docker/build-push-action
1
0
Fork 0
mirror of https://github.com/docker/build-push-action.git synced 2026-06-05 21:08:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1554 from crazy-max/e2e-ghcr

Browse Source 
ci(e2e): use GITHUB_TOKEN for GHCR e2e
This commit is contained in:
CrazyMax
2026-06-04 16:00:12 +02:00
committed by GitHub
parent 1d0c110a5d f55bd083f2
commit 7b93b2b85c
3 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/.e2e-run.yml vendored
View File

@@ -1,9 +1,6 @@
# reusable workflow # reusable workflow
name: .e2e-run name: .e2e-run
permissions:
contents: read
on: on:
workflow_call: workflow_call:
inputs: inputs:
@@ -117,8 +114,8 @@ jobs:
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
with: with:
registry: ${{ env.REGISTRY_FQDN || inputs.registry }} registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
username: ${{ env.REGISTRY_USER || secrets.registry_username }} username: ${{ env.REGISTRY_USER || secrets.registry_username || (inputs.registry == 'ghcr.io' && github.actor) || '' }}
password: ${{ env.REGISTRY_PASSWORD || secrets.registry_password }} password: ${{ env.REGISTRY_PASSWORD || secrets.registry_password || (inputs.registry == 'ghcr.io' && secrets.GITHUB_TOKEN) || '' }}
scope: ${{ inputs.type == 'remote' && inputs.registry == '' && '@push' || '' }} scope: ${{ inputs.type == 'remote' && inputs.registry == '' && '@push' || '' }}
- -
name: Build and push name: Build and push

10
.github/workflows/e2e.yml vendored
View File

@@ -20,6 +20,9 @@ on:
jobs: jobs:
build: build:
uses: ./.github/workflows/.e2e-run.yml uses: ./.github/workflows/.e2e-run.yml
permissions:
contents: read
packages: write # to push image to GHCR
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@@ -38,7 +41,7 @@ jobs:
- -
name: GitHub name: GitHub
registry: ghcr.io registry: ghcr.io
slug: ghcr.io/docker-ghactiontest/test slug: ghcr.io/docker/build-push-action-test
auth: ghcr auth: ghcr
type: remote type: remote
- -
@@ -100,11 +103,11 @@ jobs:
registry: ${{ matrix.registry }} registry: ${{ matrix.registry }}
slug: ${{ matrix.slug }} slug: ${{ matrix.slug }}
secrets: secrets:
# Pass only the two secrets needed by each matrix entry. # Pass only the registry-specific secrets needed by each matrix entry.
# GHCR uses the called workflow's GITHUB_TOKEN fallback.
registry_username: >- registry_username: >-
${{ ${{
matrix.auth == 'dockerhub' && secrets.DOCKERHUB_USERNAME || matrix.auth == 'dockerhub' && secrets.DOCKERHUB_USERNAME ||
matrix.auth == 'ghcr' && secrets.GHCR_USERNAME ||
matrix.auth == 'gitlab' && secrets.GITLAB_USERNAME || matrix.auth == 'gitlab' && secrets.GITLAB_USERNAME ||
matrix.auth == 'aws' && secrets.AWS_ACCESS_KEY_ID || matrix.auth == 'aws' && secrets.AWS_ACCESS_KEY_ID ||
matrix.auth == 'gar' && secrets.GAR_USERNAME || matrix.auth == 'gar' && secrets.GAR_USERNAME ||
@@ -116,7 +119,6 @@ jobs:
registry_password: >- registry_password: >-
${{ ${{
matrix.auth == 'dockerhub' && secrets.DOCKERHUB_TOKEN || matrix.auth == 'dockerhub' && secrets.DOCKERHUB_TOKEN ||
matrix.auth == 'ghcr' && secrets.GHCR_PAT ||
matrix.auth == 'gitlab' && secrets.GITLAB_TOKEN || matrix.auth == 'gitlab' && secrets.GITLAB_TOKEN ||
matrix.auth == 'aws' && secrets.AWS_SECRET_ACCESS_KEY || matrix.auth == 'aws' && secrets.AWS_SECRET_ACCESS_KEY ||
matrix.auth == 'gar' && secrets.GAR_JSON_KEY || matrix.auth == 'gar' && secrets.GAR_JSON_KEY ||

6
.github/zizmor.yml vendored Normal file
View File

@@ -0,0 +1,6 @@
rules:
# rule does not apply to reusable worfklows where permissions are defined by
# the caller workflow and not the reusable workflow itself
excessive-permissions:
ignore:
- .e2e-run.yml