Compare commits

..

No commits in common. "7b93b2b85cab035420f0625ccc86452575bab2be" and "1d0c110a5d679453d30b396aa86f6bb6ae377b76" have entirely different histories.

3 changed files with 9 additions and 14 deletions

View File

@ -1,6 +1,9 @@
# reusable workflow # reusable workflow
name: .e2e-run name: .e2e-run
permissions:
contents: read
on: on:
workflow_call: workflow_call:
inputs: inputs:
@ -114,8 +117,8 @@ jobs:
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
with: with:
registry: ${{ env.REGISTRY_FQDN || inputs.registry }} registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
username: ${{ env.REGISTRY_USER || secrets.registry_username || (inputs.registry == 'ghcr.io' && github.actor) || '' }} username: ${{ env.REGISTRY_USER || secrets.registry_username }}
password: ${{ env.REGISTRY_PASSWORD || secrets.registry_password || (inputs.registry == 'ghcr.io' && secrets.GITHUB_TOKEN) || '' }} password: ${{ env.REGISTRY_PASSWORD || secrets.registry_password }}
scope: ${{ inputs.type == 'remote' && inputs.registry == '' && '@push' || '' }} scope: ${{ inputs.type == 'remote' && inputs.registry == '' && '@push' || '' }}
- -
name: Build and push name: Build and push

View File

@ -20,9 +20,6 @@ on:
jobs: jobs:
build: build:
uses: ./.github/workflows/.e2e-run.yml uses: ./.github/workflows/.e2e-run.yml
permissions:
contents: read
packages: write # to push image to GHCR
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -41,7 +38,7 @@ jobs:
- -
name: GitHub name: GitHub
registry: ghcr.io registry: ghcr.io
slug: ghcr.io/docker/build-push-action-test slug: ghcr.io/docker-ghactiontest/test
auth: ghcr auth: ghcr
type: remote type: remote
- -
@ -103,11 +100,11 @@ jobs:
registry: ${{ matrix.registry }} registry: ${{ matrix.registry }}
slug: ${{ matrix.slug }} slug: ${{ matrix.slug }}
secrets: secrets:
# Pass only the registry-specific secrets needed by each matrix entry. # Pass only the two secrets needed by each matrix entry.
# GHCR uses the called workflow's GITHUB_TOKEN fallback.
registry_username: >- registry_username: >-
${{ ${{
matrix.auth == 'dockerhub' && secrets.DOCKERHUB_USERNAME || matrix.auth == 'dockerhub' && secrets.DOCKERHUB_USERNAME ||
matrix.auth == 'ghcr' && secrets.GHCR_USERNAME ||
matrix.auth == 'gitlab' && secrets.GITLAB_USERNAME || matrix.auth == 'gitlab' && secrets.GITLAB_USERNAME ||
matrix.auth == 'aws' && secrets.AWS_ACCESS_KEY_ID || matrix.auth == 'aws' && secrets.AWS_ACCESS_KEY_ID ||
matrix.auth == 'gar' && secrets.GAR_USERNAME || matrix.auth == 'gar' && secrets.GAR_USERNAME ||
@ -119,6 +116,7 @@ jobs:
registry_password: >- registry_password: >-
${{ ${{
matrix.auth == 'dockerhub' && secrets.DOCKERHUB_TOKEN || matrix.auth == 'dockerhub' && secrets.DOCKERHUB_TOKEN ||
matrix.auth == 'ghcr' && secrets.GHCR_PAT ||
matrix.auth == 'gitlab' && secrets.GITLAB_TOKEN || matrix.auth == 'gitlab' && secrets.GITLAB_TOKEN ||
matrix.auth == 'aws' && secrets.AWS_SECRET_ACCESS_KEY || matrix.auth == 'aws' && secrets.AWS_SECRET_ACCESS_KEY ||
matrix.auth == 'gar' && secrets.GAR_JSON_KEY || matrix.auth == 'gar' && secrets.GAR_JSON_KEY ||

6
.github/zizmor.yml vendored
View File

@ -1,6 +0,0 @@
rules:
# rule does not apply to reusable worfklows where permissions are defined by
# the caller workflow and not the reusable workflow itself
excessive-permissions:
ignore:
- .e2e-run.yml