Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support logging to multiple registries with a single execution of the Action #72

Closed
umarcor opened this issue Jun 4, 2021 · 5 comments

Comments

@umarcor
Copy link

umarcor commented Jun 4, 2021

Currently, I need to login to three registries, which makes it very verbose to use this Action:

    - name: Login to ghcr.io
      uses: docker/login-action@v1
      with:
        registry: ghcr.io
        username: gha
        password: ${{ github.token }}
        
    - name: Login to docker.io
      uses: docker/login-action@v1
      with:
        username: ${{ secrets.DOCKER_USERNAME }}
        password: ${{ secrets.DOCKER_PASSWORD }}
        
    - name: Login to GCR
       uses: docker/login-action@v1
       with:
         registry: gcr.io
         username: _json_key
         password: ${{ secrets.GCR_JSON_KEY }}

It would be nice if providing a list of targets was supported. For instance:

    - name: Login to container registries
      uses: docker/login-action@v2
      with:
        targets:
          - 'ghcr.io|gha|${{ github.token }}'
          - 'docker.io|${{ secrets.DOCKER_USERNAME }}|${{ secrets.DOCKER_PASSWORD }}'
          - 'gcr.io|_json_key|${{ secrets.GCR_JSON_KEY }}'
@crazy-max
Copy link
Member

Don't think that's smth we are going to handle here but nested actions through a composite action could be a good fit for that (actions/runner#646).

@umarcor
Copy link
Author

umarcor commented Jun 11, 2021

Don't think that's smth we are going to handle

That's unfortunate...

nested actions through a composite action could be a good fit for that

Composite actions cannot use other actions. It does not seem that will change in the near future...

Moreover, due to #25 and #30 (see https://github.com/dbhi/vunit/runs/2802152583?check_suite_focus=true#step:3:10), it does not feel sensible to try working around the limitations. FTR, I'll use the following syntax for now:

- name: Login to container registries
  run: |
    echo '${{ github.token }}' | docker login ghcr.io -u gha --password-stdin
    echo '${{ secrets.DOCKER_PASSWORD }}' | docker login docker.io -u '${{ secrets.DOCKER_USERNAME }}' --password-stdin
    echo '${{ secrets.GCR_JSON_KEY }}' | docker login gcr.io -u _json_key --password-stdin

@tpolekhin
Copy link

@crazy-max I understand why you don't want to support multiple logins in one action for different registry types, but what about the same one?
Right now we're using this action to login to IBM Cloud Container Registry in different regions:

      - name: Login to IBM Cloud Container Registry US
        uses: docker/login-action@v1
        with:
          registry: us.icr.io
          username: ${{ env.ICR_USERNAME }}
          password: ${{ env.ICR_PASSWORD }}

      - name: Login to IBM Cloud Container Registry UK
        uses: docker/login-action@v1
        with:
          registry: uk.icr.io
          username: ${{ env.ICR_USERNAME }}
          password: ${{ env.ICR_PASSWORD }}

Credentials are the same for all regions, it's just the address of the registry that differs.

Could we possibly support something like this?

      - name: Login to IBM Cloud Container Registry ALL
        uses: docker/login-action@v1
        with:
          registry: |
            us.icr.io
            uk.icr.io
            de.icr.io
            au.icr.io
            jp.icr.io
          username: ${{ env.ICR_USERNAME }}
          password: ${{ env.ICR_PASSWORD }}

@crazy-max
Copy link
Member

@tpolekhin Thanks for your feedback, that sounds like legitimate to me so yes I think we could improve the current behavior. About design I will think about it. I also saw the composite actions ADR recently that could be beneficial for this use case.

@umarcor
Copy link
Author

umarcor commented Jul 18, 2021

I'm closing this issue since the proposed feature is not to be implemented here.

FTR, I'm using a single plain JavaScript file as an alternative:

    - name: Login to container registries
      if: github.event_name != 'pull_request' && github.repository == 'hdl/containers'
      uses: ./utils/registry-login
      with:
        cmd: |
          echo '${{ secrets.GCR_JSON_KEY }}' | docker login gcr.io -u _json_key --password-stdin
          echo '${{ github.token }}' | docker login ghcr.io -u gha --password-stdin
          echo '${{ secrets.DOCKER_PASS }}' | docker login docker.io -u '${{ secrets.DOCKER_USER }}' --password-stdin
const { exec } = require('child_process');

function run(cmd) {
  exec(cmd, (error, stdout, stderr) => {
    if ( stdout.length != 0 ) { console.log(`${stdout}`); }
    if ( stderr.length != 0 ) { console.error(`${stderr}`); }
    if (error) {
      console.error(`exec error: ${error}`);
    }
    return error;
  });
}

// Are we in the 'post' step?
const registries = process.env.STATE_REGISTRIES;
if ( registries != undefined ) {
  for ( const item of registries.split(',') ) { run(`docker logout ${item.trim()}`); };
  return;
}

// Otherwise, this is the main step
run(process.env.INPUT_CMD);
console.log(`::save-state name=REGISTRIES::gcr.io,ghcr.io,docker.io`);

Ref: https://github.com/hdl/containers/tree/main/utils/registry-login

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants