ./
|
uses: ./
|
||||||
|
|
@ -428,7 +339,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to registries
|
name: Login to registries
|
||||||
id: login
|
id: login
|
||||||
|
|
@ -439,8 +350,8 @@ jobs:
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
registry-auth: |
|
registry-auth: |
|
||||||
- username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
|
- username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
-
|
-
|
||||||
name: Check
|
name: Check
|
||||||
run: |
|
run: |
|
||||||
|
|
@ -460,13 +371,13 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to Docker Hub
|
name: Login to Docker Hub
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
scope: '@push'
|
scope: '@push'
|
||||||
-
|
-
|
||||||
name: Print config.json files
|
name: Print config.json files
|
||||||
|
|
@ -490,13 +401,13 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to Docker Hub
|
name: Login to Docker Hub
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
scope: 'docker/buildx-bin@push'
|
scope: 'docker/buildx-bin@push'
|
||||||
-
|
-
|
||||||
name: Print config.json files
|
name: Print config.json files
|
||||||
|
|
@ -520,7 +431,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
|
|
@ -551,7 +462,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
|
|
|
||||||
6
.github/workflows/codeql.yml
vendored
6
.github/workflows/codeql.yml
vendored
|
|
@ -22,7 +22,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Enable corepack
|
name: Enable corepack
|
||||||
run: |
|
run: |
|
||||||
|
|
@ -35,12 +35,12 @@ jobs:
|
||||||
node-version: ${{ env.NODE_VERSION }}
|
node-version: ${{ env.NODE_VERSION }}
|
||||||
-
|
-
|
||||||
name: Initialize CodeQL
|
name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
|
||||||
with:
|
with:
|
||||||
languages: javascript-typescript
|
languages: javascript-typescript
|
||||||
build-mode: none
|
build-mode: none
|
||||||
-
|
-
|
||||||
name: Perform CodeQL Analysis
|
name: Perform CodeQL Analysis
|
||||||
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
|
||||||
with:
|
with:
|
||||||
category: "/language:javascript-typescript"
|
category: "/language:javascript-typescript"
|
||||||
|
|
|
||||||
2
.github/workflows/pr-assign-author.yml
vendored
2
.github/workflows/pr-assign-author.yml
vendored
|
|
@ -11,7 +11,7 @@ on:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
run:
|
run:
|
||||||
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1
|
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
pull-requests: write
|
pull-requests: write
|
||||||
|
|
|
||||||
2
.github/workflows/publish.yml
vendored
2
.github/workflows/publish.yml
vendored
|
|
@ -22,7 +22,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Publish
|
name: Publish
|
||||||
uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
|
uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
|
||||||
|
|
|
||||||
6
.github/workflows/test.yml
vendored
6
.github/workflows/test.yml
vendored
|
|
@ -20,16 +20,16 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Test
|
name: Test
|
||||||
uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0
|
uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
|
||||||
with:
|
with:
|
||||||
source: .
|
source: .
|
||||||
targets: test
|
targets: test
|
||||||
-
|
-
|
||||||
name: Upload coverage
|
name: Upload coverage
|
||||||
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
|
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
|
||||||
with:
|
with:
|
||||||
files: ./coverage/clover.xml
|
files: ./coverage/clover.xml
|
||||||
token: ${{ secrets.CODECOV_TOKEN }}
|
token: ${{ secrets.CODECOV_TOKEN }}
|
||||||
|
|
|
||||||
6
.github/workflows/update-dist.yml
vendored
6
.github/workflows/update-dist.yml
vendored
|
|
@ -30,14 +30,14 @@ jobs:
|
||||||
permission-contents: write
|
permission-contents: write
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
with:
|
with:
|
||||||
ref: ${{ github.event.pull_request.head.ref }}
|
ref: ${{ github.event.pull_request.head.ref }}
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
token: ${{ steps.docker-read-app.outputs.token }}
|
token: ${{ steps.docker-read-app.outputs.token }}
|
||||||
-
|
-
|
||||||
name: Build
|
name: Build
|
||||||
uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0
|
uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
|
||||||
with:
|
with:
|
||||||
source: .
|
source: .
|
||||||
targets: build
|
targets: build
|
||||||
|
|
@ -50,7 +50,7 @@ jobs:
|
||||||
git config user.name "github-actions[bot]"
|
git config user.name "github-actions[bot]"
|
||||||
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
||||||
git add dist
|
git add dist
|
||||||
git commit -m "[dependabot skip] chore: update generated content"
|
git commit -m "chore: update generated content"
|
||||||
git push
|
git push
|
||||||
)
|
)
|
||||||
else
|
else
|
||||||
|
|
|
||||||
6
.github/workflows/validate.yml
vendored
6
.github/workflows/validate.yml
vendored
|
|
@ -22,11 +22,11 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||||
-
|
-
|
||||||
name: Generate matrix
|
name: Generate matrix
|
||||||
id: generate
|
id: generate
|
||||||
uses: docker/bake-action/subaction/matrix@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0
|
uses: docker/bake-action/subaction/matrix@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
|
||||||
with:
|
with:
|
||||||
target: validate
|
target: validate
|
||||||
|
|
||||||
|
|
@ -41,6 +41,6 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Validate
|
name: Validate
|
||||||
uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0
|
uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
|
||||||
with:
|
with:
|
||||||
targets: ${{ matrix.target }}
|
targets: ${{ matrix.target }}
|
||||||
|
|
|
||||||
2
.github/workflows/zizmor.yml
vendored
2
.github/workflows/zizmor.yml
vendored
|
|
@ -19,7 +19,7 @@ on:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
zizmor:
|
zizmor:
|
||||||
uses: crazy-max/.github/.github/workflows/zizmor.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1
|
uses: crazy-max/.github/.github/workflows/zizmor.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
security-events: write
|
security-events: write
|
||||||
|
|
|
||||||
15
.yarnrc.yml
15
.yarnrc.yml
|
|
@ -1,10 +1,10 @@
|
||||||
# https://yarnpkg.com/configuration/yarnrc
|
# https://yarnpkg.com/configuration/yarnrc
|
||||||
|
|
||||||
nodeLinker: node-modules
|
compressionLevel: mixed
|
||||||
|
enableGlobalCache: false
|
||||||
|
enableHardenedMode: true
|
||||||
|
|
||||||
logFilters:
|
logFilters:
|
||||||
- code: YN0004
|
|
||||||
level: discard
|
|
||||||
- code: YN0013
|
- code: YN0013
|
||||||
level: discard
|
level: discard
|
||||||
- code: YN0019
|
- code: YN0019
|
||||||
|
|
@ -14,11 +14,4 @@ logFilters:
|
||||||
- code: YN0086
|
- code: YN0086
|
||||||
level: discard
|
level: discard
|
||||||
|
|
||||||
npmPreapprovedPackages:
|
nodeLinker: node-modules
|
||||||
- "@docker/actions-toolkit"
|
|
||||||
|
|
||||||
compressionLevel: mixed
|
|
||||||
enableGlobalCache: false
|
|
||||||
enableHardenedMode: true
|
|
||||||
enableScripts: false
|
|
||||||
npmMinimalAgeGate: 2d
|
|
||||||
|
|
|
||||||
73
README.md
73
README.md
|
|
@ -117,8 +117,6 @@ instead of a password.
|
||||||
|
|
||||||
### Azure Container Registry (ACR)
|
### Azure Container Registry (ACR)
|
||||||
|
|
||||||
#### Service principal
|
|
||||||
|
|
||||||
[Create a service principal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal#create-a-service-principal)
|
[Create a service principal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal#create-a-service-principal)
|
||||||
with access to your container registry through the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
|
with access to your container registry through the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
|
||||||
and take note of the generated service principal's ID (also called _client ID_)
|
and take note of the generated service principal's ID (also called _client ID_)
|
||||||
|
|
@ -144,60 +142,10 @@ jobs:
|
||||||
password: ${{ secrets.AZURE_CLIENT_SECRET }}
|
password: ${{ secrets.AZURE_CLIENT_SECRET }}
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Replace `<registry-name>` with the name of your registry.
|
|
||||||
|
|
||||||
#### OpenID Connect (OIDC)
|
|
||||||
|
|
||||||
To authenticate with OpenID Connect, configure a federated identity credential
|
|
||||||
for GitHub Actions and use the [Azure Login](https://github.com/Azure/login)
|
|
||||||
action to sign in to Azure. Then expose an ACR access token and pass it to this
|
|
||||||
action as the password.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
name: ci
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: main
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
id-token: write
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
login:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Login to Azure
|
|
||||||
uses: azure/login@v3
|
|
||||||
with:
|
|
||||||
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
||||||
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
||||||
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
||||||
-
|
|
||||||
name: Get ACR access token
|
|
||||||
id: acr-token
|
|
||||||
run: |
|
|
||||||
ACR_TOKEN=$(az acr login --name <registry-name> --expose-token --output tsv --query accessToken)
|
|
||||||
echo "::add-mask::$ACR_TOKEN" # mask the token in workflow logs
|
|
||||||
echo "token=$ACR_TOKEN" >> "$GITHUB_OUTPUT"
|
|
||||||
-
|
|
||||||
name: Login to ACR
|
|
||||||
uses: docker/login-action@v4
|
|
||||||
with:
|
|
||||||
registry: <registry-name>.azurecr.io
|
|
||||||
username: 00000000-0000-0000-0000-000000000000
|
|
||||||
password: ${{ steps.acr-token.outputs.token }}
|
|
||||||
```
|
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Replace `<registry-name>` with the name of your registry.
|
> Replace `<registry-name>` with the name of your registry.
|
||||||
|
|
||||||
### Google Container Registry (GCR)
|
### Google Container Registry (GCR)
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of
|
> [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of
|
||||||
> Google Container Registry. As a fully-managed service with support for both
|
> Google Container Registry. As a fully-managed service with support for both
|
||||||
> container images and non-container artifacts. If you currently use Google
|
> container images and non-container artifacts. If you currently use Google
|
||||||
|
|
@ -228,7 +176,7 @@ jobs:
|
||||||
-
|
-
|
||||||
name: Authenticate to Google Cloud
|
name: Authenticate to Google Cloud
|
||||||
id: auth
|
id: auth
|
||||||
uses: google-github-actions/auth@v3
|
uses: google-github-actions/auth@v1
|
||||||
with:
|
with:
|
||||||
token_format: access_token
|
token_format: access_token
|
||||||
workload_identity_provider: <workload_identity_provider>
|
workload_identity_provider: <workload_identity_provider>
|
||||||
|
|
@ -242,10 +190,9 @@ jobs:
|
||||||
password: ${{ steps.auth.outputs.access_token }}
|
password: ${{ steps.auth.outputs.access_token }}
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Replace `<workload_identity_provider>` with configured workload identity
|
> Replace `<workload_identity_provider>` with configured workload identity
|
||||||
> provider. For steps to configure, [see here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation).
|
> provider. For steps to configure, [see here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation).
|
||||||
>
|
|
||||||
> Replace `<service_account>` with configured service account in workload
|
> Replace `<service_account>` with configured service account in workload
|
||||||
> identity provider which has access to push to GCR
|
> identity provider which has access to push to GCR
|
||||||
|
|
||||||
|
|
@ -300,7 +247,7 @@ jobs:
|
||||||
-
|
-
|
||||||
name: Authenticate to Google Cloud
|
name: Authenticate to Google Cloud
|
||||||
id: auth
|
id: auth
|
||||||
uses: google-github-actions/auth@v3
|
uses: google-github-actions/auth@v1
|
||||||
with:
|
with:
|
||||||
token_format: access_token
|
token_format: access_token
|
||||||
workload_identity_provider: <workload_identity_provider>
|
workload_identity_provider: <workload_identity_provider>
|
||||||
|
|
@ -314,13 +261,12 @@ jobs:
|
||||||
password: ${{ steps.auth.outputs.access_token }}
|
password: ${{ steps.auth.outputs.access_token }}
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Replace `<workload_identity_provider>` with configured workload identity
|
> Replace `<workload_identity_provider>` with configured workload identity
|
||||||
> provider
|
> provider
|
||||||
>
|
|
||||||
> Replace `<service_account>` with configured service account in workload
|
> Replace `<service_account>` with configured service account in workload
|
||||||
> identity provider which has access to push to GCR
|
> identity provider which has access to push to GCR
|
||||||
>
|
|
||||||
> Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
|
> Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
|
||||||
> of the repository where the image is stored.
|
> of the repository where the image is stored.
|
||||||
|
|
||||||
|
|
@ -352,7 +298,6 @@ jobs:
|
||||||
password: ${{ secrets.GAR_JSON_KEY }}
|
password: ${{ secrets.GAR_JSON_KEY }}
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
|
> Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
|
||||||
> of the repository where the image is stored.
|
> of the repository where the image is stored.
|
||||||
|
|
||||||
|
|
@ -407,7 +352,6 @@ jobs:
|
||||||
AWS_ACCOUNT_IDS: 012345678910,023456789012
|
AWS_ACCOUNT_IDS: 012345678910,023456789012
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Only available with [AWS CLI version 1](https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html)
|
> Only available with [AWS CLI version 1](https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html)
|
||||||
|
|
||||||
You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials)
|
You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials)
|
||||||
|
|
@ -426,7 +370,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Configure AWS Credentials
|
name: Configure AWS Credentials
|
||||||
uses: aws-actions/configure-aws-credentials@v6
|
uses: aws-actions/configure-aws-credentials@v4
|
||||||
with:
|
with:
|
||||||
aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
|
aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
|
||||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
|
|
@ -438,7 +382,6 @@ jobs:
|
||||||
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
|
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Replace `<aws-account-number>` and `<region>` with their respective values.
|
> Replace `<aws-account-number>` and `<region>` with their respective values.
|
||||||
|
|
||||||
### AWS Public Elastic Container Registry (ECR)
|
### AWS Public Elastic Container Registry (ECR)
|
||||||
|
|
@ -470,7 +413,6 @@ jobs:
|
||||||
AWS_REGION: <region>
|
AWS_REGION: <region>
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Replace `<region>` with its respective value (default `us-east-1`).
|
> Replace `<region>` with its respective value (default `us-east-1`).
|
||||||
|
|
||||||
### OCI Oracle Cloud Infrastructure Registry (OCIR)
|
### OCI Oracle Cloud Infrastructure Registry (OCIR)
|
||||||
|
|
@ -503,7 +445,6 @@ jobs:
|
||||||
password: ${{ secrets.OCI_TOKEN }}
|
password: ${{ secrets.OCI_TOKEN }}
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Replace `<region>` with their respective values from [availability regions](https://docs.cloud.oracle.com/iaas/Content/Registry/Concepts/registryprerequisites.htm#Availab)
|
> Replace `<region>` with their respective values from [availability regions](https://docs.cloud.oracle.com/iaas/Content/Registry/Concepts/registryprerequisites.htm#Availab)
|
||||||
|
|
||||||
### Quay.io
|
### Quay.io
|
||||||
|
|
@ -662,7 +603,7 @@ jobs:
|
||||||
scope: 'myorg/myimage@push'
|
scope: 'myorg/myimage@push'
|
||||||
-
|
-
|
||||||
name: Build and push
|
name: Build and push
|
||||||
uses: docker/build-push-action@v7
|
uses: docker/build-push-action@v6
|
||||||
with:
|
with:
|
||||||
push: true
|
push: true
|
||||||
tags: myorg/myimage:latest
|
tags: myorg/myimage:latest
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
import {afterEach, expect, test, vi} from 'vitest';
|
import {afterEach, expect, test} from 'vitest';
|
||||||
import * as path from 'path';
|
import * as path from 'path';
|
||||||
|
|
||||||
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
|
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
|
||||||
|
|
@ -6,7 +6,6 @@ import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
|
||||||
import {getAuthList, getInputs} from '../src/context.js';
|
import {getAuthList, getInputs} from '../src/context.js';
|
||||||
|
|
||||||
afterEach(() => {
|
afterEach(() => {
|
||||||
vi.restoreAllMocks();
|
|
||||||
for (const key of Object.keys(process.env)) {
|
for (const key of Object.keys(process.env)) {
|
||||||
if (key.startsWith('INPUT_')) {
|
if (key.startsWith('INPUT_')) {
|
||||||
delete process.env[key];
|
delete process.env[key];
|
||||||
|
|
@ -34,37 +33,3 @@ test('getAuthList uses the default Docker Hub registry when computing scoped con
|
||||||
configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope')
|
configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope')
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
test('getAuthList skips secret masking when registry-auth password is absent', async () => {
|
|
||||||
const stdoutWriteSpy = vi.spyOn(process.stdout, 'write').mockImplementation(() => true);
|
|
||||||
const [auth] = getAuthList({
|
|
||||||
registry: '',
|
|
||||||
username: '',
|
|
||||||
password: '',
|
|
||||||
scope: '',
|
|
||||||
ecr: '',
|
|
||||||
logout: true,
|
|
||||||
registryAuth: '- registry: public.ecr.aws\n'
|
|
||||||
});
|
|
||||||
|
|
||||||
expect(stdoutWriteSpy.mock.calls.map(call => call[0]).join('')).not.toContain('::add-mask::');
|
|
||||||
expect(auth).toMatchObject({
|
|
||||||
registry: 'public.ecr.aws',
|
|
||||||
ecr: 'auto'
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
test('getAuthList masks registry-auth password when present', async () => {
|
|
||||||
const stdoutWriteSpy = vi.spyOn(process.stdout, 'write').mockImplementation(() => true);
|
|
||||||
getAuthList({
|
|
||||||
registry: '',
|
|
||||||
username: '',
|
|
||||||
password: '',
|
|
||||||
scope: '',
|
|
||||||
ecr: '',
|
|
||||||
logout: true,
|
|
||||||
registryAuth: '- registry: ghcr.io\n username: dbowie\n password: groundcontrol\n'
|
|
||||||
});
|
|
||||||
|
|
||||||
expect(stdoutWriteSpy.mock.calls.map(call => call[0]).join('')).toContain('::add-mask::groundcontrol');
|
|
||||||
});
|
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ FROM base AS deps
|
||||||
RUN --mount=type=bind,target=.,rw \
|
RUN --mount=type=bind,target=.,rw \
|
||||||
--mount=type=cache,target=/src/.yarn/cache \
|
--mount=type=cache,target=/src/.yarn/cache \
|
||||||
--mount=type=cache,target=/src/node_modules \
|
--mount=type=cache,target=/src/node_modules \
|
||||||
yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
|
yarn install && mkdir /vendor && cp yarn.lock /vendor
|
||||||
|
|
||||||
FROM scratch AS vendor-update
|
FROM scratch AS vendor-update
|
||||||
COPY --from=deps /vendor /
|
COPY --from=deps /vendor /
|
||||||
|
|
|
||||||
322
dist/index.cjs
generated
vendored
322
dist/index.cjs
generated
vendored
File diff suppressed because one or more lines are too long
8
dist/index.cjs.map
generated
vendored
8
dist/index.cjs.map
generated
vendored
File diff suppressed because one or more lines are too long
1410
dist/licenses.txt
generated
vendored
1410
dist/licenses.txt
generated
vendored
File diff suppressed because it is too large
Load diff
16
package.json
16
package.json
|
|
@ -4,7 +4,7 @@
|
||||||
"type": "module",
|
"type": "module",
|
||||||
"main": "src/main.ts",
|
"main": "src/main.ts",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify --keep-names && yarn run license",
|
"build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify && yarn run license",
|
||||||
"lint": "eslint --max-warnings=0 .",
|
"lint": "eslint --max-warnings=0 .",
|
||||||
"format": "eslint --fix .",
|
"format": "eslint --fix .",
|
||||||
"test": "vitest run",
|
"test": "vitest run",
|
||||||
|
|
@ -21,15 +21,15 @@
|
||||||
],
|
],
|
||||||
"author": "Docker Inc.",
|
"author": "Docker Inc.",
|
||||||
"license": "Apache-2.0",
|
"license": "Apache-2.0",
|
||||||
"packageManager": "yarn@4.15.0",
|
"packageManager": "yarn@4.9.2",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/core": "^3.0.1",
|
"@actions/core": "^3.0.1",
|
||||||
"@aws-sdk/client-ecr": "^3.1077.0",
|
"@aws-sdk/client-ecr": "^3.1050.0",
|
||||||
"@aws-sdk/client-ecr-public": "^3.1077.0",
|
"@aws-sdk/client-ecr-public": "^3.1050.0",
|
||||||
"@docker/actions-toolkit": "^0.92.0",
|
"@docker/actions-toolkit": "^0.90.0",
|
||||||
"http-proxy-agent": "^9.1.0",
|
"http-proxy-agent": "^9.0.0",
|
||||||
"https-proxy-agent": "^9.1.0",
|
"https-proxy-agent": "^9.0.0",
|
||||||
"js-yaml": "^5.2.0"
|
"js-yaml": "^4.1.1"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@eslint/js": "^9.39.3",
|
"@eslint/js": "^9.39.3",
|
||||||
|
|
|
||||||
|
|
@ -53,9 +53,7 @@ export function getAuthList(inputs: Inputs): Array<Auth> {
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
|
auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
|
||||||
if (auth.password) {
|
|
||||||
core.setSecret(auth.password); // redacted in workflow logs
|
core.setSecret(auth.password); // redacted in workflow logs
|
||||||
}
|
|
||||||
const registry = auth.registry || 'docker.io';
|
const registry = auth.registry || 'docker.io';
|
||||||
return {
|
return {
|
||||||
registry,
|
registry,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue