mirror of
https://gitea.com/docker/login-action.git
synced 2024-11-26 11:29:36 +01:00
Merge branch 'master' into login-test
This commit is contained in:
commit
767b2f4b7b
8 changed files with 87 additions and 47 deletions
BIN
.github/docker-login.png
vendored
BIN
.github/docker-login.png
vendored
Binary file not shown.
Before Width: | Height: | Size: 5 KiB After Width: | Height: | Size: 5 KiB |
64
README.md
64
README.md
|
@ -24,6 +24,7 @@ ___
|
||||||
* [GitLab](#gitlab)
|
* [GitLab](#gitlab)
|
||||||
* [Azure Container Registry (ACR)](#azure-container-registry-acr)
|
* [Azure Container Registry (ACR)](#azure-container-registry-acr)
|
||||||
* [Google Container Registry (GCR)](#google-container-registry-gcr)
|
* [Google Container Registry (GCR)](#google-container-registry-gcr)
|
||||||
|
* [Google Artifact Registry (GAR)](#google-artifact-registry-gar)
|
||||||
* [AWS Elastic Container Registry (ECR)](#aws-elastic-container-registry-ecr)
|
* [AWS Elastic Container Registry (ECR)](#aws-elastic-container-registry-ecr)
|
||||||
* [Customizing](#customizing)
|
* [Customizing](#customizing)
|
||||||
* [inputs](#inputs)
|
* [inputs](#inputs)
|
||||||
|
@ -162,6 +163,11 @@ jobs:
|
||||||
|
|
||||||
### Google Container Registry (GCR)
|
### Google Container Registry (GCR)
|
||||||
|
|
||||||
|
> [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of Google Container Registry. As a
|
||||||
|
> fully-managed service with support for both container images and non-container artifacts. If you currently use
|
||||||
|
> Google Container Registry, use the information [on this page](https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr)
|
||||||
|
> to learn about transitioning to Google Artifact Registry.
|
||||||
|
|
||||||
Use a service account with the ability to push to GCR and [configure access control](https://cloud.google.com/container-registry/docs/access-control).
|
Use a service account with the ability to push to GCR and [configure access control](https://cloud.google.com/container-registry/docs/access-control).
|
||||||
Then create and download the JSON key for this service account and save content of `.json` file
|
Then create and download the JSON key for this service account and save content of `.json` file
|
||||||
[as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
|
[as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
|
||||||
|
@ -187,6 +193,36 @@ jobs:
|
||||||
password: ${{ secrets.GCR_JSON_KEY }}
|
password: ${{ secrets.GCR_JSON_KEY }}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Google Artifact Registry (GAR)
|
||||||
|
|
||||||
|
Use a service account with the ability to push to GAR and [configure access control](https://cloud.google.com/artifact-registry/docs/access-control).
|
||||||
|
Then create and download the JSON key for this service account and save content of `.json` file
|
||||||
|
[as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
|
||||||
|
called `GAR_JSON_KEY` in your GitHub repo. Ensure you set the username to `_json_key`.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: master
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
login:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Login to GAR
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
registry: <location>-docker.pkg.dev
|
||||||
|
username: _json_key
|
||||||
|
password: ${{ secrets.GAR_JSON_KEY }}
|
||||||
|
```
|
||||||
|
|
||||||
|
> Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
|
||||||
|
> of the repository where the image is stored.
|
||||||
|
|
||||||
### AWS Elastic Container Registry (ECR)
|
### AWS Elastic Container Registry (ECR)
|
||||||
|
|
||||||
Use an IAM user with the [ability to push to ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html).
|
Use an IAM user with the [ability to push to ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html).
|
||||||
|
@ -213,6 +249,34 @@ jobs:
|
||||||
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials) action in
|
||||||
|
combination with this action:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: master
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
login:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Configure AWS Credentials
|
||||||
|
uses: aws-actions/configure-aws-credentials@v1
|
||||||
|
with:
|
||||||
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||||
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
|
aws-region: <region>
|
||||||
|
-
|
||||||
|
name: Login to ECR
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
|
||||||
|
```
|
||||||
|
|
||||||
> Replace `<aws-account-number>` and `<region>` with their respective values.
|
> Replace `<aws-account-number>` and `<region>` with their respective values.
|
||||||
|
|
||||||
## Customizing
|
## Customizing
|
||||||
|
|
|
@ -2,20 +2,7 @@ import osm = require('os');
|
||||||
|
|
||||||
import {getInputs} from '../src/context';
|
import {getInputs} from '../src/context';
|
||||||
|
|
||||||
test('without username getInputs throws errors', async () => {
|
test('with password and username getInputs does not throw error', async () => {
|
||||||
expect(() => {
|
|
||||||
getInputs();
|
|
||||||
}).toThrowError('Input required and not supplied: username');
|
|
||||||
});
|
|
||||||
|
|
||||||
test('without password getInputs throws errors', async () => {
|
|
||||||
process.env['INPUT_USERNAME'] = 'dbowie';
|
|
||||||
expect(() => {
|
|
||||||
getInputs();
|
|
||||||
}).toThrowError('Input required and not supplied: password');
|
|
||||||
});
|
|
||||||
|
|
||||||
test('with password and username getInputs does not error', async () => {
|
|
||||||
process.env['INPUT_USERNAME'] = 'dbowie';
|
process.env['INPUT_USERNAME'] = 'dbowie';
|
||||||
process.env['INPUT_PASSWORD'] = 'groundcontrol';
|
process.env['INPUT_PASSWORD'] = 'groundcontrol';
|
||||||
expect(() => {
|
expect(() => {
|
||||||
|
|
|
@ -17,7 +17,7 @@ test('errors when not run on linux platform', async () => {
|
||||||
expect(coreSpy).toHaveBeenCalledWith('Only supported on linux platform');
|
expect(coreSpy).toHaveBeenCalledWith('Only supported on linux platform');
|
||||||
});
|
});
|
||||||
|
|
||||||
test('errors without username', async () => {
|
test('errors without username and password', async () => {
|
||||||
const platSpy = jest.spyOn(osm, 'platform');
|
const platSpy = jest.spyOn(osm, 'platform');
|
||||||
platSpy.mockImplementation(() => 'linux');
|
platSpy.mockImplementation(() => 'linux');
|
||||||
|
|
||||||
|
@ -25,21 +25,7 @@ test('errors without username', async () => {
|
||||||
|
|
||||||
await run();
|
await run();
|
||||||
|
|
||||||
expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: username');
|
expect(coreSpy).toHaveBeenCalledWith('Username and password required');
|
||||||
});
|
|
||||||
|
|
||||||
test('errors without password', async () => {
|
|
||||||
const platSpy = jest.spyOn(osm, 'platform');
|
|
||||||
platSpy.mockImplementation(() => 'linux');
|
|
||||||
|
|
||||||
const coreSpy: jest.SpyInstance = jest.spyOn(core, 'setFailed');
|
|
||||||
|
|
||||||
const username: string = 'dbowie';
|
|
||||||
process.env[`INPUT_USERNAME`] = username;
|
|
||||||
|
|
||||||
await run();
|
|
||||||
|
|
||||||
expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: password');
|
|
||||||
});
|
});
|
||||||
|
|
||||||
test('successful with username and password', async () => {
|
test('successful with username and password', async () => {
|
||||||
|
@ -79,7 +65,7 @@ test('calls docker login', async () => {
|
||||||
const password: string = 'groundcontrol';
|
const password: string = 'groundcontrol';
|
||||||
process.env[`INPUT_PASSWORD`] = password;
|
process.env[`INPUT_PASSWORD`] = password;
|
||||||
|
|
||||||
const registry: string = 'https://ghcr.io';
|
const registry: string = 'ghcr.io';
|
||||||
process.env[`INPUT_REGISTRY`] = registry;
|
process.env[`INPUT_REGISTRY`] = registry;
|
||||||
|
|
||||||
const logout: string = 'true';
|
const logout: string = 'true';
|
||||||
|
|
|
@ -12,10 +12,10 @@ inputs:
|
||||||
required: false
|
required: false
|
||||||
username:
|
username:
|
||||||
description: 'Username used to log against the Docker registry'
|
description: 'Username used to log against the Docker registry'
|
||||||
required: true
|
required: false
|
||||||
password:
|
password:
|
||||||
description: 'Password or personal access token used to log against the Docker registry'
|
description: 'Password or personal access token used to log against the Docker registry'
|
||||||
required: true
|
required: false
|
||||||
logout:
|
logout:
|
||||||
description: 'Log out from the Docker registry at the end of a job'
|
description: 'Log out from the Docker registry at the end of a job'
|
||||||
default: 'true'
|
default: 'true'
|
||||||
|
|
15
dist/index.js
generated
vendored
15
dist/index.js
generated
vendored
|
@ -3062,10 +3062,11 @@ function logout(registry) {
|
||||||
exports.logout = logout;
|
exports.logout = logout;
|
||||||
function loginStandard(registry, username, password) {
|
function loginStandard(registry, username, password) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
let loginArgs = ['login', '--password-stdin'];
|
if (!username || !password) {
|
||||||
if (username) {
|
throw new Error('Username and password required');
|
||||||
loginArgs.push('--username', username);
|
|
||||||
}
|
}
|
||||||
|
let loginArgs = ['login', '--password-stdin'];
|
||||||
|
loginArgs.push('--username', username);
|
||||||
loginArgs.push(registry);
|
loginArgs.push(registry);
|
||||||
if (registry) {
|
if (registry) {
|
||||||
core.info(`🔑 Logging into ${registry}...`);
|
core.info(`🔑 Logging into ${registry}...`);
|
||||||
|
@ -3088,8 +3089,8 @@ function loginECR(registry, username, password) {
|
||||||
const cliVersion = yield aws.getCLIVersion();
|
const cliVersion = yield aws.getCLIVersion();
|
||||||
const region = yield aws.getRegion(registry);
|
const region = yield aws.getRegion(registry);
|
||||||
core.info(`💡 AWS ECR detected with ${region} region`);
|
core.info(`💡 AWS ECR detected with ${region} region`);
|
||||||
process.env.AWS_ACCESS_KEY_ID = username;
|
process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
|
||||||
process.env.AWS_SECRET_ACCESS_KEY = password;
|
process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
|
||||||
core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
||||||
const loginCmd = yield aws.getDockerLoginCmd(cliVersion, registry, region);
|
const loginCmd = yield aws.getDockerLoginCmd(cliVersion, registry, region);
|
||||||
core.info(`🔑 Logging into ${registry}...`);
|
core.info(`🔑 Logging into ${registry}...`);
|
||||||
|
@ -3647,8 +3648,8 @@ const core = __importStar(__webpack_require__(186));
|
||||||
function getInputs() {
|
function getInputs() {
|
||||||
return {
|
return {
|
||||||
registry: core.getInput('registry'),
|
registry: core.getInput('registry'),
|
||||||
username: core.getInput('username', { required: true }),
|
username: core.getInput('username'),
|
||||||
password: core.getInput('password', { required: true }),
|
password: core.getInput('password'),
|
||||||
logout: core.getInput('logout')
|
logout: core.getInput('logout')
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,8 +10,8 @@ export interface Inputs {
|
||||||
export function getInputs(): Inputs {
|
export function getInputs(): Inputs {
|
||||||
return {
|
return {
|
||||||
registry: core.getInput('registry'),
|
registry: core.getInput('registry'),
|
||||||
username: core.getInput('username', {required: true}),
|
username: core.getInput('username'),
|
||||||
password: core.getInput('password', {required: true}),
|
password: core.getInput('password'),
|
||||||
logout: core.getInput('logout')
|
logout: core.getInput('logout')
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,10 +19,12 @@ export async function logout(registry: string): Promise<void> {
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
|
export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
|
||||||
let loginArgs: Array<string> = ['login', '--password-stdin'];
|
if (!username || !password) {
|
||||||
if (username) {
|
throw new Error('Username and password required');
|
||||||
loginArgs.push('--username', username);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let loginArgs: Array<string> = ['login', '--password-stdin'];
|
||||||
|
loginArgs.push('--username', username);
|
||||||
loginArgs.push(registry);
|
loginArgs.push(registry);
|
||||||
|
|
||||||
if (registry) {
|
if (registry) {
|
||||||
|
@ -44,8 +46,8 @@ export async function loginECR(registry: string, username: string, password: str
|
||||||
const region = await aws.getRegion(registry);
|
const region = await aws.getRegion(registry);
|
||||||
core.info(`💡 AWS ECR detected with ${region} region`);
|
core.info(`💡 AWS ECR detected with ${region} region`);
|
||||||
|
|
||||||
process.env.AWS_ACCESS_KEY_ID = username;
|
process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
|
||||||
process.env.AWS_SECRET_ACCESS_KEY = password;
|
process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
|
||||||
|
|
||||||
core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
||||||
const loginCmd = await aws.getDockerLoginCmd(cliVersion, registry, region);
|
const loginCmd = await aws.getDockerLoginCmd(cliVersion, registry, region);
|
||||||
|
|
Loading…
Reference in a new issue