Skip to content
This repository was archived by the owner on Nov 24, 2025. It is now read-only.

Commit 8c671bd

Browse files
authored
Merge pull request #136 from philips-software/Feature/34_RemaveDockerVariables
Add deprecation warnings: Feature/34 remave docker variables
2 parents ade4738 + 8cea492 commit 8c671bd

8 files changed

Lines changed: 107 additions & 84 deletions

File tree

CHANGELOG.md

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,16 @@ and this project uses the version of main tool as main version number .
66

77
## [Unreleased]
88

9+
- Rename arguments to reflect multiple container registries.
10+
11+
### DEPRECATION
12+
13+
- `DOCKER_USERNAME`, `DOCKER_PASSWORD`, and `DOCKER_REGISTRY` are deprecated. Please use `REGISTRY_USERNAME`, `REGISTRY_TOKEN`, and `REGISTRY_URL`.
14+
15+
## v4.4.0
916
- [#50] - Fix: Automatic push of README to docker hub is broken.
1017
- [#48] - Loop through entire array of push-branches
18+
- [#34] - ** BREAKING ** Rename variables DOCKER_USERNAME, DOCKER_PASSWORD and DOCKER_REGISTRY
1119

1220
## v3.1.0 - 2020-09-23
1321
- Allow users to specify multiple branches to push to the artifact repository. `push-branches`
@@ -21,7 +29,7 @@ and this project uses the version of main tool as main version number .
2129
- Allow users to specify specific dockerfile instead of path
2230

2331
The `docker build` command is now being called from the root of the project
24-
instead of the directory.
32+
instead of the directory.
2533

2634
This has impact when your project has:
2735
- Directories with multiple dockerfiles
@@ -30,15 +38,15 @@ This has impact when your project has:
3038
You now need to change the path to include the directory.
3139

3240
Example:
33-
- `ADD /scripts/entrypoint.sh entrypoint.sh` becomes: `ADD /6/java/scripts/entrypoint.sh entrypoint`
41+
- `ADD /scripts/entrypoint.sh entrypoint.sh` becomes: `ADD /6/java/scripts/entrypoint.sh entrypoint`
3442

3543
## v2.2.1 - 2020-05-18
3644
### Changed
37-
- [#38] - Auto update readme was not working anymore
45+
- [#38] - Auto update readme was not working anymore
3846

3947
## v2.2.0
4048
- [#33] - DOCKER_ORGANIZATION is optional when other repository store is used.
41-
- [#32] - DOCKER_REGISTRY should be an environment variable.
49+
- [#32] - DOCKER_REGISTRY should be an environment variable.
4250
- Fix shellinter
4351

4452
### Add

LICENSE.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
MIT License
22

3-
Copyright (c) 2020 Philips Software
3+
Copyright (c) 2020 - 2022 Philips Software
44

55
Permission is hereby granted, free of charge, to any person obtaining a copy
66
of this software and associated documentation files (the "Software"), to deal

README.md

Lines changed: 32 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -71,15 +71,15 @@ Builds docker images and publish them on request
7171

7272
These variables can be set in the github repository secret vault.
7373

74-
### `DOCKER_USERNAME`
74+
### `REGISTRY_USERNAME`
7575

76-
**Required** Docker username
76+
**Required** Registry username
7777

78-
### `DOCKER_PASSWORD`
78+
### `REGISTRY_TOKEN`
7979

80-
**Required** Docker password
80+
**Required** Registry token
8181

82-
### `DOCKER_REGISTRY`
82+
### `REGISTRY_URL`
8383

8484
**Optional** Registry to push the docker image to. Defaults to Docker hub.
8585

@@ -158,8 +158,8 @@ This action is a `docker` action.
158158
image-name: "node"
159159
tags: "latest 12 12.1 12.1.4"
160160
env:
161-
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
162-
DOCKER_PASSWORD: "${{ secrets.DOCKER_PASSWORD }}"
161+
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
162+
REGISTRY_TOKEN: "${{ secrets.REGISTRY_TOKEN }}"
163163
DOCKER_ORGANIZATION: myDockerOrganization
164164
```
165165
@@ -172,8 +172,8 @@ This action is a `docker` action.
172172
image-name: "node"
173173
tags: "latest 12 12.1 12.1.4"
174174
env:
175-
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
176-
DOCKER_PASSWORD: "${{ secrets.DOCKER_PASSWORD }}"
175+
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
176+
REGISTRY_TOKEN: "${{ secrets.REGISTRY_TOKEN }}"
177177
DOCKER_ORGANIZATION: myDockerOrganization
178178
FOO_BUILD_ARG: "foo"
179179
BAR_BUILD_ARG: ${{ secrets.SECRET_BAR_BUILD_ARG }}
@@ -191,9 +191,9 @@ This action is a `docker` action.
191191
tags: latest 0.1
192192
push-branches: main develop
193193
env:
194-
DOCKER_USERNAME: ${{ github.actor }}
195-
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
196-
DOCKER_REGISTRY: ghcr.io/organization-here
194+
REGISTRY_USERNAME: ${{ github.actor }}
195+
REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
196+
REGISTRY_URL: ghcr.io/organization-here
197197
GITHUB_ORGANIZATION: organization-here
198198
```
199199
@@ -220,9 +220,9 @@ Store the content of `cosign.pub`, `cosign.key` and the password in GitHub Secre
220220
push-branches: main develop
221221
sign: true
222222
env:
223-
DOCKER_USERNAME: ${{ github.actor }}
224-
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
225-
DOCKER_REGISTRY: ghcr.io/organization-here
223+
REGISTRY_USERNAME: ${{ github.actor }}
224+
REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
225+
REGISTRY_URL: ghcr.io/organization-here
226226
GITHUB_ORGANIZATION: organization-here
227227
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
228228
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
@@ -250,9 +250,9 @@ You will get a result when the image is valid.
250250
push-branches: main develop
251251
slsa-provenance: true
252252
env:
253-
DOCKER_USERNAME: ${{ github.actor }}
254-
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
255-
DOCKER_REGISTRY: ghcr.io/organization-here
253+
REGISTRY_USERNAME: ${{ github.actor }}
254+
REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
255+
REGISTRY_URL: ghcr.io/organization-here
256256
GITHUB_ORGANIZATION: organization-here
257257
- name: Show provenance
258258
run: |
@@ -275,9 +275,9 @@ the COSIGN environment variables. (see #sign how to generate the key-pair)
275275
slsa-provenance: true
276276
sign: true
277277
env:
278-
DOCKER_USERNAME: ${{ github.actor }}
279-
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
280-
DOCKER_REGISTRY: ghcr.io/organization-here
278+
REGISTRY_USERNAME: ${{ github.actor }}
279+
REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
280+
REGISTRY_URL: ghcr.io/organization-here
281281
GITHUB_ORGANIZATION: organization-here
282282
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
283283
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
@@ -306,9 +306,9 @@ You can inspect the provenance and decide on whether you want use the image.
306306
push-branches: main develop
307307
sbom: true
308308
env:
309-
DOCKER_USERNAME: ${{ github.actor }}
310-
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
311-
DOCKER_REGISTRY: ghcr.io/organization-here
309+
REGISTRY_USERNAME: ${{ github.actor }}
310+
REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
311+
REGISTRY_URL: ghcr.io/organization-here
312312
GITHUB_ORGANIZATION: organization-here
313313
- name: Show SBOM
314314
run: |
@@ -331,9 +331,9 @@ the COSIGN environment variables. (see #sign how to generate the key-pair)
331331
sbom: true
332332
sign: true
333333
env:
334-
DOCKER_USERNAME: ${{ github.actor }}
335-
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
336-
DOCKER_REGISTRY: ghcr.io/organization-here
334+
REGISTRY_USERNAME: ${{ github.actor }}
335+
REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
336+
REGISTRY_URL: ghcr.io/organization-here
337337
GITHUB_ORGANIZATION: organization-here
338338
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
339339
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
@@ -363,9 +363,9 @@ the COSIGN environment variables. (see #sign how to generate the key-pair)
363363
sign: true
364364
slsa-provenance: true
365365
env:
366-
DOCKER_USERNAME: ${{ github.actor }}
367-
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
368-
DOCKER_REGISTRY: ghcr.io/organization-here
366+
REGISTRY_USERNAME: ${{ github.actor }}
367+
REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
368+
REGISTRY_URL: ghcr.io/organization-here
369369
GITHUB_ORGANIZATION: organization-here
370370
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
371371
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
@@ -413,8 +413,8 @@ This can be done with a small snippet:
413413
tags: "latest ${{ env.major }} ${{ env.minor }} ${{ env.patch }}"
414414
push-on-git-tag: "true"
415415
env:
416-
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
417-
DOCKER_PASSWORD: "${{ secrets.DOCKER_PASSWORD }}"
416+
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
417+
REGISTRY_TOKEN: "${{ secrets.REGISTRY_TOKEN }}"
418418
DOCKER_ORGANIZATION: myDockerOrganization
419419
```
420420

container_digest.sh

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -5,19 +5,19 @@ set -e
55
# shellcheck disable=SC2153
66
docker_organization=$DOCKER_ORGANIZATION
77

8-
if [ -z "$DOCKER_REGISTRY" ]; then
8+
if [ -z "$REGISTRY_URL" ]; then
99
if [ -z "$docker_organization" ]; then
1010
echo "::error::No DOCKER_ORGANIZATION set. This is mandatory when using docker.io"
1111
exit 1
1212
fi
13-
DOCKER_REGISTRY="docker.io"
14-
docker_registry_prefix="$DOCKER_REGISTRY/$docker_organization"
13+
REGISTRY_URL="docker.io"
14+
registry_url_prefix="$REGISTRY_URL/$docker_organization"
1515
echo "Docker organization: $docker_organization"
1616
else
17-
docker_registry_prefix="$DOCKER_REGISTRY"
17+
registry_url_prefix="$REGISTRY_URL"
1818
fi
1919

20-
echo "docker_registry_prefix: $docker_registry_prefix"
20+
echo "registry_url_prefix: $registry_url_prefix"
2121

2222
# builddir=$1
2323
shift
@@ -30,31 +30,31 @@ IFS=' '
3030
read -ra tags <<<"$alltags"
3131
basetag=${tags[0]}
3232

33-
if [ -z "$DOCKER_PASSWORD" ]; then
34-
echo "::error::No DOCKER_PASSWORD set. Please provide"
33+
if [ -z "$REGISTRY_TOKEN" ]; then
34+
echo "::error::No REGISTRY_TOKEN set. Please provide"
3535
exit 1
3636
fi
3737

38-
if [ -z "$DOCKER_USERNAME" ]; then
39-
echo "::error::No DOCKER_USERNAME set. Please provide"
38+
if [ -z "$REGISTRY_USERNAME" ]; then
39+
echo "::error::No REGISTRY_USERNAME set. Please provide"
4040
exit 1
4141
fi
4242

4343
echo "Login to docker"
4444
echo "--------------------------------------------------------------------------------------------"
45-
echo "$DOCKER_PASSWORD" | docker login "$DOCKER_REGISTRY" -u "$DOCKER_USERNAME" --password-stdin
45+
echo "$REGISTRY_TOKEN" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin
4646

47-
docker pull "$docker_registry_prefix"/"$imagename":"$basetag"
47+
docker pull "$registry_url_prefix"/"$imagename":"$basetag"
4848

49-
echo "Getting digest for $docker_registry_prefix/$imagename:$basetag"
50-
containerdigest=$(docker inspect "$docker_registry_prefix"/"$imagename":"$basetag" --format '{{ index .RepoDigests 0 }}' | cut -d '@' -f 2)
49+
echo "Getting digest for $registry_url_prefix/$imagename:$basetag"
50+
containerdigest=$(docker inspect "$registry_url_prefix"/"$imagename":"$basetag" --format '{{ index .RepoDigests 0 }}' | cut -d '@' -f 2)
5151
echo "found: ${containerdigest}"
5252
echo "::set-output name=container-digest::${containerdigest}"
5353

5454
echo "--------------------------------------------------------------------------------------------"
5555

5656
echo "Getting tags"
57-
containertags=$(docker inspect "$docker_registry_prefix"/"$imagename":"$basetag" --format '{{ join .RepoTags "\n" }}' | sed 's/.*://' | paste -s -d ',' -)
57+
containertags=$(docker inspect "$registry_url_prefix"/"$imagename":"$basetag" --format '{{ join .RepoTags "\n" }}' | sed 's/.*://' | paste -s -d ',' -)
5858
echo "found: ${containertags}"
5959
echo "::set-output name=container-tags::${containertags}"
6060

@@ -76,15 +76,15 @@ then
7676
echo "${COSIGN_PUBLIC_KEY}" > "$COSIGN_PUB"
7777

7878
echo "Sign image"
79-
cosign sign --key "$COSIGN_KEY" "$docker_registry_prefix"/"$imagename"@"${containerdigest}"
79+
cosign sign --key "$COSIGN_KEY" "$registry_url_prefix"/"$imagename"@"${containerdigest}"
8080

8181
echo "Verify signing"
82-
cosign verify --key "$COSIGN_PUB" "$docker_registry_prefix"/"$imagename"@"${containerdigest}"
82+
cosign verify --key "$COSIGN_PUB" "$registry_url_prefix"/"$imagename"@"${containerdigest}"
8383

8484
{
8585
echo 'Image is signed. You can verify it with the following command:'
8686
echo '```bash'
87-
echo "cosign verify --key cosign.pub $docker_registry_prefix/$imagename@${containerdigest}"
87+
echo "cosign verify --key cosign.pub $registry_url_prefix/$imagename@${containerdigest}"
8888
echo '```'
8989
} >> "$GITHUB_STEP_SUMMARY"
9090
fi
@@ -100,7 +100,7 @@ then
100100
slsa-provenance generate container \
101101
--github-context "$encoded_github" \
102102
--runner-context "$encoded_runner" \
103-
--repository "$docker_registry_prefix"/"$imagename" \
103+
--repository "$registry_url_prefix"/"$imagename" \
104104
--digest "${containerdigest}" \
105105
--tags "${containertags}"
106106

@@ -121,12 +121,12 @@ then
121121
jq .predicate < provenance.json > provenance-predicate.json
122122

123123
echo "Attest predicate"
124-
cosign attest --predicate provenance-predicate.json --key "$COSIGN_KEY" --type slsaprovenance "$docker_registry_prefix"/"$imagename"@"${containerdigest}"
124+
cosign attest --predicate provenance-predicate.json --key "$COSIGN_KEY" --type slsaprovenance "$registry_url_prefix"/"$imagename"@"${containerdigest}"
125125

126126
{
127127
echo "SLSA Provenance file is attested. You can verify it with the following command."
128128
echo '```bash'
129-
echo "cosign verify-attestation --key cosign.pub $docker_registry_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType==\"https://slsa.dev/provenance/v0.2\" ) | .'"
129+
echo "cosign verify-attestation --key cosign.pub $registry_url_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType==\"https://slsa.dev/provenance/v0.2\" ) | .'"
130130
echo '```'
131131
} >> "$GITHUB_STEP_SUMMARY"
132132
fi
@@ -137,7 +137,7 @@ then
137137
echo "### SBOM" >> "$GITHUB_STEP_SUMMARY"
138138
echo "Using Syft to generate SBOM"
139139

140-
syft packages "$docker_registry_prefix"/"$imagename"@"${containerdigest}" -o spdx-json=sbom-spdx-formatted.json
140+
syft packages "$registry_url_prefix"/"$imagename"@"${containerdigest}" -o spdx-json=sbom-spdx-formatted.json
141141

142142
echo "Remove formatting"
143143
jq -c . sbom-spdx-formatted.json > sbom-spdx.json
@@ -153,14 +153,14 @@ then
153153
echo "Attaching SBOM with Cosign"
154154

155155
echo "Attest SBOM"
156-
cosign attest --predicate sbom-spdx.json --type spdx --key "$COSIGN_KEY" "$docker_registry_prefix"/"$imagename"@"${containerdigest}"
156+
cosign attest --predicate sbom-spdx.json --type spdx --key "$COSIGN_KEY" "$registry_url_prefix"/"$imagename"@"${containerdigest}"
157157

158158
echo "Done attesting the SBOM"
159159

160160
{
161161
echo "SBOM file is attested. You can verify it with the following command."
162162
echo '```bash'
163-
echo "cosign verify-attestation --key cosign.pub $docker_registry_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select( .predicateType==\"https://spdx.dev/Document\" ) | .predicate.Data | fromjson | .'"
163+
echo "cosign verify-attestation --key cosign.pub $registry_url_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select( .predicateType==\"https://spdx.dev/Document\" ) | .predicate.Data | fromjson | .'"
164164
echo '```'
165165
} >> "$GITHUB_STEP_SUMMARY"
166166

docker_build.sh

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,18 +22,18 @@ echo "--------------------------------------------------------------------------
2222
# shellcheck disable=SC2153
2323
docker_organization=$DOCKER_ORGANIZATION
2424

25-
if [ -z "$DOCKER_REGISTRY" ]; then
25+
if [ -z "$REGISTRY_URL" ]; then
2626
if [ -z "$docker_organization" ]; then
2727
echo " No DOCKER_ORGANIZATION set. This is mandatory when using docker.io"
2828
exit 1
2929
fi
30-
docker_registry_prefix="docker.io/$docker_organization"
30+
registry_url_prefix="docker.io/$docker_organization"
3131
echo "Docker organization: $docker_organization"
3232
else
33-
docker_registry_prefix="$DOCKER_REGISTRY"
33+
registry_url_prefix="$REGISTRY_URL"
3434
fi
3535

36-
echo "docker_registry_prefix: $docker_registry_prefix"
36+
echo "registry_url_prefix: $registry_url_prefix"
3737

3838
# Checking GITHUB_ORGANIZATION environment variable
3939

@@ -92,12 +92,12 @@ echo "repo: https://github.com/$project/tree/$commitsha"
9292
echo "https://github.com/$project/tree/$commitsha" >REPO
9393

9494
# shellcheck disable=SC2086
95-
docker build . -f "$dockerfilepath" -t "$docker_registry_prefix"/"$imagename":"$basetag" $docker_build_args
95+
docker build . -f "$dockerfilepath" -t "$registry_url_prefix"/"$imagename":"$basetag" $docker_build_args
9696

9797
echo "--------------------------------------------------------------------------------------------"
9898
for tag in "${tags[@]:1}"; do
99-
echo "Tagging $docker_registry_prefix/$imagename:$basetag as $docker_registry_prefix/$imagename:$tag"
100-
docker tag "$docker_registry_prefix"/"$imagename":"$basetag" "$docker_registry_prefix"/"$imagename":"$tag"
99+
echo "Tagging $registry_url_prefix/$imagename:$basetag as $registry_url_prefix/$imagename:$tag"
100+
docker tag "$registry_url_prefix"/"$imagename":"$basetag" "$registry_url_prefix"/"$imagename":"$tag"
101101
done
102102
echo "============================================================================================"
103103
echo "Finished building docker images from: $dockerfilepath"

0 commit comments

Comments
 (0)