fix registry authentication

2026-04-24 21:51:09 +02:00
2 changed files with 21 additions and 26 deletions
@@ -1,6 +1,6 @@
 # Podman Build And Publish Action

-Composite action that builds and optionally pushes OCI images with Podman to `registry.noctrl.eu`.
+Composite action that builds and pushes OCI images with Podman to `registry.noctrl.eu`.

 ## Inputs

@@ -9,11 +9,12 @@ Composite action that builds and optionally pushes OCI images with Podman to `re
 - `context` (optional, default `.`): build context
 - `containerfile` (optional, default `Containerfile`): containerfile path
 - `build-args` (optional): newline-separated `KEY=VALUE`
- `push` (optional, default `true`): whether to push image tags
+- `registry-username` (required): registry login username
+- `registry-password` (required): registry login password

-## Required Secrets
+## Caller Secrets

-The following repository secrets must be defined to push images:
+Define these secrets in the calling repository and pass them to the action inputs:
 - `REGISTRY_USERNAME`: registry authentication username
 - `REGISTRY_PASSWORD`: registry authentication password

@@ -45,7 +46,8 @@ jobs:
          containerfile: Containerfile
          build-args: |
            ACT_RUNNER_VERSION=0.2.11
-          push: "true"
+          registry-username: ${{ secrets.REGISTRY_USERNAME }}
+          registry-password: ${{ secrets.REGISTRY_PASSWORD }}
 ```

-> **Note:** The action accesses `${{ secrets.REGISTRY_USERNAME }}` and `${{ secrets.REGISTRY_PASSWORD }}` from the calling repository's secrets context. These must be defined in the caller's repository settings.
+> **Note:** Composite actions should receive credentials through inputs. Keep secrets in the caller repo and pass them via `with:` as shown above.
@@ -10,6 +10,12 @@ inputs:
      Tags to apply and push. Supports newline, comma, or space separated values.
      Example: "latest\nsha-abc123"
    required: true
+  registry-username:
+    description: Registry username for login.
+    required: true
+  registry-password:
+    description: Registry password for login.
+    required: true
  context:
    description: Build context path.
    required: false
@@ -24,10 +30,6 @@ inputs:
      Example: "ACT_RUNNER_VERSION=0.2.11"
    required: false
    default: ""
-  push:
-    description: Push image tags after build.
-    required: false
-    default: "true"

 runs:
  using: composite
@@ -70,7 +72,6 @@ runs:
      run: |
        set -euo pipefail

-        if [[ -n "${{ secrets.REGISTRY_USERNAME }}" && -n "${{ secrets.REGISTRY_PASSWORD }}" ]]; then
        podman_args=(
          --root "${PODMAN_ROOT}"
          --runroot "${PODMAN_RUNROOT}"
@@ -78,10 +79,7 @@ runs:
        )

        echo "Logging in to registry: registry.noctrl.eu"
-          echo "${{ secrets.REGISTRY_PASSWORD }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
-        else
-          echo "Registry credentials not available (REGISTRY_USERNAME and REGISTRY_PASSWORD secrets required for push)"
-        fi
+        echo "${{ inputs.registry-password }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ inputs.registry-username }}" --password-stdin

    - id: build
      shell: bash
@@ -118,11 +116,6 @@ runs:
      run: |
        set -euo pipefail

-        if [[ "${{ inputs.push }}" != "true" ]]; then
-          echo "Push disabled by input push=${{ inputs.push }}"
-          exit 0
-        fi
-
        podman_args=(
          --root "${PODMAN_ROOT}"
          --runroot "${PODMAN_RUNROOT}"