Compare commits

..

No commits in common. "7b93b2b85cab035420f0625ccc86452575bab2be" and "1d0c110a5d679453d30b396aa86f6bb6ae377b76" have entirely different histories.

3 changed files with 9 additions and 14 deletions

View File

@ -1,6 +1,9 @@
# reusable workflow
name: .e2e-run
permissions:
contents: read
on:
workflow_call:
inputs:
@ -114,8 +117,8 @@ jobs:
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
with:
registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
username: ${{ env.REGISTRY_USER || secrets.registry_username || (inputs.registry == 'ghcr.io' && github.actor) || '' }}
password: ${{ env.REGISTRY_PASSWORD || secrets.registry_password || (inputs.registry == 'ghcr.io' && secrets.GITHUB_TOKEN) || '' }}
username: ${{ env.REGISTRY_USER || secrets.registry_username }}
password: ${{ env.REGISTRY_PASSWORD || secrets.registry_password }}
scope: ${{ inputs.type == 'remote' && inputs.registry == '' && '@push' || '' }}
-
name: Build and push

View File

@ -20,9 +20,6 @@ on:
jobs:
build:
uses: ./.github/workflows/.e2e-run.yml
permissions:
contents: read
packages: write # to push image to GHCR
strategy:
fail-fast: false
matrix:
@ -41,7 +38,7 @@ jobs:
-
name: GitHub
registry: ghcr.io
slug: ghcr.io/docker/build-push-action-test
slug: ghcr.io/docker-ghactiontest/test
auth: ghcr
type: remote
-
@ -103,11 +100,11 @@ jobs:
registry: ${{ matrix.registry }}
slug: ${{ matrix.slug }}
secrets:
# Pass only the registry-specific secrets needed by each matrix entry.
# GHCR uses the called workflow's GITHUB_TOKEN fallback.
# Pass only the two secrets needed by each matrix entry.
registry_username: >-
${{
matrix.auth == 'dockerhub' && secrets.DOCKERHUB_USERNAME ||
matrix.auth == 'ghcr' && secrets.GHCR_USERNAME ||
matrix.auth == 'gitlab' && secrets.GITLAB_USERNAME ||
matrix.auth == 'aws' && secrets.AWS_ACCESS_KEY_ID ||
matrix.auth == 'gar' && secrets.GAR_USERNAME ||
@ -119,6 +116,7 @@ jobs:
registry_password: >-
${{
matrix.auth == 'dockerhub' && secrets.DOCKERHUB_TOKEN ||
matrix.auth == 'ghcr' && secrets.GHCR_PAT ||
matrix.auth == 'gitlab' && secrets.GITLAB_TOKEN ||
matrix.auth == 'aws' && secrets.AWS_SECRET_ACCESS_KEY ||
matrix.auth == 'gar' && secrets.GAR_JSON_KEY ||

6
.github/zizmor.yml vendored
View File

@ -1,6 +0,0 @@
rules:
# rule does not apply to reusable worfklows where permissions are defined by
# the caller workflow and not the reusable workflow itself
excessive-permissions:
ignore:
- .e2e-run.yml