actions/login-action
10
0
Fork 0
mirror of https://github.com/docker/login-action.git synced 2026-05-22 20:31:55 +00:00
Code Activity Actions

Merge 401fdfb10a into 650006c6eb

Browse source
This commit is contained in:
CrazyMax 2026-05-22 16:20:09 +02:00 committed by GitHub
commit ddb56a368e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 66 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

73
README.md
View file

@ -117,6 +117,8 @@ instead of a password.
### Azure Container Registry (ACR)
#### Service principal
[Create a service principal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal#create-a-service-principal)
with access to your container registry through the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
and take note of the generated service principal's ID (also called _client ID_)
@ -142,10 +144,60 @@ jobs:
password: ${{ secrets.AZURE_CLIENT_SECRET }}
```
> [!NOTE]
> Replace `<registry-name>` with the name of your registry.
#### OpenID Connect (OIDC)
To authenticate with OpenID Connect, configure a federated identity credential
for GitHub Actions and use the [Azure Login](https://github.com/Azure/login)
action to sign in to Azure. Then expose an ACR access token and pass it to this
action as the password.
```yaml
name: ci
on:
push:
branches: main
permissions:
contents: read
id-token: write
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Login to Azure
uses: azure/login@v3
with:
client-id: ${{ vars.AZURE_CLIENT_ID }}
tenant-id: ${{ vars.AZURE_TENANT_ID }}
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
-
name: Get ACR access token
id: acr-token
run: |
ACR_TOKEN=$(az acr login --name <registry-name> --expose-token --output tsv --query accessToken)
echo "::add-mask::$ACR_TOKEN" # mask the token in workflow logs
echo "token=$ACR_TOKEN" >> "$GITHUB_OUTPUT"
-
name: Login to ACR
uses: docker/login-action@v4
with:
registry: <registry-name>.azurecr.io
username: 00000000-0000-0000-0000-000000000000
password: ${{ steps.acr-token.outputs.token }}
```
> [!NOTE]
> Replace `<registry-name>` with the name of your registry.
### Google Container Registry (GCR)
> [!NOTE]
> [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of
> Google Container Registry. As a fully-managed service with support for both
> container images and non-container artifacts. If you currently use Google
@ -176,7 +228,7 @@ jobs:
-
name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v1
uses: google-github-actions/auth@v3
with:
token_format: access_token
workload_identity_provider: <workload_identity_provider>
@ -190,9 +242,10 @@ jobs:
password: ${{ steps.auth.outputs.access_token }}
```
> [!NOTE]
> Replace `<workload_identity_provider>` with configured workload identity
> provider. For steps to configure, [see here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation).
>
> Replace `<service_account>` with configured service account in workload
> identity provider which has access to push to GCR
@ -247,7 +300,7 @@ jobs:
-
name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v1
uses: google-github-actions/auth@v3
with:
token_format: access_token
workload_identity_provider: <workload_identity_provider>
@ -261,12 +314,13 @@ jobs:
password: ${{ steps.auth.outputs.access_token }}
```
> [!NOTE]
> Replace `<workload_identity_provider>` with configured workload identity
> provider
>
> Replace `<service_account>` with configured service account in workload
> identity provider which has access to push to GCR
>
> Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
> of the repository where the image is stored.
@ -298,6 +352,7 @@ jobs:
password: ${{ secrets.GAR_JSON_KEY }}
```
> [!NOTE]
> Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
> of the repository where the image is stored.
@ -352,6 +407,7 @@ jobs:
AWS_ACCOUNT_IDS: 012345678910,023456789012
```
> [!NOTE]
> Only available with [AWS CLI version 1](https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html)
You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials)
@ -370,7 +426,7 @@ jobs:
steps:
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@v6
with:
aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -382,6 +438,7 @@ jobs:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
```
> [!NOTE]
> Replace `<aws-account-number>` and `<region>` with their respective values.
### AWS Public Elastic Container Registry (ECR)
@ -413,6 +470,7 @@ jobs:
AWS_REGION: <region>
```
> [!NOTE]
> Replace `<region>` with its respective value (default `us-east-1`).
### OCI Oracle Cloud Infrastructure Registry (OCIR)
@ -445,6 +503,7 @@ jobs:
password: ${{ secrets.OCI_TOKEN }}
```
> [!NOTE]
> Replace `<region>` with their respective values from [availability regions](https://docs.cloud.oracle.com/iaas/Content/Registry/Concepts/registryprerequisites.htm#Availab)
### Quay.io
@ -603,7 +662,7 @@ jobs:
scope: 'myorg/myimage@push'
-
name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
with:
push: true
tags: myorg/myimage:latest