108 changes: 92 additions & 16 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: ci

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

on:
workflow_dispatch:
schedule:
Expand All @@ -15,7 +19,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Stop docker
run: |
Expand All @@ -39,7 +43,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to GitHub Container Registry
uses: ./
Expand All @@ -56,7 +60,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to GitHub Container Registry
uses: ./
Expand All @@ -81,7 +85,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to ACR
uses: ./
Expand All @@ -101,7 +105,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to Docker Hub
uses: ./
Expand All @@ -120,7 +124,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to ECR
uses: ./
Expand All @@ -140,10 +144,10 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
uses: aws-actions/configure-aws-credentials@v5
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Expand All @@ -165,9 +169,10 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to Public ECR
continue-on-error: ${{ matrix.os == 'windows-latest' }}
uses: ./
with:
registry: public.ecr.aws
Expand All @@ -187,16 +192,17 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
uses: aws-actions/configure-aws-credentials@v5
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
-
name: Login to ECR
name: Login to Public ECR
continue-on-error: ${{ matrix.os == 'windows-latest' }}
uses: ./
with:
registry: public.ecr.aws
Expand All @@ -212,7 +218,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to GitHub Container Registry
uses: ./
Expand All @@ -232,7 +238,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to GitLab
uses: ./
Expand All @@ -252,7 +258,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to Google Artifact Registry
uses: ./
Expand All @@ -272,11 +278,81 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Login to Google Container Registry
uses: ./
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GCR_JSON_KEY }}

registry-auth:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: Login to registries
uses: ./
with:
registry-auth: |
- username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- registry: registry.gitlab.com
username: ${{ secrets.GITLAB_USERNAME }}
password: ${{ secrets.GITLAB_TOKEN }}
registry-auth-dup:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: Login to registries
uses: ./
with:
registry-auth: |
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry-auth-exclusive:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: Login to registries
id: login
continue-on-error: true
uses: ./
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry-auth: |
- username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Check
run: |
if [ "${{ steps.login.outcome }}" != "failure" ] || [ "${{ steps.login.conclusion }}" != "success" ]; then
echo "::error::Should have failed"
exit 1
fi
50 changes: 50 additions & 0 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: codeql

on:
push:
branches:
- 'master'
- 'releases/v*'
paths:
- '.github/workflows/codeql.yml'
- 'dist/**'
- 'src/**'
pull_request:
paths:
- '.github/workflows/codeql.yml'
- 'dist/**'
- 'src/**'

permissions:
actions: read
contents: read
security-events: write

jobs:
analyze:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language:
- javascript-typescript
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
config: |
paths:
- src
-
name: Autobuild
uses: github/codeql-action/autobuild@v3
-
name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
17 changes: 17 additions & 0 deletions .github/workflows/pr-assign-author.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: pr-assign-author

permissions:
contents: read

on:
pull_request_target:
types:
- opened
- reopened

jobs:
run:
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
permissions:
contents: read
pull-requests: write
21 changes: 21 additions & 0 deletions .github/workflows/publish.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: publish

on:
release:
types:
- published

jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: Publish
uses: actions/publish-immutable-action@v0.0.4
14 changes: 10 additions & 4 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: test

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

on:
push:
branches:
Expand All @@ -13,14 +17,16 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Test
uses: docker/bake-action@v3
uses: docker/bake-action@v6
with:
source: .
targets: test
-
name: Upload coverage
uses: codecov/codecov-action@v3
uses: codecov/codecov-action@v5
with:
file: ./coverage/clover.xml
files: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }}
22 changes: 12 additions & 10 deletions .github/workflows/validate.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: validate

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

on:
push:
branches:
Expand All @@ -11,16 +15,17 @@ jobs:
prepare:
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.targets.outputs.matrix }}
targets: ${{ steps.generate.outputs.targets }}
steps:
-
name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v5
-
name: Targets matrix
id: targets
run: |
echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
name: List targets
id: generate
uses: docker/bake-action/subaction/list-targets@v6
with:
target: validate

validate:
runs-on: ubuntu-latest
Expand All @@ -31,11 +36,8 @@ jobs:
matrix:
target: ${{ fromJson(needs.prepare.outputs.targets) }}
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Validate
uses: docker/bake-action@v3
uses: docker/bake-action@v6
with:
targets: ${{ matrix.target }}
68 changes: 15 additions & 53 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
node_modules/
lib
# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore

# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*

# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
Expand All @@ -19,34 +18,14 @@ pids
*.seed
*.pid.lock

# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov

# Coverage directory used by tools like istanbul
coverage
*.lcov

# nyc test coverage
.nyc_output

# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt

# Bower dependency directory (https://bower.io/)
bower_components

# node-waf configuration
.lock-wscript

# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release

# Dependency directories
node_modules/
jspm_packages/

# TypeScript v1 declaration files
typings/

# TypeScript cache
*.tsbuildinfo

Expand All @@ -56,36 +35,19 @@ typings/
# Optional eslint cache
.eslintcache

# Optional REPL history
.node_repl_history

# Output of 'npm pack'
*.tgz

# Yarn Integrity file
.yarn-integrity

# dotenv environment variables file
# dotenv environment variable files
.env
.env.test

# parcel-bundler cache (https://parceljs.org/)
.cache

# next.js build output
.next

# nuxt.js build output
.nuxt

# vuepress build output
.vuepress/dist

# Serverless directories
.serverless/

# FuseBox cache
.fusebox/

# DynamoDB Local files
.dynamodb/
.env.development.local
.env.test.local
.env.production.local
.env.local

# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
6 changes: 6 additions & 0 deletions .prettierignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Dependency directories
node_modules/
jspm_packages/

# yarn v2
.yarn/
17 changes: 17 additions & 0 deletions .yarnrc.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# https://yarnpkg.com/configuration/yarnrc

compressionLevel: mixed
enableGlobalCache: false
enableHardenedMode: true

logFilters:
- code: YN0013
level: discard
- code: YN0019
level: discard
- code: YN0076
level: discard
- code: YN0086
level: discard

nodeLinker: node-modules
303 changes: 202 additions & 101 deletions README.md
View file

Large diffs are not rendered by default.

11 changes: 9 additions & 2 deletions __tests__/aws.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import {beforeEach, describe, expect, jest, test} from '@jest/globals';
import {AuthorizationData} from '@aws-sdk/client-ecr';

import * as aws from '../src/aws';

describe('isECR', () => {
Expand All @@ -9,7 +10,9 @@ describe('isECR', () => {
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', true],
['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', true],
['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', true],
['public.ecr.aws', true]
['012345678901.dkr-ecr.eu-north-1.on.aws', true],
['public.ecr.aws', true],
['ecr-public.aws.com', true]
])('given registry %p', async (registry, expected) => {
expect(aws.isECR(registry)).toEqual(expected);
});
Expand All @@ -22,7 +25,9 @@ describe('isPubECR', () => {
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', false],
['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', false],
['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', false],
['public.ecr.aws', true]
['012345678901.dkr-ecr.eu-north-1.on.aws', false],
['public.ecr.aws', true],
['ecr-public.aws.com', true]
])('given registry %p', async (registry, expected) => {
expect(aws.isPubECR(registry)).toEqual(expected);
});
Expand All @@ -33,6 +38,7 @@ describe('getRegion', () => {
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', 'eu-west-3'],
['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', 'cn-north-1'],
['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', 'cn-northwest-1'],
['012345678901.dkr-ecr.eu-north-1.on.aws', 'eu-north-1'],
['public.ecr.aws', 'us-east-1']
])('given registry %p', async (registry, expected) => {
expect(aws.getRegion(registry)).toEqual(expected);
Expand All @@ -45,6 +51,7 @@ describe('getAccountIDs', () => {
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', '012345678910,023456789012', ['012345678901', '012345678910', '023456789012']],
['012345678901.dkr.ecr.eu-west-3.amazonaws.com', '012345678901,012345678910,023456789012', ['012345678901', '012345678910', '023456789012']],
['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', '012345678910,023456789012', ['390948362332', '012345678910', '023456789012']],
['876820548815.dkr-ecr.eu-north-1.on.aws', '012345678910,023456789012', ['876820548815', '012345678910', '023456789012']],
['public.ecr.aws', undefined, []]
])('given registry %p', async (registry, accountIDsEnv, expected) => {
if (accountIDsEnv) {
Expand Down
1 change: 1 addition & 0 deletions __tests__/context.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import {expect, test} from '@jest/globals';

import {getInputs} from '../src/context';

test('with password and username getInputs does not throw error', async () => {
Expand Down
26 changes: 20 additions & 6 deletions __tests__/docker.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
import {expect, jest, test} from '@jest/globals';
import {loginStandard, logout} from '../src/docker';
import * as path from 'path';
import * as exec from '@actions/exec';

import {loginStandard, logout} from '../src/docker';

import {Docker} from '@docker/actions-toolkit/lib/docker/docker';

process.env['RUNNER_TEMP'] = path.join(__dirname, 'runner');

test('loginStandard calls exec', async () => {
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
const execSpy = jest.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
const execSpy = jest.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
return {
exitCode: expect.any(Number),
stdout: expect.any(Function),
Expand All @@ -22,7 +24,13 @@ test('loginStandard calls exec', async () => {

await loginStandard(registry, username, password);

expect(execSpy).toHaveBeenCalledWith(`docker`, ['login', '--password-stdin', '--username', username, registry], {
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(execSpy).toHaveBeenCalledWith(['login', '--password-stdin', '--username', username, registry], {
input: Buffer.from(password),
silent: true,
ignoreReturnCode: true
Expand All @@ -32,7 +40,7 @@ test('loginStandard calls exec', async () => {
test('logout calls exec', async () => {
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
const execSpy = jest.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
const execSpy = jest.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
return {
exitCode: expect.any(Number),
stdout: expect.any(Function),
Expand All @@ -44,7 +52,13 @@ test('logout calls exec', async () => {

await logout(registry);

expect(execSpy).toHaveBeenCalledWith(`docker`, ['logout', registry], {
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(execSpy).toHaveBeenCalledWith(['logout', registry], {
ignoreReturnCode: true
});
});
65 changes: 0 additions & 65 deletions __tests__/main.test.ts
View file

This file was deleted.

6 changes: 4 additions & 2 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,16 @@ inputs:
required: false
ecr:
description: 'Specifies whether the given registry is ECR (auto, true or false)'
default: 'auto'
required: false
logout:
description: 'Log out from the Docker registry at the end of a job'
default: 'true'
required: false
registry-auth:
description: 'Raw authentication to registries, defined as YAML objects'
required: false

runs:
using: 'node16'
using: 'node20'
main: 'dist/index.js'
post: 'dist/index.js'
56 changes: 30 additions & 26 deletions dev.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,20 @@
# syntax=docker/dockerfile:1

ARG NODE_VERSION=16
ARG DOCKER_VERSION=20.10.13
ARG BUILDX_VERSION=0.8.1
ARG NODE_VERSION=20

FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git
WORKDIR /src
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache <<EOT
corepack enable
yarn --version
yarn config set --home enableTelemetry 0
EOT

FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor

Expand All @@ -18,18 +23,19 @@ COPY --from=deps /vendor /

FROM deps AS vendor-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock
exit 1
fi
set -e
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor"'
git status --porcelain -- yarn.lock
exit 1
fi
EOT

FROM deps AS build
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run build && mkdir /out && cp -Rf dist /out/

Expand All @@ -38,41 +44,39 @@ COPY --from=build /out /

FROM build AS build-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist
exit 1
fi
set -e
git add -A
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist
exit 1
fi
EOT

FROM deps AS format
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run format \
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out

FROM scratch AS format-update
COPY --from=format /out /

FROM deps AS lint
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run lint

FROM docker:${DOCKER_VERSION} as docker
FROM docker/buildx-bin:${BUILDX_VERSION} as buildx

FROM deps AS test
ENV RUNNER_TEMP=/tmp/github_runner
ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
--mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
--mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
yarn run test --coverageDirectory=/tmp/coverage
yarn run test --coverage --coverageDirectory=/tmp/coverage

FROM scratch AS test-coverage
COPY --from=test /tmp/coverage /
118 changes: 102 additions & 16 deletions dist/index.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/index.js.map
View file

Large diffs are not rendered by default.

4,253 changes: 3,787 additions & 466 deletions dist/licenses.txt
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/sourcemap-register.js
View file

Large diffs are not rendered by default.

17 changes: 15 additions & 2 deletions docker-bake.hcl
View file
Original file line number Diff line number Diff line change
@@ -1,52 +1,65 @@
target "_common" {
args = {
BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
}
}

group "default" {
targets = ["build"]
}

group "pre-checkin" {
targets = ["vendor-update", "format", "build"]
targets = ["vendor", "format", "build"]
}

group "validate" {
targets = ["lint", "build-validate", "vendor-validate"]
}

target "build" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "build-update"
output = ["."]
}

target "build-validate" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "build-validate"
output = ["type=cacheonly"]
}

target "format" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "format-update"
output = ["."]
}

target "lint" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "lint"
output = ["type=cacheonly"]
}

target "vendor-update" {
target "vendor" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "vendor-update"
output = ["."]
}

target "vendor-validate" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "vendor-validate"
output = ["type=cacheonly"]
}

target "test" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "test-coverage"
output = ["./coverage"]
Expand Down
1 change: 1 addition & 0 deletions jest.config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ process.env = Object.assign({}, process.env, {

module.exports = {
clearMocks: true,
testEnvironment: 'node',
moduleFileExtensions: ['js', 'ts'],
testMatch: ['**/*.test.ts'],
transform: {
Expand Down
66 changes: 33 additions & 33 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,16 @@
{
"name": "docker-login",
"description": "GitHub Action to login against a Docker registry",
"main": "lib/main.js",
"main": "src/main.ts",
"scripts": {
"build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
"lint": "eslint src/**/*.ts __tests__/**/*.ts",
"format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
"test": "jest --coverage",
"all": "yarn run build && yarn run format && yarn test"
"build": "ncc build --source-map --minify --license licenses.txt",
"lint": "yarn run prettier && yarn run eslint",
"format": "yarn run prettier:fix && yarn run eslint:fix",
"eslint": "eslint --max-warnings=0 .",
"eslint:fix": "eslint --fix .",
"prettier": "prettier --check \"./**/*.ts\"",
"prettier:fix": "prettier --write \"./**/*.ts\"",
"test": "jest"
},
"repository": {
"type": "git",
Expand All @@ -18,35 +21,32 @@
"docker",
"login"
],
"author": "Docker",
"contributors": [
{
"name": "CrazyMax",
"url": "https://crazymax.dev"
}
],
"license": "MIT",
"author": "Docker Inc.",
"license": "Apache-2.0",
"packageManager": "yarn@4.9.2",
"dependencies": {
"@actions/core": "^1.10.0",
"@aws-sdk/client-ecr": "^3.347.1",
"@aws-sdk/client-ecr-public": "^3.347.1",
"@docker/actions-toolkit": "^0.2.0",
"http-proxy-agent": "^7.0.0",
"https-proxy-agent": "^7.0.0"
"@actions/core": "^1.11.1",
"@aws-sdk/client-ecr": "^3.890.0",
"@aws-sdk/client-ecr-public": "^3.890.0",
"@docker/actions-toolkit": "^0.63.0",
"http-proxy-agent": "^7.0.2",
"https-proxy-agent": "^7.0.6",
"js-yaml": "^4.1.0"
},
"devDependencies": {
"@types/node": "^16.18.21",
"@typescript-eslint/eslint-plugin": "^5.56.0",
"@typescript-eslint/parser": "^5.56.0",
"@vercel/ncc": "^0.36.1",
"eslint": "^8.36.0",
"eslint-config-prettier": "^8.8.0",
"eslint-plugin-jest": "^27.2.1",
"eslint-plugin-prettier": "^4.2.1",
"jest": "^29.5.0",
"prettier": "^2.8.7",
"ts-jest": "^29.0.5",
"ts-node": "^10.9.1",
"typescript": "^4.9.5"
"@types/js-yaml": "^4.0.9",
"@types/node": "^20.19.9",
"@typescript-eslint/eslint-plugin": "^7.18.0",
"@typescript-eslint/parser": "^7.18.0",
"@vercel/ncc": "^0.38.3",
"eslint": "^8.57.1",
"eslint-config-prettier": "^9.1.2",
"eslint-plugin-jest": "^28.14.0",
"eslint-plugin-prettier": "^5.5.4",
"jest": "^29.7.0",
"prettier": "^3.6.2",
"ts-jest": "^29.4.1",
"ts-node": "^10.9.2",
"typescript": "^5.9.2"
}
}
9 changes: 5 additions & 4 deletions src/aws.ts
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
import * as core from '@actions/core';
import {ECR} from '@aws-sdk/client-ecr';
import {ECRPUBLIC} from '@aws-sdk/client-ecr-public';
import {NodeHttpHandler} from '@aws-sdk/node-http-handler';
import {NodeHttpHandler} from '@smithy/node-http-handler';
import {HttpProxyAgent} from 'http-proxy-agent';
import {HttpsProxyAgent} from 'https-proxy-agent';

const ecrRegistryRegex = /^(([0-9]{12})\.dkr\.ecr\.(.+)\.amazonaws\.com(.cn)?)(\/([^:]+)(:.+)?)?$/;
const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.com(.cn)?))(\/([^:]+)(:.+)?)?$/;
const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/;

export const isECR = (registry: string): boolean => {
return ecrRegistryRegex.test(registry) || isPubECR(registry);
};

export const isPubECR = (registry: string): boolean => {
return registry === 'public.ecr.aws';
return ecrPublicRegistryRegex.test(registry);
};

export const getRegion = (registry: string): string => {
Expand All @@ -23,7 +24,7 @@ export const getRegion = (registry: string): string => {
if (!matches) {
return '';
}
return matches[3];
return matches[4];
};

export const getAccountIDs = (registry: string): string[] => {
Expand Down
4 changes: 3 additions & 1 deletion src/context.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ export interface Inputs {
password: string;
ecr: string;
logout: boolean;
registryAuth: string;
}

export function getInputs(): Inputs {
Expand All @@ -14,6 +15,7 @@ export function getInputs(): Inputs {
username: core.getInput('username'),
password: core.getInput('password'),
ecr: core.getInput('ecr'),
logout: core.getBooleanInput('logout')
logout: core.getBooleanInput('logout'),
registryAuth: core.getInput('registry-auth')
};
}
23 changes: 13 additions & 10 deletions src/docker.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import * as aws from './aws';
import * as core from '@actions/core';
import {Exec} from '@docker/actions-toolkit/lib/exec';

import {Docker} from '@docker/actions-toolkit/lib/docker/docker';

export async function login(registry: string, username: string, password: string, ecr: string): Promise<void> {
if (/true/i.test(ecr) || (ecr == 'auto' && aws.isECR(registry))) {
Expand All @@ -11,7 +12,7 @@ export async function login(registry: string, username: string, password: string
}

export async function logout(registry: string): Promise<void> {
await Exec.getExecOutput('docker', ['logout', registry], {
await Docker.getExecOutput(['logout', registry], {
ignoreReturnCode: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
Expand All @@ -21,20 +22,22 @@ export async function logout(registry: string): Promise<void> {
}

export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
if (!username || !password) {
if (!username && !password) {
throw new Error('Username and password required');
}
if (!username) {
throw new Error('Username required');
}
if (!password) {
throw new Error('Password required');
}

const loginArgs: Array<string> = ['login', '--password-stdin'];
loginArgs.push('--username', username);
loginArgs.push(registry);

if (registry) {
core.info(`Logging into ${registry}...`);
} else {
core.info(`Logging into Docker Hub...`);
}
await Exec.getExecOutput('docker', loginArgs, {
core.info(`Logging into ${registry}...`);
await Docker.getExecOutput(loginArgs, {
ignoreReturnCode: true,
silent: true,
input: Buffer.from(password)
Expand All @@ -51,7 +54,7 @@ export async function loginECR(registry: string, username: string, password: str
const regDatas = await aws.getRegistriesData(registry, username, password);
for (const regData of regDatas) {
core.info(`Logging into ${regData.registry}...`);
await Exec.getExecOutput('docker', ['login', '--password-stdin', '--username', regData.username, regData.registry], {
await Docker.getExecOutput(['login', '--password-stdin', '--username', regData.username, regData.registry], {
ignoreReturnCode: true,
silent: true,
input: Buffer.from(regData.password)
Expand Down
50 changes: 45 additions & 5 deletions src/main.ts
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,61 @@
import * as yaml from 'js-yaml';
import * as core from '@actions/core';
import * as actionsToolkit from '@docker/actions-toolkit';

import * as context from './context';
import * as docker from './docker';
import * as stateHelper from './state-helper';

interface Auth {
registry: string;
username: string;
password: string;
ecr: string;
}

export async function main(): Promise<void> {
const input: context.Inputs = context.getInputs();
stateHelper.setRegistry(input.registry);
stateHelper.setLogout(input.logout);
await docker.login(input.registry, input.username, input.password, input.ecr);
const inputs: context.Inputs = context.getInputs();
stateHelper.setLogout(inputs.logout);

if (inputs.registryAuth && (inputs.registry || inputs.username || inputs.password || inputs.ecr)) {
throw new Error('Cannot use registry-auth with other inputs');
}

if (!inputs.registryAuth) {
stateHelper.setRegistries([inputs.registry || 'docker.io']);
await docker.login(inputs.registry || 'docker.io', inputs.username, inputs.password, inputs.ecr || 'auto');
return;
}

const auths = yaml.load(inputs.registryAuth) as Auth[];
if (auths.length == 0) {
throw new Error('No registry to login');
}

const registries: string[] = [];
for (const auth of auths) {
if (!auth.registry) {
registries.push('docker.io');
} else {
registries.push(auth.registry);
}
}
stateHelper.setRegistries(registries.filter((value, index, self) => self.indexOf(value) === index));

for (const auth of auths) {
await core.group(`Login to ${auth.registry || 'docker.io'}`, async () => {
await docker.login(auth.registry || 'docker.io', auth.username, auth.password, auth.ecr || 'auto');
});
}
}

async function post(): Promise<void> {
if (!stateHelper.logout) {
return;
}
await docker.logout(stateHelper.registry);
for (const registry of stateHelper.registries.split(',')) {
await docker.logout(registry);
}
}

actionsToolkit.run(main, post);
6 changes: 3 additions & 3 deletions src/state-helper.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
import * as core from '@actions/core';

export const registry = process.env['STATE_registry'] || '';
export const registries = process.env['STATE_registries'] || '';
export const logout = /true/i.test(process.env['STATE_logout'] || '');

export function setRegistry(registry: string) {
core.saveState('registry', registry);
export function setRegistries(registries: string[]) {
core.saveState('registries', registries.join(','));
}

export function setLogout(logout: boolean) {
Expand Down
12,628 changes: 8,219 additions & 4,409 deletions yarn.lock
View file

Large diffs are not rendered by default.