refactor(ci): Use docker/login-action to log in to container registries

savonet · Jan 8, 2025 · cdd9cbd · cdd9cbd
1 parent 7aa5e57
commit cdd9cbd
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 47 deletions.
diff --git a/.github/scripts/build-docker-alpine.sh b/.github/scripts/build-docker-alpine.sh
@@ -1,40 +1,27 @@
 #!/bin/sh
 
-set -e
+set -eux
 
 APK_FILE="$1"
 TAG="$2"
-USER="$3"
-PASSWORD="$4"
-ARCHITECTURE="$5"
+ARCHITECTURE="$3"
 
-cp "$APK_FILE" .
-
-if [ "${PUBLISH_DOCKER_IMAGE}" = "true" ]; then
-  PUSH_OPTION=--push
-fi
-
-# shellcheck disable=SC2086
 docker build \
   --pull \
   --no-cache \
   --provenance false \
   --build-arg "APK_FILE=$APK_FILE" \
   --file .github/docker/alpine.dockerfile \
   --tag "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \
-  ${PUSH_OPTION} \
   .
 
 if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then
   exit 0
 fi
 
-docker login -u "$USER" -p "$PASSWORD"
-
-docker pull "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}"
-
 docker tag \
   "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \
   "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}"
 
+docker push "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}"
 docker push "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}"
diff --git a/.github/scripts/build-docker.sh b/.github/scripts/build-docker.sh
@@ -1,44 +1,31 @@
 #!/bin/sh
 
-set -e
+set -eux
 
 DEB_FILE="$1"
 DEB_DEBUG_FILE="$2"
 TAG="$3"
-USER="$4"
-PASSWORD="$5"
-ARCHITECTURE="$6"
+ARCHITECTURE="$4"
 
-cp "$DEB_FILE" "$DEB_DEBUG_FILE" .
-
-DOCKERFILE=.github/docker/debian.dockerfile
-
-if [ "${PUBLISH_DOCKER_IMAGE}" = "true" ]; then
-  PUSH_OPTION=--push
-fi
-
-# shellcheck disable=SC2086
 docker build \
   --pull \
   --no-cache \
   --provenance false \
   --build-arg "DEB_FILE=$DEB_FILE" \
   --build-arg "DEB_DEBUG_FILE=$DEB_DEBUG_FILE" \
-  --file "${DOCKERFILE}" \
+  --file .github/docker/debian.dockerfile \
   --tag "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" \
-  ${PUSH_OPTION} \
   .
 
+docker push "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}"
+
 if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then
   exit 0
 fi
 
-docker login -u "$USER" -p "$PASSWORD"
-
-docker pull "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}"
-
 docker tag \
   "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" \
   "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}"
 
+docker push "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}"
 docker push "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -638,13 +638,23 @@ jobs:
         run: |
           echo "deb-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep ${{ matrix.docker-debian-os }} | grep -v minimal | grep '${{ matrix.platform }}\.deb$' | grep dbgsym | grep deb)" >> "${GITHUB_OUTPUT}"
         id: debian_debug_package
-      - name: Log in to the github registry
+      - name: Login to Docker Hub
         if: needs.build_details.outputs.publish_docker_image == 'true'
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+      - name: Login to GitHub Container Registry
+        #        if: needs.build_details.outputs.publish_docker_image == 'true'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build docker image
         env:
           PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }}
-        run: .github/scripts/build-docker.sh ${{ steps.debian_package.outputs.deb-file }} ${{ steps.debian_debug_package.outputs.deb-file }} ${{ needs.build_details.outputs.branch }} ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }}
+        run: .github/scripts/build-docker.sh "${{ steps.debian_package.outputs.deb-file }}" "${{ steps.debian_debug_package.outputs.deb-file }}" "${{ needs.build_details.outputs.branch }}" "${{ matrix.platform }}"
 
   build_docker_alpine:
     runs-on: ${{ matrix.runs-on }}
@@ -668,12 +678,15 @@ jobs:
         run: |
           echo "apk-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep -v minimal | grep 'apk$' | grep -v dbg | grep ${{ matrix.alpine-arch }})" >> "${GITHUB_OUTPUT}"
         id: alpine_package
-      - name: Log in to the github registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Log in to container registries
+        if: needs.build_details.outputs.publish_docker_image == 'true'
+        run: |
+          echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USER }}" --password-stdin
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login -u "${{ github.actor }}" --password-stdin ghcr.io
       - name: Build docker image
         env:
           PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }}
-        run: .github/scripts/build-docker-alpine.sh ${{ steps.alpine_package.outputs.apk-file }} ${{ needs.build_details.outputs.branch }} ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }}
+        run: .github/scripts/build-docker-alpine.sh "${{ steps.alpine_package.outputs.apk-file }}" "${{ needs.build_details.outputs.branch }}" "${{ matrix.platform }}"
 
   build_docker_minimal:
     runs-on: ${{ matrix.runs-on }}
@@ -700,13 +713,15 @@ jobs:
         run: |
           echo "deb-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep ${{ matrix.docker-debian-os }} | grep minimal | grep '${{ matrix.platform }}\.deb$' | grep dbgsym | grep deb)" >> "${GITHUB_OUTPUT}"
         id: debian_debug_package
-      - name: Log in to the github registry
+      - name: Log in to container registries
         if: needs.build_details.outputs.publish_docker_image == 'true'
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+        run: |
+          echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USER }}" --password-stdin
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login -u "${{ github.actor }}" --password-stdin ghcr.io
       - name: Build docker image
         env:
           PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }}
-        run: .github/scripts/build-docker.sh ${{ steps.debian_package.outputs.deb-file }} ${{ steps.debian_debug_package.outputs.deb-file }} ${{ needs.build_details.outputs.branch }}-minimal ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }}
+        run: .github/scripts/build-docker.sh "${{ steps.debian_package.outputs.deb-file }}" "${{ steps.debian_debug_package.outputs.deb-file }}" "${{ needs.build_details.outputs.branch }}-minimal" "${{ matrix.platform }}"
 
   build_docker_alpine_minimal:
     runs-on: ${{ matrix.runs-on }}
@@ -734,12 +749,15 @@ jobs:
         run: |
           echo "apk-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep minimal | grep 'apk$' | grep dbg | grep ${{ matrix.alpine-arch }})" >> "${GITHUB_OUTPUT}"
         id: alpine_dbg_package
-      - name: Log in to the github registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Log in to container registries
+        if: needs.build_details.outputs.publish_docker_image == 'true'
+        run: |
+          echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USER }}" --password-stdin
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login -u "${{ github.actor }}" --password-stdin ghcr.io
       - name: Build docker image
         env:
           PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }}
-        run: .github/scripts/build-docker-alpine.sh ${{ steps.alpine_package.outputs.apk-file }} ${{ steps.alpine_dbg_package.outputs.apk-file }} ${{ needs.build_details.outputs.branch }}-minimal ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }}
+        run: .github/scripts/build-docker-alpine.sh "${{ steps.alpine_package.outputs.apk-file }}" "${{ steps.alpine_dbg_package.outputs.apk-file }}" "${{ needs.build_details.outputs.branch }}-minimal" "${{ matrix.platform }}"
 
   build_docker_release:
     runs-on: ubuntu-latest