docker login

plutov · May 28, 2024 · 4d686c2 · 4d686c2
1 parent 286bd92
commit 4d686c2
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/.github/workflows/docker-scout.yaml b/.github/workflows/docker-scout.yaml
@@ -14,12 +14,17 @@ jobs:
         uses: actions/checkout@v4
       - name: Setup Docker buildx
         uses: docker/setup-buildx-action@v3
-      - name: Build and push Docker image
+      - name: Build Docker image
         uses: docker/[email protected]
         with:
           context: ./25-docker-scout
           push: false
           tags: ${{ steps.meta.outputs.tags }}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Docker Scout
         id: docker-scout
         uses: docker/scout-action@v1

diff --git a/25-docker-scout/README.md b/25-docker-scout/README.md
@@ -142,4 +142,4 @@ While manual scanning is valuable, integrating vulnerability checks into your CI
 
 Docker Scout has a [GitHub Action](https://github.com/docker/scout-action) to run the Docker Scout CLI as part of your workflows.
 
-Here is an example workflow (`.github/workflows/docker-scout.yaml`) which runs Docker Scout on every push and reports only Critical and High vulnerabilities as a comment to a PR.
+Here is an example workflow (`.github/workflows/docker-scout.yaml`) which runs Docker Scout on every push and reports only Critical and High vulnerabilities as a comment to a PR. This actions requires authentication to Docker Hub, so we should add `DOCKERHUB_USERNAME` and `DOCKERHUB_TOKEN` to secrets.