fix: update cron job names and permissions in workflow files; add example .env file (#178)

github-actions[bot] · ChristophShyper · web-flow · commit 236a49efd3b8 · 2026-04-13T22:38:54.000+02:00
Co-authored-by: ChristophShyper &lt;45788587+ChristophShyper@users.noreply.github.com&gt;
diff --git a/.env.example b/.env.example
@@ -0,0 +1,6 @@
+DOCKER_USERNAME=your-dockerhub-user
+DOCKER_ORG_NAME=your-dockerhub-org
+DOCKER_TOKEN=your-docker-token
+GITHUB_USERNAME=your-github-user
+GITHUB_ORG_NAME=your-github-org
+GITHUB_TOKEN=your-github-token
diff --git a/.github/workflows/cron-check-dependencies.yml b/.github/workflows/cron-check-dependencies.yml
@@ -1,15 +1,15 @@
-name: (Cron) Weekly repository health
+name: (Cron) Check dependencies
 
 on:
   schedule:
     - cron: 0 5 * * 1
   workflow_dispatch:
 
 permissions:
-  contents: read
-  issues: write
-  pull-requests: read
+  contents: write
+  pull-requests: write
   packages: write
+  issues: read
 
 jobs:
   call:
diff --git a/.github/workflows/manual-sync-common-files.yml b/.github/workflows/manual-sync-common-files.yml
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -31,16 +31,16 @@ repos:
         pass_filenames: false
       - id: hadolint
         name: hadolint
-        entry: bash -lc 'docker run --rm -v "$PWD:/work" -w /work hadolint/hadolint:latest-debian "$@"' --
+        entry: bash -lc 'docker run --rm -v "$PWD:/work" -w /work hadolint/hadolint:latest-debian /bin/hadolint "$@"' --
         language: system
-        files: '(^|/)Dockerfile(\..*)?$'
+        files: (^|/)Dockerfile(\..*)?$
       - id: shellcheck
         name: shellcheck
         entry: bash -lc 'docker run --rm -v "$PWD:/work" -w /work koalaman/shellcheck:stable -x -S style "$@"' --
         language: system
-        files: '\.sh$'
+        files: \.sh$
       - id: yamllint
         name: yamllint
         entry: bash -lc 'docker run --rm -v "$PWD:/work" -w /work cytopia/yamllint -c .yamllint.yml "$@"' --
         language: system
-        files: '\.(yml|yaml)$'
+        files: \.(yml|yaml)$
diff --git a/README.md b/README.md
@@ -38,6 +38,8 @@ For example:
 <i>To be done</i>
 
 
+
+
 # Usage
 <i>To be done</i>
 
@@ -56,3 +58,32 @@ For example:
 | python3   | Binary         | For running more complex scripts during deployment process.                                                              | https://www.python.org/                            |
 | requests  | Python library | For sending HTTP requests, for example integration with Slack                                                            | https://github.com/psf/requests                    |
 | slack_sdk | Python library | For integration with Slack applications/bots, e.g. creating channels for notifications                                   | https://github.com/slackapi/python-slack-sdk       |
+
+## Forking
+To publish images from a fork, set these variables so Task uses your registry identities:
+`DOCKER_USERNAME`, `DOCKER_ORG_NAME`, `GITHUB_USERNAME`, `GITHUB_ORG_NAME`.
+
+Two supported options (environment variables take precedence over `.env`):
+```bash
+# .env (local only, not committed)
+DOCKER_USERNAME=your-dockerhub-user
+DOCKER_ORG_NAME=your-dockerhub-org
+GITHUB_USERNAME=your-github-user
+GITHUB_ORG_NAME=your-github-org
+```
+
+```bash
+# Shell override
+DOCKER_USERNAME=your-dockerhub-user \
+DOCKER_ORG_NAME=your-dockerhub-org \
+GITHUB_USERNAME=your-github-user \
+GITHUB_ORG_NAME=your-github-org \
+task docker:build
+```
+
+Recommended setup:
+- Local development: use a `.env` file.
+- GitHub Actions: set repo variables for the four values above, and secrets for `DOCKER_TOKEN` and `GITHUB_TOKEN`.
+
+Publish images without a release:
+- Run the `(Manual) Update Version` workflow with `build_only: true` to build and push images without tagging a release.
diff --git a/Taskfile.docker.yml b/Taskfile.docker.yml
@@ -6,10 +6,39 @@ tasks:
   docker:login:
     desc: Login to hub.docker.com and ghcr.io
     cmds:
-      - echo "Logging into Docker Hub as {{.DOCKER_USERNAME}}"
-      - echo "${DOCKER_TOKEN}" | docker login -u "{{.DOCKER_USERNAME}}" --password-stdin
-      - echo "Logging into GHCR as {{.GITHUB_USERNAME}}"
-      - echo "${GITHUB_TOKEN}" | docker login ghcr.io -u "{{.GITHUB_USERNAME}}" --password-stdin
+      - |
+        set -eu
+        docker_username='{{.DOCKER_USERNAME}}'
+        github_username='{{.GITHUB_USERNAME}}'
+        has_dockerhub=false
+        has_ghcr=false
+
+        if [ -n "$docker_username" ] && [ -n "${DOCKER_TOKEN:-}" ]; then
+          has_dockerhub=true
+        fi
+
+        if [ -n "$github_username" ] && [ -n "${GITHUB_TOKEN:-}" ]; then
+          has_ghcr=true
+        fi
+
+        if [ "$has_dockerhub" = false ] && [ "$has_ghcr" = false ]; then
+          echo "❌ No registry credentials provided. Set DOCKER_USERNAME/DOCKER_TOKEN or GITHUB_USERNAME/GITHUB_TOKEN."
+          exit 1
+        fi
+
+        if [ "$has_dockerhub" = true ]; then
+          echo "Logging into Docker Hub as $docker_username"
+          printf '%s' "${DOCKER_TOKEN}" | docker login -u "$docker_username" --password-stdin
+        else
+          echo "⚠️ Skipping Docker Hub login (missing DOCKER_USERNAME/DOCKER_TOKEN)"
+        fi
+
+        if [ "$has_ghcr" = true ]; then
+          echo "Logging into GHCR as $github_username"
+          printf '%s' "${GITHUB_TOKEN}" | docker login ghcr.io -u "$github_username" --password-stdin
+        else
+          echo "⚠️ Skipping GHCR login (missing GITHUB_USERNAME/GITHUB_TOKEN)"
+        fi
 
   docker:cmds:
     desc: Show full docker build command
diff --git a/Taskfile.yml b/Taskfile.yml
@@ -2,6 +2,9 @@ version: '3'
 
 silent: true
 
+dotenv:
+  - .env
+
 includes:
   variables: ./Taskfile.variables.yml
   scripts: ./Taskfile.scripts.yml
