1 Commits

Author SHA1 Message Date
dependabot[bot]
ae660623c7 build(deps): bump aws-actions/configure-aws-credentials
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 6.1.2 to 6.2.0.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](acca2b1b20...e7f100cf4c)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-03 22:34:01 +00:00
17 changed files with 2139 additions and 863 deletions

View File

@@ -7,9 +7,6 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
env:
GHCR_TEST_IMAGE: ghcr.io/docker/login-action-test:ci-${{ github.sha }}
on: on:
workflow_dispatch: workflow_dispatch:
schedule: schedule:
@@ -25,7 +22,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Stop docker name: Stop docker
run: | run: |
@@ -49,7 +46,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@@ -59,75 +56,44 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
logout: ${{ matrix.logout }} logout: ${{ matrix.logout }}
push-ghcr:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
-
name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-
name: Login to GitHub Container Registry
uses: ./
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build and push test image
run: |
docker buildx build --push -t "${GHCR_TEST_IMAGE}" - <<EOF
FROM scratch
LABEL org.opencontainers.image.title="docker/login-action CI test image"
LABEL org.opencontainers.image.description="Empty image used by CI to verify GHCR authentication."
LABEL org.opencontainers.image.source="https://github.com/${GITHUB_REPOSITORY}"
EOF
dind: dind:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs:
- push-ghcr
permissions:
contents: read
packages: read
env: env:
DOCKER_CONFIG: $HOME/.docker DOCKER_CONFIG: $HOME/.docker
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GHCR_PAT }}
- -
name: DinD name: DinD
uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029 uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
with: with:
entrypoint: docker entrypoint: docker
args: pull ${{ env.GHCR_TEST_IMAGE }} args: pull ghcr.io/docker-ghactiontest/test
- -
name: Pull test image name: Pull private image
run: | run: |
docker image prune -a -f >/dev/null 2>&1 docker image prune -a -f >/dev/null 2>&1
docker pull "${GHCR_TEST_IMAGE}" docker pull ghcr.io/docker-ghactiontest/test
acr: acr:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to ACR name: Login to ACR
uses: ./ uses: ./
with: with:
registry: officialgithubactions.azurecr.io registry: ${{ secrets.AZURE_REGISTRY_NAME }}.azurecr.io
username: ${{ secrets.AZURE_CLIENT_ID }} username: ${{ secrets.AZURE_CLIENT_ID }}
password: ${{ secrets.AZURE_CLIENT_SECRET }} password: ${{ secrets.AZURE_CLIENT_SECRET }}
@@ -142,13 +108,13 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Docker Hub name: Login to Docker Hub
uses: ./ uses: ./
with: with:
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }} password: ${{ secrets.DOCKERHUB_TOKEN }}
ecr: ecr:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
@@ -161,12 +127,12 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to ECR name: Login to ECR
uses: ./ uses: ./
with: with:
registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.us-east-1.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }} username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -181,10 +147,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Configure AWS Credentials name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1 uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -193,34 +159,7 @@ jobs:
name: Login to ECR name: Login to ECR
uses: ./ uses: ./
with: with:
registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.us-east-1.amazonaws.com
ecr-oidc:
permissions:
contents: read
id-token: write
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
steps:
-
name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1
with:
role-to-assume: arn:aws:iam::175142243308:role/official_gha_cicd_login_action
aws-region: us-east-1
-
name: Login to ECR
uses: ./
with:
registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com
ecr-public: ecr-public:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
@@ -233,7 +172,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Public ECR name: Login to Public ECR
continue-on-error: ${{ matrix.os == 'windows-latest' }} continue-on-error: ${{ matrix.os == 'windows-latest' }}
@@ -256,10 +195,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Configure AWS Credentials name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1 uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -271,34 +210,6 @@ jobs:
with: with:
registry: public.ecr.aws registry: public.ecr.aws
ecr-public-oidc:
permissions:
contents: read
id-token: write
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
steps:
-
name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1
with:
role-to-assume: arn:aws:iam::175142243308:role/official_gha_cicd_login_action
aws-region: us-east-1
-
name: Login to Public ECR
continue-on-error: ${{ matrix.os == 'windows-latest' }}
uses: ./
with:
registry: public.ecr.aws
ghcr: ghcr:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
strategy: strategy:
@@ -310,7 +221,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@@ -330,7 +241,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitLab name: Login to GitLab
uses: ./ uses: ./
@@ -350,12 +261,12 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Google Artifact Registry name: Login to Google Artifact Registry
uses: ./ uses: ./
with: with:
registry: us-east4-docker.pkg.dev registry: ${{ secrets.GAR_LOCATION }}-docker.pkg.dev
username: _json_key username: _json_key
password: ${{ secrets.GAR_JSON_KEY }} password: ${{ secrets.GAR_JSON_KEY }}
@@ -370,7 +281,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Google Container Registry name: Login to Google Container Registry
uses: ./ uses: ./
@@ -384,14 +295,14 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to registries name: Login to registries
uses: ./ uses: ./
with: with:
registry-auth: | registry-auth: |
- username: ${{ vars.DOCKERPUBLICBOT_USERNAME }} - username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- registry: ghcr.io - registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
@@ -407,7 +318,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to registries name: Login to registries
uses: ./ uses: ./
@@ -428,7 +339,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to registries name: Login to registries
id: login id: login
@@ -439,8 +350,8 @@ jobs:
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
registry-auth: | registry-auth: |
- username: ${{ vars.DOCKERPUBLICBOT_USERNAME }} - username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- -
name: Check name: Check
run: | run: |
@@ -460,13 +371,13 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Docker Hub name: Login to Docker Hub
uses: ./ uses: ./
with: with:
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }} password: ${{ secrets.DOCKERHUB_TOKEN }}
scope: '@push' scope: '@push'
- -
name: Print config.json files name: Print config.json files
@@ -490,13 +401,13 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to Docker Hub name: Login to Docker Hub
uses: ./ uses: ./
with: with:
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }} password: ${{ secrets.DOCKERHUB_TOKEN }}
scope: 'docker/buildx-bin@push' scope: 'docker/buildx-bin@push'
- -
name: Print config.json files name: Print config.json files
@@ -520,7 +431,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./
@@ -551,7 +462,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
uses: ./ uses: ./

View File

@@ -22,7 +22,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Enable corepack name: Enable corepack
run: | run: |
@@ -35,12 +35,12 @@ jobs:
node-version: ${{ env.NODE_VERSION }} node-version: ${{ env.NODE_VERSION }}
- -
name: Initialize CodeQL name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
with: with:
languages: javascript-typescript languages: javascript-typescript
build-mode: none build-mode: none
- -
name: Perform CodeQL Analysis name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
with: with:
category: "/language:javascript-typescript" category: "/language:javascript-typescript"

View File

@@ -11,7 +11,7 @@ on:
jobs: jobs:
run: run:
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1 uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
permissions: permissions:
contents: read contents: read
pull-requests: write pull-requests: write

View File

@@ -22,7 +22,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Publish name: Publish
uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4 uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4

View File

@@ -20,16 +20,16 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Test name: Test
uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0 uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with: with:
source: . source: .
targets: test targets: test
- -
name: Upload coverage name: Upload coverage
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
with: with:
files: ./coverage/clover.xml files: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }} token: ${{ secrets.CODECOV_TOKEN }}

View File

@@ -30,14 +30,14 @@ jobs:
permission-contents: write permission-contents: write
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
ref: ${{ github.event.pull_request.head.ref }} ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0 fetch-depth: 0
token: ${{ steps.docker-read-app.outputs.token }} token: ${{ steps.docker-read-app.outputs.token }}
- -
name: Build name: Build
uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0 uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with: with:
source: . source: .
targets: build targets: build
@@ -50,7 +50,7 @@ jobs:
git config user.name "github-actions[bot]" git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add dist git add dist
git commit -m "[dependabot skip] chore: update generated content" git commit -m "chore: update generated content"
git push git push
) )
else else

View File

@@ -22,11 +22,11 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- -
name: Generate matrix name: Generate matrix
id: generate id: generate
uses: docker/bake-action/subaction/matrix@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0 uses: docker/bake-action/subaction/matrix@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with: with:
target: validate target: validate
@@ -41,6 +41,6 @@ jobs:
steps: steps:
- -
name: Validate name: Validate
uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0 uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with: with:
targets: ${{ matrix.target }} targets: ${{ matrix.target }}

View File

@@ -19,7 +19,7 @@ on:
jobs: jobs:
zizmor: zizmor:
uses: crazy-max/.github/.github/workflows/zizmor.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1 uses: crazy-max/.github/.github/workflows/zizmor.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
permissions: permissions:
contents: read contents: read
security-events: write security-events: write

View File

@@ -14,9 +14,6 @@ logFilters:
- code: YN0086 - code: YN0086
level: discard level: discard
npmPreapprovedPackages:
- "@docker/actions-toolkit"
compressionLevel: mixed compressionLevel: mixed
enableGlobalCache: false enableGlobalCache: false
enableHardenedMode: true enableHardenedMode: true

View File

@@ -1,4 +1,4 @@
import {afterEach, expect, test, vi} from 'vitest'; import {afterEach, expect, test} from 'vitest';
import * as path from 'path'; import * as path from 'path';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js'; import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
@@ -6,7 +6,6 @@ import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
import {getAuthList, getInputs} from '../src/context.js'; import {getAuthList, getInputs} from '../src/context.js';
afterEach(() => { afterEach(() => {
vi.restoreAllMocks();
for (const key of Object.keys(process.env)) { for (const key of Object.keys(process.env)) {
if (key.startsWith('INPUT_')) { if (key.startsWith('INPUT_')) {
delete process.env[key]; delete process.env[key];
@@ -34,37 +33,3 @@ test('getAuthList uses the default Docker Hub registry when computing scoped con
configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope') configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope')
}); });
}); });
test('getAuthList skips secret masking when registry-auth password is absent', async () => {
const stdoutWriteSpy = vi.spyOn(process.stdout, 'write').mockImplementation(() => true);
const [auth] = getAuthList({
registry: '',
username: '',
password: '',
scope: '',
ecr: '',
logout: true,
registryAuth: '- registry: public.ecr.aws\n'
});
expect(stdoutWriteSpy.mock.calls.map(call => call[0]).join('')).not.toContain('::add-mask::');
expect(auth).toMatchObject({
registry: 'public.ecr.aws',
ecr: 'auto'
});
});
test('getAuthList masks registry-auth password when present', async () => {
const stdoutWriteSpy = vi.spyOn(process.stdout, 'write').mockImplementation(() => true);
getAuthList({
registry: '',
username: '',
password: '',
scope: '',
ecr: '',
logout: true,
registryAuth: '- registry: ghcr.io\n username: dbowie\n password: groundcontrol\n'
});
expect(stdoutWriteSpy.mock.calls.map(call => call[0]).join('')).toContain('::add-mask::groundcontrol');
});

View File

@@ -17,7 +17,7 @@ FROM base AS deps
RUN --mount=type=bind,target=.,rw \ RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \ --mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \ --mount=type=cache,target=/src/node_modules \
yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor yarn install && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update FROM scratch AS vendor-update
COPY --from=deps /vendor / COPY --from=deps /vendor /

322
dist/index.cjs generated vendored

File diff suppressed because one or more lines are too long

8
dist/index.cjs.map generated vendored

File diff suppressed because one or more lines are too long

1406
dist/licenses.txt generated vendored

File diff suppressed because it is too large Load Diff

View File

@@ -4,7 +4,7 @@
"type": "module", "type": "module",
"main": "src/main.ts", "main": "src/main.ts",
"scripts": { "scripts": {
"build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify --keep-names && yarn run license", "build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify && yarn run license",
"lint": "eslint --max-warnings=0 .", "lint": "eslint --max-warnings=0 .",
"format": "eslint --fix .", "format": "eslint --fix .",
"test": "vitest run", "test": "vitest run",
@@ -24,12 +24,12 @@
"packageManager": "yarn@4.15.0", "packageManager": "yarn@4.15.0",
"dependencies": { "dependencies": {
"@actions/core": "^3.0.1", "@actions/core": "^3.0.1",
"@aws-sdk/client-ecr": "^3.1077.0", "@aws-sdk/client-ecr": "^3.1050.0",
"@aws-sdk/client-ecr-public": "^3.1077.0", "@aws-sdk/client-ecr-public": "^3.1050.0",
"@docker/actions-toolkit": "^0.92.0", "@docker/actions-toolkit": "^0.91.0",
"http-proxy-agent": "^9.1.0", "http-proxy-agent": "^9.0.0",
"https-proxy-agent": "^9.1.0", "https-proxy-agent": "^9.0.0",
"js-yaml": "^5.2.0" "js-yaml": "^4.1.1"
}, },
"devDependencies": { "devDependencies": {
"@eslint/js": "^9.39.3", "@eslint/js": "^9.39.3",

View File

@@ -53,9 +53,7 @@ export function getAuthList(inputs: Inputs): Array<Auth> {
}); });
} else { } else {
auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => { auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
if (auth.password) {
core.setSecret(auth.password); // redacted in workflow logs core.setSecret(auth.password); // redacted in workflow logs
}
const registry = auth.registry || 'docker.io'; const registry = auth.registry || 'docker.io';
return { return {
registry, registry,

1005
yarn.lock

File diff suppressed because it is too large Load Diff