romualdo/login-action
1
0
Fork 0
mirror of https://github.com/docker/login-action.git synced 2026-05-12 13:28:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: romualdo:4e572a3159e91b431dffc9d146005f8dfb40e39f
Branches Tags
romualdo:master
romualdo:dependabot/github_actions/crazy-max-dot-github-6667ecc476
romualdo:dependabot/github_actions/github/codeql-action-4.35.4
romualdo:dependabot/npm_and_yarn/vite-7.3.3
romualdo:dependabot/npm_and_yarn/fast-xml-builder-1.2.0
romualdo:dependabot/github_actions/aws-actions/configure-aws-credentials-6.1.1
romualdo:dependabot/npm_and_yarn/postcss-8.5.10
romualdo:esbuild
romualdo:dependabot/npm_and_yarn/actions/core-3.0.1
romualdo:dependabot/npm_and_yarn/docker/actions-toolkit-0.88.0
romualdo:dependabot/npm_and_yarn/fast-xml-parser-5.5.8
romualdo:dependabot/npm_and_yarn/aws-sdk-dependencies-6bb1d9fb1e
romualdo:releases/v3
romualdo:releases/v2
romualdo:releases/v1
romualdo:v4.1.0
romualdo:v4
romualdo:v4.0.0
romualdo:v3.7.0
romualdo:v3.6.0
romualdo:v3.5.0
romualdo:v3.4.0
romualdo:v3.3.0
romualdo:v3
romualdo:v3.2.0
romualdo:v3.1.0
romualdo:v3.0.0
romualdo:v2
romualdo:v2.2.0
romualdo:v2.1.0
romualdo:v2.0.0
romualdo:v1.14.1
romualdo:v1
romualdo:v1.14.0
romualdo:v1.13.0
romualdo:v1.12.0
romualdo:v1.11.0
romualdo:v1.10.0
romualdo:v1.9.0
romualdo:v1.8.0
romualdo:v1.7.0
romualdo:v1.6.0
romualdo:v1.5.0
romualdo:v1.4.1
romualdo:v1.4.0
romualdo:v1.3.0
romualdo:v1.2.0
romualdo:v1.1.1
romualdo:v1.1.0
romualdo:v1.0.1
romualdo:v1.0.0
...
compare: romualdo:dd977964bca17809056d49522999d5cc02d125b3
Branches Tags
romualdo:dependabot/github_actions/crazy-max-dot-github-6667ecc476
romualdo:dependabot/github_actions/github/codeql-action-4.35.4
romualdo:dependabot/npm_and_yarn/vite-7.3.3
romualdo:dependabot/npm_and_yarn/fast-xml-builder-1.2.0
romualdo:dependabot/github_actions/aws-actions/configure-aws-credentials-6.1.1
romualdo:master
romualdo:dependabot/npm_and_yarn/postcss-8.5.10
romualdo:esbuild
romualdo:dependabot/npm_and_yarn/actions/core-3.0.1
romualdo:dependabot/npm_and_yarn/docker/actions-toolkit-0.88.0
romualdo:dependabot/npm_and_yarn/fast-xml-parser-5.5.8
romualdo:dependabot/npm_and_yarn/aws-sdk-dependencies-6bb1d9fb1e
romualdo:releases/v3
romualdo:releases/v2
romualdo:releases/v1
romualdo:v4.1.0
romualdo:v4
romualdo:v4.0.0
romualdo:v3.7.0
romualdo:v3.6.0
romualdo:v3.5.0
romualdo:v3.4.0
romualdo:v3.3.0
romualdo:v3
romualdo:v3.2.0
romualdo:v3.1.0
romualdo:v3.0.0
romualdo:v2
romualdo:v2.2.0
romualdo:v2.1.0
romualdo:v2.0.0
romualdo:v1.14.1
romualdo:v1
romualdo:v1.14.0
romualdo:v1.13.0
romualdo:v1.12.0
romualdo:v1.11.0
romualdo:v1.10.0
romualdo:v1.9.0
romualdo:v1.8.0
romualdo:v1.7.0
romualdo:v1.6.0
romualdo:v1.5.0
romualdo:v1.4.1
romualdo:v1.4.0
romualdo:v1.3.0
romualdo:v1.2.0
romualdo:v1.1.1
romualdo:v1.1.0
romualdo:v1.0.1
romualdo:v1.0.0

12 Commits
4e572a3159 ... dd977964bc

Author SHA1 Message Date
CrazyMax
dd977964bc
Merge c7540347e9 into bb555fc48d 2026-04-01 13:33:41 +00:00
CrazyMax
bb555fc48d
Merge pull request #957 from crazy-max/fix-update-dist
Some checks failed
codeql / analyze (push) Failing after 14m26s
Details
test / test (push) Successful in 2m0s
Details
validate / prepare (push) Successful in 1m2s
Details
zizmor / zizmor (push) Failing after -2s
Details
validate / validate (push) Successful in 44s
Details 
ci: stop update-dist reruns after generated dist pushes
 2026-04-01 15:07:43 +02:00
CrazyMax
6de6c60d10
ci: stop update-dist reruns after generated dist pushes 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-04-01 13:10:02 +02:00
CrazyMax
de05a6d3a2
Merge pull request #956 from docker/dependabot/github_actions/codecov/codecov-action-6.0.0 
build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0
 2026-03-31 09:31:16 +02:00
dependabot[bot]
5ac140e711
build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.4 to 6.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](75cd11691c...57e3a136b7)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-31 01:51:57 +00:00
Tõnis Tiigi
bb9683dca2
Merge pull request #955 from crazy-max/zizmor 
ci: zizmor workflow
 2026-03-30 18:49:37 -07:00
CrazyMax
abb6787042
fix zizmor findings 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-03-30 13:44:09 +02:00
CrazyMax
a40c6a7122
ci: zizmor workflow 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-03-30 13:37:19 +02:00
CrazyMax
5c42dd293b
Merge pull request #954 from docker/dependabot/github_actions/crazy-max/dot-github/dot-github/workflows/pr-assign-author.yml-1.3.0 
build(deps): bump crazy-max/.github/.github/workflows/pr-assign-author.yml from 1.1.0 to 1.3.0
 2026-03-30 09:58:21 +02:00
dependabot[bot]
1615afe9d3
build(deps): bump crazy-max/.github/.github/workflows/pr-assign-author.yml 
Bumps [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) from 1.1.0 to 1.3.0.
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](20ef82212d...bb328ea508)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-30 05:52:17 +00:00
CrazyMax
c7540347e9
chore: update generated content 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-03-24 18:58:30 +01:00
CrazyMax
27b3c4afc1
add opt-in skip for missing login credentials 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-03-24 18:56:24 +01:00
14 changed files with 192 additions and 66 deletions
Show Stats Expand all files Collapse all files

8
.github/dependabot.yml vendored
View File

@ -4,6 +4,12 @@ updates:
directory: "/" directory: "/"
schedule: schedule:
interval: "daily" interval: "daily"
cooldown:
default-days: 2
groups:
crazy-max-dot-github:
patterns:
- "crazy-max/.github/*"
labels: labels:
- "dependencies" - "dependencies"
- "bot" - "bot"
@ -11,6 +17,8 @@ updates:
directory: "/" directory: "/"
schedule: schedule:
interval: "daily" interval: "daily"
cooldown:
default-days: 2
versioning-strategy: "increase" versioning-strategy: "increase"
groups: groups:
aws-sdk-dependencies: aws-sdk-dependencies:

49
.github/workflows/ci.yml vendored
View File

@ -1,5 +1,8 @@
name: ci name: ci
permissions:
contents: read
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
@ -19,7 +22,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Stop docker name: Stop docker
run: | run: |
@ -43,7 +46,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@ -60,7 +63,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@ -70,7 +73,7 @@ jobs:
password: ${{ secrets.GHCR_PAT }} password: ${{ secrets.GHCR_PAT }}
- -
name: DinD name: DinD
uses: docker://docker uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
with: with:
entrypoint: docker entrypoint: docker
args: pull ghcr.io/docker-ghactiontest/test args: pull ghcr.io/docker-ghactiontest/test
@ -85,7 +88,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to ACR name: Login to ACR
uses: ./ uses: ./
@ -105,7 +108,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Docker Hub name: Login to Docker Hub
uses: ./ uses: ./
@ -124,7 +127,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to ECR name: Login to ECR
uses: ./ uses: ./
@ -144,10 +147,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Configure AWS Credentials name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v6 uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -169,7 +172,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Public ECR name: Login to Public ECR
continue-on-error: ${{ matrix.os == 'windows-latest' }} continue-on-error: ${{ matrix.os == 'windows-latest' }}
@ -192,10 +195,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Configure AWS Credentials name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v6 uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -218,7 +221,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@ -238,7 +241,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitLab name: Login to GitLab
uses: ./ uses: ./
@ -258,7 +261,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Google Artifact Registry name: Login to Google Artifact Registry
uses: ./ uses: ./
@ -278,7 +281,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Google Container Registry name: Login to Google Container Registry
uses: ./ uses: ./
@ -292,7 +295,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to registries name: Login to registries
uses: ./ uses: ./
@ -315,7 +318,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to registries name: Login to registries
uses: ./ uses: ./
@ -336,7 +339,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to registries name: Login to registries
id: login id: login
@ -368,7 +371,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Docker Hub name: Login to Docker Hub
uses: ./ uses: ./
@ -398,7 +401,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Docker Hub name: Login to Docker Hub
uses: ./ uses: ./
@ -428,7 +431,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@ -459,7 +462,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./

19
.github/workflows/codeql.yml vendored
View File

@ -1,5 +1,8 @@
name: codeql name: codeql
permissions:
contents: read
on: on:
push: push:
branches: branches:
@ -7,21 +10,19 @@ on:
- 'releases/v*' - 'releases/v*'
pull_request: pull_request:
permissions:
actions: read
contents: read
security-events: write
env: env:
NODE_VERSION: "24" NODE_VERSION: "24"
jobs: jobs:
analyze: analyze:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Enable corepack name: Enable corepack
run: | run: |
@ -29,17 +30,17 @@ jobs:
yarn --version yarn --version
- -
name: Set up Node name: Set up Node
uses: actions/setup-node@v6 uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with: with:
node-version: ${{ env.NODE_VERSION }} node-version: ${{ env.NODE_VERSION }}
- -
name: Initialize CodeQL name: Initialize CodeQL
uses: github/codeql-action/init@v4 uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
with: with:
languages: javascript-typescript languages: javascript-typescript
build-mode: none build-mode: none
- -
name: Perform CodeQL Analysis name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4 uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
with: with:
category: "/language:javascript-typescript" category: "/language:javascript-typescript"

4
.github/workflows/pr-assign-author.yml vendored
View File

@ -4,14 +4,14 @@ permissions:
contents: read contents: read
on: on:
pull_request_target: pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout
types: types:
- opened - opened
- reopened - reopened
jobs: jobs:
run: run:
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@20ef82212dc54bab5749f5e05576ca6d3c8a5773 # v1.1.0 uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0
permissions: permissions:
contents: read contents: read
pull-requests: write pull-requests: write

11
.github/workflows/publish.yml vendored
View File

@ -1,5 +1,12 @@
name: publish name: publish
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on: on:
release: release:
types: types:
@ -15,7 +22,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Publish name: Publish
uses: actions/publish-immutable-action@v0.0.4 uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4

9
.github/workflows/test.yml vendored
View File

@ -1,5 +1,8 @@
name: test name: test
permissions:
contents: read
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
@ -17,16 +20,16 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Test name: Test
uses: docker/bake-action@v7 uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
with: with:
source: . source: .
targets: test targets: test
- -
name: Upload coverage name: Upload coverage
uses: codecov/codecov-action@v5 uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
with: with:
files: ./coverage/clover.xml files: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }} token: ${{ secrets.CODECOV_TOKEN }}

17
.github/workflows/update-dist.yml vendored
View File

@ -1,5 +1,12 @@
name: update-dist name: update-dist
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on: on:
pull_request: pull_request:
types: types:
@ -8,27 +15,27 @@ on:
jobs: jobs:
update-dist: update-dist:
if: github.actor == 'dependabot[bot]' if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- -
name: GitHub auth token from GitHub App name: GitHub auth token from GitHub App
id: docker-read-app id: docker-read-app
uses: actions/create-github-app-token@v3 uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
with: with:
app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }} app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }} private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
owner: docker owner: docker
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
ref: ${{ github.event.pull_request.head.ref }} ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0 fetch-depth: 0
token: ${{ steps.docker-read-app.outputs.token || github.token }} token: ${{ steps.docker-read-app.outputs.token }}
- -
name: Build name: Build
uses: docker/bake-action@v7 uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
with: with:
source: . source: .
targets: build targets: build

9
.github/workflows/validate.yml vendored
View File

@ -1,5 +1,8 @@
name: validate name: validate
permissions:
contents: read
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
@ -19,11 +22,11 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Generate matrix name: Generate matrix
id: generate id: generate
uses: docker/bake-action/subaction/matrix@v7 uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
with: with:
target: validate target: validate
@ -38,6 +41,6 @@ jobs:
steps: steps:
- -
name: Validate name: Validate
uses: docker/bake-action@v7 uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
with: with:
targets: ${{ matrix.target }} targets: ${{ matrix.target }}

29
.github/workflows/zizmor.yml vendored Normal file
View File

@ -0,0 +1,29 @@
name: zizmor
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- 'master'
- 'releases/v*'
tags:
- 'v*'
pull_request:
jobs:
zizmor:
uses: crazy-max/.github/.github/workflows/zizmor.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0
permissions:
contents: read
security-events: write
with:
min-severity: medium
min-confidence: medium
persona: pedantic

3
.github/zizmor.yml vendored Normal file
View File

@ -0,0 +1,3 @@
rules:
secrets-outside-env: # FIXME: remove this rule when zizmor 1.24.0 is released, fixing the right persona attached to this rule: https://github.com/zizmorcore/zizmor/pull/1783
disable: true

84
__tests__/docker.test.ts
View File

@ -1,21 +1,27 @@
import {expect, test, vi} from 'vitest'; import {afterEach, beforeEach, expect, test, vi} from 'vitest';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js'; import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js';
import {loginStandard, logout} from '../src/docker.js'; import {loginStandard, logout} from '../src/docker.js';
beforeEach(() => {
delete process.env.DOCKER_LOGIN_SKIP_IF_MISSING_CREDS;
});
afterEach(() => {
delete process.env.DOCKER_LOGIN_SKIP_IF_MISSING_CREDS;
});
test('loginStandard calls exec', async () => { test('loginStandard calls exec', async () => {
const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => { const execSpy = vi.spyOn(Docker, 'getExecOutput').mockResolvedValue({
return { exitCode: 0,
exitCode: expect.any(Number), stdout: '',
stdout: expect.any(Function), stderr: ''
stderr: expect.any(Function)
};
}); });
const username = 'dbowie'; const username = 'dbowie';
const password = 'groundcontrol'; const password = 'groundcontrol';
const registry = 'https://ghcr.io'; const registry = 'ghcr.io';
await loginStandard(registry, username, password); await loginStandard(registry, username, password);
@ -25,6 +31,7 @@ test('loginStandard calls exec', async () => {
// we don't want to check env opt // we don't want to check env opt
callfunc[1].env = undefined; callfunc[1].env = undefined;
} }
expect(execSpy).toHaveBeenCalledWith(['login', '--password-stdin', '--username', username, registry], { expect(execSpy).toHaveBeenCalledWith(['login', '--password-stdin', '--username', username, registry], {
input: Buffer.from(password), input: Buffer.from(password),
silent: true, silent: true,
@ -32,25 +39,68 @@ test('loginStandard calls exec', async () => {
}); });
}); });
test('logout calls exec', async () => { test('loginStandard throws if username and password are missing', () => {
const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => { const execSpy = vi.spyOn(Docker, 'getExecOutput');
return { const login = loginStandard('ghcr.io', '', '');
exitCode: expect.any(Number), expect(execSpy).not.toHaveBeenCalled();
stdout: expect.any(Function), return expect(login).rejects.toThrow('Username and password required');
stderr: expect.any(Function)
};
}); });
const registry = 'https://ghcr.io'; test('loginStandard throws if username is missing', () => {
const execSpy = vi.spyOn(Docker, 'getExecOutput');
const login = loginStandard('ghcr.io', '', 'groundcontrol');
expect(execSpy).not.toHaveBeenCalled();
return expect(login).rejects.toThrow('Username required');
});
test('loginStandard throws if password is missing', () => {
const execSpy = vi.spyOn(Docker, 'getExecOutput');
const login = loginStandard('ghcr.io', 'dbowie', '');
expect(execSpy).not.toHaveBeenCalled();
return expect(login).rejects.toThrow('Password required');
});
test('loginStandard skips if both credentials are missing and env opt-in is enabled', () => {
process.env.DOCKER_LOGIN_SKIP_IF_MISSING_CREDS = 'true';
const execSpy = vi.spyOn(Docker, 'getExecOutput');
const login = loginStandard('ghcr.io', '', '');
expect(execSpy).not.toHaveBeenCalled();
return expect(login).resolves.toBeUndefined();
});
test('loginStandard skips if username is missing and env opt-in is enabled', () => {
process.env.DOCKER_LOGIN_SKIP_IF_MISSING_CREDS = 'true';
const execSpy = vi.spyOn(Docker, 'getExecOutput');
const login = loginStandard('ghcr.io', '', 'groundcontrol');
expect(execSpy).not.toHaveBeenCalled();
return expect(login).resolves.toBeUndefined();
});
test('loginStandard skips if password is missing and env opt-in is enabled', () => {
process.env.DOCKER_LOGIN_SKIP_IF_MISSING_CREDS = 'true';
const execSpy = vi.spyOn(Docker, 'getExecOutput');
const login = loginStandard('ghcr.io', 'dbowie', '');
expect(execSpy).not.toHaveBeenCalled();
return expect(login).resolves.toBeUndefined();
});
test('logout calls exec', async () => {
const execSpy = vi.spyOn(Docker, 'getExecOutput').mockResolvedValue({
exitCode: 0,
stdout: '',
stderr: ''
});
const registry = 'ghcr.io';
await logout(registry, ''); await logout(registry, '');
expect(execSpy).toHaveBeenCalledTimes(1); expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0]; const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) { if (callfunc && callfunc[1]) {
// we don't want to check env opt // we don't want to check env opt
callfunc[1].env = undefined; callfunc[1].env = undefined;
} }
expect(execSpy).toHaveBeenCalledWith(['logout', registry], { expect(execSpy).toHaveBeenCalledWith(['logout', registry], {
ignoreReturnCode: true ignoreReturnCode: true
}); });

2
dist/index.js generated vendored
View File

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

12
src/docker.ts
View File

@ -1,6 +1,7 @@
import * as core from '@actions/core'; import * as core from '@actions/core';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js'; import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js';
import {Util} from '@docker/actions-toolkit/lib/util.js';
import * as aws from './aws.js'; import * as aws from './aws.js';
import * as context from './context.js'; import * as context from './context.js';
@ -34,6 +35,10 @@ export async function logout(registry: string, configDir: string): Promise<void>
} }
export async function loginStandard(registry: string, username: string, password: string, scope?: string): Promise<void> { export async function loginStandard(registry: string, username: string, password: string, scope?: string): Promise<void> {
if ((!username || !password) && skipLoginIfMissingCredsEnabled()) {
core.info(`Skipping login to ${registry}. Username or password is not set and DOCKER_LOGIN_SKIP_IF_MISSING_CREDS is enabled.`);
return;
}
if (!username && !password) { if (!username && !password) {
throw new Error('Username and password required'); throw new Error('Username and password required');
} }
@ -79,3 +84,10 @@ async function loginExec(registry: string, username: string, password: string, s
core.info('Login Succeeded!'); core.info('Login Succeeded!');
}); });
} }
function skipLoginIfMissingCredsEnabled(): boolean {
if (process.env.DOCKER_LOGIN_SKIP_IF_MISSING_CREDS) {
return Util.parseBool(process.env.DOCKER_LOGIN_SKIP_IF_MISSING_CREDS);
}
return false;
}