File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11# reusable workflow
22name : .e2e-run
33
4- permissions :
5- contents : read
6-
74on :
85 workflow_call :
96 inputs :
@@ -117,8 +114,8 @@ jobs:
117114 uses : docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
118115 with :
119116 registry : ${{ env.REGISTRY_FQDN || inputs.registry }}
120- username : ${{ env.REGISTRY_USER || secrets.registry_username }}
121- password : ${{ env.REGISTRY_PASSWORD || secrets.registry_password }}
117+ username : ${{ env.REGISTRY_USER || secrets.registry_username || (inputs.registry == 'ghcr.io' && github.actor) || '' }}
118+ password : ${{ env.REGISTRY_PASSWORD || secrets.registry_password || (inputs.registry == 'ghcr.io' && secrets.GITHUB_TOKEN) || '' }}
122119 scope : ${{ inputs.type == 'remote' && inputs.registry == '' && '@push' || '' }}
123120 -
124121 name : Build and push
Original file line number Diff line number Diff line change 2020jobs :
2121 build :
2222 uses : ./.github/workflows/.e2e-run.yml
23+ permissions :
24+ contents : read
25+ packages : write # to push image to GHCR
2326 strategy :
2427 fail-fast : false
2528 matrix :
3841 -
3942 name : GitHub
4043 registry : ghcr.io
41- slug : ghcr.io/docker-ghactiontest/ test
44+ slug : ghcr.io/docker/build-push-action- test
4245 auth : ghcr
4346 type : remote
4447 -
@@ -100,11 +103,11 @@ jobs:
100103 registry : ${{ matrix.registry }}
101104 slug : ${{ matrix.slug }}
102105 secrets :
103- # Pass only the two secrets needed by each matrix entry.
106+ # Pass only the registry-specific secrets needed by each matrix entry.
107+ # GHCR uses the called workflow's GITHUB_TOKEN fallback.
104108 registry_username : >-
105109 ${{
106110 matrix.auth == 'dockerhub' && secrets.DOCKERHUB_USERNAME ||
107- matrix.auth == 'ghcr' && secrets.GHCR_USERNAME ||
108111 matrix.auth == 'gitlab' && secrets.GITLAB_USERNAME ||
109112 matrix.auth == 'aws' && secrets.AWS_ACCESS_KEY_ID ||
110113 matrix.auth == 'gar' && secrets.GAR_USERNAME ||
@@ -116,7 +119,6 @@ jobs:
116119 registry_password : >-
117120 ${{
118121 matrix.auth == 'dockerhub' && secrets.DOCKERHUB_TOKEN ||
119- matrix.auth == 'ghcr' && secrets.GHCR_PAT ||
120122 matrix.auth == 'gitlab' && secrets.GITLAB_TOKEN ||
121123 matrix.auth == 'aws' && secrets.AWS_SECRET_ACCESS_KEY ||
122124 matrix.auth == 'gar' && secrets.GAR_JSON_KEY ||
Original file line number Diff line number Diff line change 1+ rules :
2+ # rule does not apply to reusable worfklows where permissions are defined by
3+ # the caller workflow and not the reusable workflow itself
4+ excessive-permissions :
5+ ignore :
6+ - .e2e-run.yml
You can’t perform that action at this time.
0 commit comments