Merge pull request #1007 from crazy-max/ci-creds-update

ci: update registry auth credentials
ci: update registry to auth to gar
2026-06-10 03:40:31 +08:00 · 2026-06-09 10:45:03 +02:00 · 2026-06-04 16:19:19 +02:00 · 2026-06-04 16:19:18 +02:00 · 2026-06-04 16:19:18 +02:00 · 2026-06-04 16:19:18 +02:00
1 changed files with 55 additions and 21 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -7,6 +7,9 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+env:
+  GHCR_TEST_IMAGE: ghcr.io/docker/login-action-test:ci-${{ github.sha }}
+
 on:
  workflow_dispatch:
  schedule:
@@ -56,8 +59,39 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}
          logout: ${{ matrix.logout }}

+  push-ghcr:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      -
+        name: Login to GitHub Container Registry
+        uses: ./
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push test image
+        run: |
+          docker buildx build --push -t "${GHCR_TEST_IMAGE}" - <<EOF
+          FROM scratch
+          LABEL org.opencontainers.image.title="docker/login-action CI test image"
+          LABEL org.opencontainers.image.description="Empty image used by CI to verify GHCR authentication."
+          LABEL org.opencontainers.image.source="https://github.com/${GITHUB_REPOSITORY}"
+          EOF
+
  dind:
    runs-on: ubuntu-latest
+    needs:
+      - push-ghcr
+    permissions:
+      contents: read
+      packages: read
    env:
      DOCKER_CONFIG: $HOME/.docker
    steps:
@@ -69,19 +103,19 @@ jobs:
        uses: ./
        with:
          registry: ghcr.io
-          username: ${{ secrets.GHCR_USERNAME }}
-          password: ${{ secrets.GHCR_PAT }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: DinD
        uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
        with:
          entrypoint: docker
-          args: pull ghcr.io/docker-ghactiontest/test
+          args: pull ${{ env.GHCR_TEST_IMAGE }}
      -
-        name: Pull private image
+        name: Pull test image
        run: |
          docker image prune -a -f >/dev/null 2>&1
-          docker pull ghcr.io/docker-ghactiontest/test
+          docker pull "${GHCR_TEST_IMAGE}"

  acr:
    runs-on: ubuntu-latest
@@ -93,7 +127,7 @@ jobs:
        name: Login to ACR
        uses: ./
        with:
-          registry: ${{ secrets.AZURE_REGISTRY_NAME }}.azurecr.io
+          registry: officialgithubactions.azurecr.io
          username: ${{ secrets.AZURE_CLIENT_ID }}
          password: ${{ secrets.AZURE_CLIENT_SECRET }}

@@ -113,8 +147,8 @@ jobs:
        name: Login to Docker Hub
        uses: ./
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
+          password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}

  ecr:
    runs-on: ${{ matrix.os }}
@@ -132,7 +166,7 @@ jobs:
        name: Login to ECR
        uses: ./
        with:
-          registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.us-east-1.amazonaws.com
+          registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com
          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

@@ -150,7 +184,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
+        uses: aws-actions/configure-aws-credentials@acca2b1b2070338fb9fd1ca27ecee81d687e58e5 # v6.1.2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -159,7 +193,7 @@ jobs:
        name: Login to ECR
        uses: ./
        with:
-          registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.us-east-1.amazonaws.com
+          registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com

  ecr-public:
    runs-on: ${{ matrix.os }}
@@ -198,7 +232,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
+        uses: aws-actions/configure-aws-credentials@acca2b1b2070338fb9fd1ca27ecee81d687e58e5 # v6.1.2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -266,7 +300,7 @@ jobs:
        name: Login to Google Artifact Registry
        uses: ./
        with:
-          registry: ${{ secrets.GAR_LOCATION }}-docker.pkg.dev
+          registry: us-east4-docker.pkg.dev
          username: _json_key
          password: ${{ secrets.GAR_JSON_KEY }}

@@ -301,8 +335,8 @@ jobs:
        uses: ./
        with:
          registry-auth: |
-            - username: ${{ secrets.DOCKERHUB_USERNAME }}
-              password: ${{ secrets.DOCKERHUB_TOKEN }}
+            - username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
+              password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}
            - registry: ghcr.io
              username: ${{ github.actor }}
              password: ${{ secrets.GITHUB_TOKEN }}
@@ -350,8 +384,8 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
          registry-auth: |
-            - username: ${{ secrets.DOCKERHUB_USERNAME }}
-              password: ${{ secrets.DOCKERHUB_TOKEN }}
+            - username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
+              password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}
      -
        name: Check
        run: |
@@ -376,8 +410,8 @@ jobs:
        name: Login to Docker Hub
        uses: ./
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
+          password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}
          scope: '@push'
      -
        name: Print config.json files
@@ -406,8 +440,8 @@ jobs:
        name: Login to Docker Hub
        uses: ./
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
+          password: ${{ secrets.DOCKERPUBLICBOT_READ_PAT }}
          scope: 'docker/buildx-bin@push'
      -
        name: Print config.json files
Author	SHA1	Message	Date
CrazyMax	946f94de75	Merge pull request #1007 from crazy-max/ci-creds-update ci: update registry auth credentials	2026-06-09 10:45:03 +02:00
CrazyMax	f50e5f80f8	ci: update registry to auth to gar Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-06-04 16:19:19 +02:00
CrazyMax	c5e5fd0017	ci: update registry to auth to acr Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-06-04 16:19:18 +02:00
CrazyMax	60e5331f1c	ci: update registry to auth to ecr Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-06-04 16:19:18 +02:00
CrazyMax	6a848e5a16	ci: update secrets to auth to docker hub Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-06-04 16:19:18 +02:00
CrazyMax	0267638d8a	Merge pull request #1008 from crazy-max/ci-ghcr-dind-test-image ci: replace GHCR PAT in DinD test	2026-06-04 16:12:23 +02:00
CrazyMax	250c56f969	ci: replace GHCR PAT in DinD test Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-06-02 14:16:24 +02:00