Refactor release workflow to remove unnecessary registry login step and update fallback token handling
CI / Go Tests (push) Successful in 13s
CI / Build (push) Successful in 11s
Format / gofmt (push) Successful in 7s
Release Artifacts / Validate release tag (push) Successful in 4s
Release Artifacts / Test release candidate (push) Successful in 12s
Release Artifacts / Build executable release artifacts (push) Successful in 14s
Release Artifacts / Build Docker image artifact (push) Successful in 29s
Release Artifacts / Publish release (push) Failing after 2s
Release Artifacts / Publish Docker image (push) Failing after 2s
CI / Go Tests (push) Successful in 13s
CI / Build (push) Successful in 11s
Format / gofmt (push) Successful in 7s
Release Artifacts / Validate release tag (push) Successful in 4s
Release Artifacts / Test release candidate (push) Successful in 12s
Release Artifacts / Build executable release artifacts (push) Successful in 14s
Release Artifacts / Build Docker image artifact (push) Successful in 29s
Release Artifacts / Publish release (push) Failing after 2s
Release Artifacts / Publish Docker image (push) Failing after 2s
- Removed the login step to the Docker registry, simplifying the workflow. - Updated fallback token retrieval to use secrets for enhanced security.
This commit is contained in:
@@ -180,9 +180,6 @@ jobs:
|
|||||||
name: Build Docker image artifact
|
name: Build Docker image artifact
|
||||||
needs: [validate-tag, test]
|
needs: [validate-tag, test]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
permissions:
|
|
||||||
code: read
|
|
||||||
packages: write
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
@@ -200,24 +197,6 @@ jobs:
|
|||||||
echo "registry_host=${host}" >> "${GITHUB_OUTPUT}"
|
echo "registry_host=${host}" >> "${GITHUB_OUTPUT}"
|
||||||
echo "image=${host}/${repo}" >> "${GITHUB_OUTPUT}"
|
echo "image=${host}/${repo}" >> "${GITHUB_OUTPUT}"
|
||||||
|
|
||||||
- name: Login to registry
|
|
||||||
env:
|
|
||||||
REGISTRY_HOST: ${{ steps.image.outputs.registry_host }}
|
|
||||||
REGISTRY_USER: ${{ secrets.REGISTRY_USERNAME }}
|
|
||||||
REGISTRY_PASS: ${{ secrets.REGISTRY_PASSWORD }}
|
|
||||||
FALLBACK_USER: ${{ gitea.actor }}
|
|
||||||
FALLBACK_PASS: ${{ gitea.token }}
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
set -eu
|
|
||||||
user="${REGISTRY_USER:-${FALLBACK_USER}}"
|
|
||||||
pass="${REGISTRY_PASS:-${FALLBACK_PASS}}"
|
|
||||||
if [ -z "${pass}" ]; then
|
|
||||||
echo "No registry password available. Set REGISTRY_PASSWORD secret."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
printf '%s' "${pass}" | docker login "${REGISTRY_HOST}" --username "${user}" --password-stdin
|
|
||||||
|
|
||||||
- name: Build image
|
- name: Build image
|
||||||
env:
|
env:
|
||||||
IMAGE: ${{ steps.image.outputs.image }}
|
IMAGE: ${{ steps.image.outputs.image }}
|
||||||
@@ -280,7 +259,7 @@ jobs:
|
|||||||
REGISTRY_USER: ${{ secrets.REGISTRY_USERNAME }}
|
REGISTRY_USER: ${{ secrets.REGISTRY_USERNAME }}
|
||||||
REGISTRY_PASS: ${{ secrets.REGISTRY_PASSWORD }}
|
REGISTRY_PASS: ${{ secrets.REGISTRY_PASSWORD }}
|
||||||
FALLBACK_USER: ${{ gitea.actor }}
|
FALLBACK_USER: ${{ gitea.actor }}
|
||||||
FALLBACK_PASS: ${{ gitea.token }}
|
FALLBACK_PASS: ${{ secrets.GITEA_TOKEN }}
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
set -eu
|
set -eu
|
||||||
|
|||||||
Reference in New Issue
Block a user