GitHub Action to login against a Docker registry
Go to file
2021-12-30 20:49:49 +01:00
.github Update ci workflow 2021-12-20 14:27:18 +01:00
__tests__ refactor: use v3 sdk 2021-12-20 13:46:08 +01:00
dist Update generated content 2021-12-30 20:43:44 +01:00
hack ecr: switch implementation to use the AWS SDK 2021-12-20 10:43:26 +01:00
src refactor: use v3 sdk 2021-12-20 13:46:08 +01:00
.dockerignore Enhance workflow 2021-03-31 18:34:49 +02:00
.editorconfig Initial version 2020-08-15 14:45:36 +02:00
.gitattributes Initial version 2020-08-15 14:45:36 +02:00
.gitignore Initial version 2020-08-15 14:45:36 +02:00
.prettierrc.json Update dev deps 2021-07-06 20:24:15 +02:00
action.yml ecr input to specify whether the given registry is ECR 2021-12-20 10:59:20 +01:00
codecov.yml Update dev deps 2021-07-06 20:24:15 +02:00
docker-bake.hcl dev: update workflow 2021-11-16 21:40:03 +01:00
jest.config.js Check AWS CLI version 2020-08-21 14:45:16 +02:00
LICENSE Migrate to Docker organization 2020-08-21 16:48:16 +02:00
package.json Bump @aws-sdk/client-ecr-public from 3.43.0 to 3.45.0 2021-12-30 19:41:46 +00:00
README.md ecr input to specify whether the given registry is ECR 2021-12-20 10:59:20 +01:00
tsconfig.json Initial version 2020-08-15 14:45:36 +02:00
yarn.lock Bump @aws-sdk/client-ecr-public from 3.43.0 to 3.45.0 2021-12-30 19:41:46 +00:00

GitHub release GitHub marketplace CI workflow Test workflow Codecov

About

GitHub Action to login against a Docker registry.

Screenshot


Usage

Docker Hub

To authenticate against Docker Hub it's strongly recommended to create a personal access token as an alternative to your password.

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

GitHub Container Registry

To authenticate against the GitHub Container Registry, use the GITHUB_TOKEN for the best security and experience.

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to GitHub Container Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

You may need to manage write and read access of GitHub Actions for repositories in the container settings.

You can also use a personal access token (PAT) with the appropriate scopes.

GitLab

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to GitLab
        uses: docker/login-action@v1
        with:
          registry: registry.gitlab.com
          username: ${{ secrets.GITLAB_USERNAME }}
          password: ${{ secrets.GITLAB_PASSWORD }}

Azure Container Registry (ACR)

Create a service principal with access to your container registry through the Azure CLI and take note of the generated service principal's ID (also called client ID) and password (also called client secret).

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to ACR
        uses: docker/login-action@v1
        with:
          registry: <registry-name>.azurecr.io
          username: ${{ secrets.AZURE_CLIENT_ID }}
          password: ${{ secrets.AZURE_CLIENT_SECRET }}

Replace <registry-name> with the name of your registry.

Google Container Registry (GCR)

Google Artifact Registry is the evolution of Google Container Registry. As a fully-managed service with support for both container images and non-container artifacts. If you currently use Google Container Registry, use the information on this page to learn about transitioning to Google Artifact Registry.

Use a service account with the ability to push to GCR and configure access control. Then create and download the JSON key for this service account and save content of .json file as a secret called GCR_JSON_KEY in your GitHub repo. Ensure you set the username to _json_key, or _json_key_base64 if you use a base64-encoded key.

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to GCR
        uses: docker/login-action@v1
        with:
          registry: gcr.io
          username: _json_key
          password: ${{ secrets.GCR_JSON_KEY }}

Google Artifact Registry (GAR)

Use a service account with the ability to push to GAR and configure access control. Then create and download the JSON key for this service account and save content of .json file as a secret called GAR_JSON_KEY in your GitHub repo. Ensure you set the username to _json_key, or _json_key_base64 if you use a base64-encoded key.

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to GAR
        uses: docker/login-action@v1
        with:
          registry: <location>-docker.pkg.dev
          username: _json_key
          password: ${{ secrets.GAR_JSON_KEY }}

Replace <location> with the regional or multi-regional location of the repository where the image is stored.

AWS Elastic Container Registry (ECR)

Use an IAM user with the ability to push to ECR with AmazonEC2ContainerRegistryPowerUser managed policy for example. Then create and download access keys and save AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as secrets in your GitHub repo.

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to ECR
        uses: docker/login-action@v1
        with:
          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

If you need to log in to Amazon ECR registries associated with other accounts, you can use the AWS_ACCOUNT_IDS environment variable:

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to ECR
        uses: docker/login-action@v1
        with:
          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        env:
          AWS_ACCOUNT_IDS: 012345678910,023456789012

Only available with AWS CLI version 1

You can also use the Configure AWS Credentials action in combination with this action:

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: <region>
      -
        name: Login to ECR
        uses: docker/login-action@v1
        with:
          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com

Replace <aws-account-number> and <region> with their respective values.

AWS Public Elastic Container Registry (ECR)

Use an IAM user with the ability to push to ECR Public with AmazonElasticContainerRegistryPublicPowerUser managed policy for example. Then create and download access keys and save AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as secrets in your GitHub repo.

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to Public ECR
        uses: docker/login-action@v1
        with:
          registry: public.ecr.aws
          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        env:
          AWS_REGION: <region>

Replace <region> with its respective value (default us-east-1).

OCI Oracle Cloud Infrastructure Registry (OCIR)

To push into OCIR in specific tenancy the username must be placed in format <tenancy>/<username> (in case of federated tenancy use the format <tenancy-namespace>/oracleidentitycloudservice/<username>).

For password create an auth token. Save username and token as a secrets in your GitHub repo.

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to OCIR
        uses: docker/login-action@v1
        with:
          registry: <region>.ocir.io
          username: ${{ secrets.OCI_USERNAME }}
          password: ${{ secrets.OCI_TOKEN }}

Replace <region> with their respective values from availability regions

Quay.io

Use a Robot account with the ability to push to a public/private Quay.io repository.

name: ci

on:
  push:
    branches: master

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to Quay.io
        uses: docker/login-action@v1
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_ROBOT_TOKEN }}

Customizing

inputs

Following inputs can be used as step.with keys

Name Type Default Description
registry String Server address of Docker registry. If not set then will default to Docker Hub
username String Username used to log against the Docker registry
password String Password or personal access token used to log against the Docker registry
ecr String auto Specifies whether the given registry is ECR (auto, true or false)
logout Bool true Log out from the Docker registry at the end of a job

Keep up-to-date with GitHub Dependabot

Since Dependabot has native GitHub Actions support, to enable it on your GitHub repo all you need to do is add the .github/dependabot.yml file:

version: 2
updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"