From 201c1568df0fbf47d71664ad4e47db9ae067e73e Mon Sep 17 00:00:00 2001 From: peet Date: Fri, 24 Apr 2026 21:51:09 +0200 Subject: [PATCH] fix registry authentication --- podman-build-publish/README.md | 14 ++++++++------ podman-build-publish/action.yaml | 33 +++++++++++++------------------- 2 files changed, 21 insertions(+), 26 deletions(-) diff --git a/podman-build-publish/README.md b/podman-build-publish/README.md index 3b8cf6d..fd58259 100644 --- a/podman-build-publish/README.md +++ b/podman-build-publish/README.md @@ -1,6 +1,6 @@ # Podman Build And Publish Action -Composite action that builds and optionally pushes OCI images with Podman to `registry.noctrl.eu`. +Composite action that builds and pushes OCI images with Podman to `registry.noctrl.eu`. ## Inputs @@ -9,11 +9,12 @@ Composite action that builds and optionally pushes OCI images with Podman to `re - `context` (optional, default `.`): build context - `containerfile` (optional, default `Containerfile`): containerfile path - `build-args` (optional): newline-separated `KEY=VALUE` -- `push` (optional, default `true`): whether to push image tags +- `registry-username` (required): registry login username +- `registry-password` (required): registry login password -## Required Secrets +## Caller Secrets -The following repository secrets must be defined to push images: +Define these secrets in the calling repository and pass them to the action inputs: - `REGISTRY_USERNAME`: registry authentication username - `REGISTRY_PASSWORD`: registry authentication password @@ -45,7 +46,8 @@ jobs: containerfile: Containerfile build-args: | ACT_RUNNER_VERSION=0.2.11 - push: "true" + registry-username: ${{ secrets.REGISTRY_USERNAME }} + registry-password: ${{ secrets.REGISTRY_PASSWORD }} ``` -> **Note:** The action accesses `${{ secrets.REGISTRY_USERNAME }}` and `${{ secrets.REGISTRY_PASSWORD }}` from the calling repository's secrets context. These must be defined in the caller's repository settings. +> **Note:** Composite actions should receive credentials through inputs. Keep secrets in the caller repo and pass them via `with:` as shown above. diff --git a/podman-build-publish/action.yaml b/podman-build-publish/action.yaml index 0f8bc8f..4b1e0d4 100644 --- a/podman-build-publish/action.yaml +++ b/podman-build-publish/action.yaml @@ -10,6 +10,12 @@ inputs: Tags to apply and push. Supports newline, comma, or space separated values. Example: "latest\nsha-abc123" required: true + registry-username: + description: Registry username for login. + required: true + registry-password: + description: Registry password for login. + required: true context: description: Build context path. required: false @@ -24,10 +30,6 @@ inputs: Example: "ACT_RUNNER_VERSION=0.2.11" required: false default: "" - push: - description: Push image tags after build. - required: false - default: "true" runs: using: composite @@ -70,18 +72,14 @@ runs: run: | set -euo pipefail - if [[ -n "${{ secrets.REGISTRY_USERNAME }}" && -n "${{ secrets.REGISTRY_PASSWORD }}" ]]; then - podman_args=( - --root "${PODMAN_ROOT}" - --runroot "${PODMAN_RUNROOT}" - --storage-driver "${STORAGE_DRIVER}" - ) + podman_args=( + --root "${PODMAN_ROOT}" + --runroot "${PODMAN_RUNROOT}" + --storage-driver "${STORAGE_DRIVER}" + ) - echo "Logging in to registry: registry.noctrl.eu" - echo "${{ secrets.REGISTRY_PASSWORD }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin - else - echo "Registry credentials not available (REGISTRY_USERNAME and REGISTRY_PASSWORD secrets required for push)" - fi + echo "Logging in to registry: registry.noctrl.eu" + echo "${{ inputs.registry-password }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ inputs.registry-username }}" --password-stdin - id: build shell: bash @@ -118,11 +116,6 @@ runs: run: | set -euo pipefail - if [[ "${{ inputs.push }}" != "true" ]]; then - echo "Push disabled by input push=${{ inputs.push }}" - exit 0 - fi - podman_args=( --root "${PODMAN_ROOT}" --runroot "${PODMAN_RUNROOT}"