From 5d65caa85d620ad2ff099f9d6133ffe787ae4ba6 Mon Sep 17 00:00:00 2001
From: Vito <vitoyucepi@cock.li>
Date: Wed, 8 Jan 2025 04:56:35 +0000
Subject: [PATCH] refactor: Extract all docker login commands into a separate
 step

---
 .github/scripts/build-docker-alpine.sh | 19 +++-----------
 .github/scripts/build-docker.sh        | 23 +++-------------
 .github/workflows/ci.yml               | 36 ++++++++++++++++----------
 3 files changed, 30 insertions(+), 48 deletions(-)

diff --git a/.github/scripts/build-docker-alpine.sh b/.github/scripts/build-docker-alpine.sh
index ca7b9eadd3..8aa226ca64 100755
--- a/.github/scripts/build-docker-alpine.sh
+++ b/.github/scripts/build-docker-alpine.sh
@@ -1,20 +1,11 @@
 #!/bin/sh
 
-set -e
+set -eux
 
 APK_FILE="$1"
 TAG="$2"
-USER="$3"
-PASSWORD="$4"
-ARCHITECTURE="$5"
+ARCHITECTURE="$3"
 
-cp "$APK_FILE" .
-
-if [ "${PUBLISH_DOCKER_IMAGE}" = "true" ]; then
-  PUSH_OPTION=--push
-fi
-
-# shellcheck disable=SC2086
 docker build \
   --pull \
   --no-cache \
@@ -22,19 +13,15 @@ docker build \
   --build-arg "APK_FILE=$APK_FILE" \
   --file .github/docker/alpine.dockerfile \
   --tag "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \
-  ${PUSH_OPTION} \
   .
 
 if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then
   exit 0
 fi
 
-docker login -u "$USER" -p "$PASSWORD"
-
-docker pull "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}"
-
 docker tag \
   "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \
   "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}"
 
+docker push "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}"
 docker push "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}"
diff --git a/.github/scripts/build-docker.sh b/.github/scripts/build-docker.sh
index 323766ef48..e312c47f86 100755
--- a/.github/scripts/build-docker.sh
+++ b/.github/scripts/build-docker.sh
@@ -1,44 +1,29 @@
 #!/bin/sh
 
-set -e
+set -eux
 
 DEB_FILE="$1"
 DEB_DEBUG_FILE="$2"
 TAG="$3"
-USER="$4"
-PASSWORD="$5"
-ARCHITECTURE="$6"
+ARCHITECTURE="$4"
 
-cp "$DEB_FILE" "$DEB_DEBUG_FILE" .
-
-DOCKERFILE=.github/docker/debian.dockerfile
-
-if [ "${PUBLISH_DOCKER_IMAGE}" = "true" ]; then
-  PUSH_OPTION=--push
-fi
-
-# shellcheck disable=SC2086
 docker build \
   --pull \
   --no-cache \
   --provenance false \
   --build-arg "DEB_FILE=$DEB_FILE" \
   --build-arg "DEB_DEBUG_FILE=$DEB_DEBUG_FILE" \
-  --file "${DOCKERFILE}" \
+  --file .github/docker/debian.dockerfile \
   --tag "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" \
-  ${PUSH_OPTION} \
   .
 
 if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then
   exit 0
 fi
 
-docker login -u "$USER" -p "$PASSWORD"
-
-docker pull "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}"
-
 docker tag \
   "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" \
   "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}"
 
+docker push "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}"
 docker push "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2dce4353a0..ffb42182fd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -638,13 +638,15 @@ jobs:
         run: |
           echo "deb-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep ${{ matrix.docker-debian-os }} | grep -v minimal | grep '${{ matrix.platform }}\.deb$' | grep dbgsym | grep deb)" >> "${GITHUB_OUTPUT}"
         id: debian_debug_package
-      - name: Log in to the github registry
-        if: needs.build_details.outputs.publish_docker_image == 'true'
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Log in to container registries
+        #        if: needs.build_details.outputs.publish_docker_image == 'true'
+        run: |
+          echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USER }}" --password-stdin
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login -u "${{ github.actor }}" --password-stdin ghcr.io
       - name: Build docker image
         env:
           PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }}
-        run: .github/scripts/build-docker.sh ${{ steps.debian_package.outputs.deb-file }} ${{ steps.debian_debug_package.outputs.deb-file }} ${{ needs.build_details.outputs.branch }} ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }}
+        run: .github/scripts/build-docker.sh "${{ steps.debian_package.outputs.deb-file }}" "${{ steps.debian_debug_package.outputs.deb-file }}" "${{ needs.build_details.outputs.branch }}" "${{ matrix.platform }}"
 
   build_docker_alpine:
     runs-on: ${{ matrix.runs-on }}
@@ -668,12 +670,15 @@ jobs:
         run: |
           echo "apk-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep -v minimal | grep 'apk$' | grep -v dbg | grep ${{ matrix.alpine-arch }})" >> "${GITHUB_OUTPUT}"
         id: alpine_package
-      - name: Log in to the github registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Log in to container registries
+        if: needs.build_details.outputs.publish_docker_image == 'true'
+        run: |
+          echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USER }}" --password-stdin
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login -u "${{ github.actor }}" --password-stdin ghcr.io
       - name: Build docker image
         env:
           PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }}
-        run: .github/scripts/build-docker-alpine.sh ${{ steps.alpine_package.outputs.apk-file }} ${{ needs.build_details.outputs.branch }} ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }}
+        run: .github/scripts/build-docker-alpine.sh "${{ steps.alpine_package.outputs.apk-file }}" "${{ needs.build_details.outputs.branch }}" "${{ matrix.platform }}"
 
   build_docker_minimal:
     runs-on: ${{ matrix.runs-on }}
@@ -700,13 +705,15 @@ jobs:
         run: |
           echo "deb-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep ${{ matrix.docker-debian-os }} | grep minimal | grep '${{ matrix.platform }}\.deb$' | grep dbgsym | grep deb)" >> "${GITHUB_OUTPUT}"
         id: debian_debug_package
-      - name: Log in to the github registry
+      - name: Log in to container registries
         if: needs.build_details.outputs.publish_docker_image == 'true'
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+        run: |
+          echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USER }}" --password-stdin
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login -u "${{ github.actor }}" --password-stdin ghcr.io
       - name: Build docker image
         env:
           PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }}
-        run: .github/scripts/build-docker.sh ${{ steps.debian_package.outputs.deb-file }} ${{ steps.debian_debug_package.outputs.deb-file }} ${{ needs.build_details.outputs.branch }}-minimal ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }}
+        run: .github/scripts/build-docker.sh "${{ steps.debian_package.outputs.deb-file }}" "${{ steps.debian_debug_package.outputs.deb-file }}" "${{ needs.build_details.outputs.branch }}-minimal" "${{ matrix.platform }}"
 
   build_docker_alpine_minimal:
     runs-on: ${{ matrix.runs-on }}
@@ -734,12 +741,15 @@ jobs:
         run: |
           echo "apk-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep minimal | grep 'apk$' | grep dbg | grep ${{ matrix.alpine-arch }})" >> "${GITHUB_OUTPUT}"
         id: alpine_dbg_package
-      - name: Log in to the github registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Log in to container registries
+        if: needs.build_details.outputs.publish_docker_image == 'true'
+        run: |
+          echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USER }}" --password-stdin
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login -u "${{ github.actor }}" --password-stdin ghcr.io
       - name: Build docker image
         env:
           PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }}
-        run: .github/scripts/build-docker-alpine.sh ${{ steps.alpine_package.outputs.apk-file }} ${{ steps.alpine_dbg_package.outputs.apk-file }} ${{ needs.build_details.outputs.branch }}-minimal ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }}
+        run: .github/scripts/build-docker-alpine.sh "${{ steps.alpine_package.outputs.apk-file }}" "${{ steps.alpine_dbg_package.outputs.apk-file }}" "${{ needs.build_details.outputs.branch }}-minimal" "${{ matrix.platform }}"
 
   build_docker_release:
     runs-on: ubuntu-latest