Merge pull request #139 from step-security/auto-cherry-pick

chore: Cherry-picked changes from upstream

Author: Raj-StepSecurity

.github/workflows/actions_release.yml

@@ -6,6 +6,10 @@ on:
       tag:
         description: "Tag for the release"
         required: true
+      script:
+        description: "Specify a script to run after audit fix"
+        required: false
+        default: "yarn run all"
 
 permissions:
   contents: read
@@ -18,4 +22,5 @@ jobs:
       contents: write
     uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1
     with:
-      tag: "${{ github.event.inputs.tag }}"
+      tag: "${{ github.event.inputs.tag }}"
+      script: "${{ github.event.inputs.tag }}"

.github/workflows/audit_package.yml

@@ -14,7 +14,7 @@ on:
       script:
         description: "Specify a script to run after audit fix"
         required: false
-        default: "yarn build"
+        default: "yarn run all"
 
   schedule:
     - cron: "0 0 * * 1"
@@ -25,7 +25,7 @@ jobs:
     with:
       base_branch: ${{ inputs.base_branch || 'main' }}
       package_manager: "yarn"
-      script: ${{ inputs.script || 'yarn build' }}
+      script: ${{ inputs.script || 'yarn run all' }}
 
 permissions:
   contents: write

.github/workflows/ci.yml

@@ -18,6 +18,7 @@ on:
 
 env:
   DOCKER_VERSION: v27.3.1
+  DOCKER_BUILD_SUMMARY: false
 
 jobs:
   main:
@@ -311,4 +312,32 @@ jobs:
       -
         name: List contexts
         run: |
-          docker context ls
+          docker context ls
+
+  tcp:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          #- macos-14  # no virt: https://github.com/docker/actions-toolkit/issues/317
+          - macos-13
+          - windows-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker
+        id: setup_docker
+        uses: ./
+        with:
+          version: ${{ env.DOCKER_VERSION }}
+          tcp-port: 2378
+      -
+        name: Check docker info through TCP
+        run: |
+          docker info
+        env:
+          DOCKER_HOST: ${{ steps.setup_docker.outputs.tcp }}

README.md

@@ -30,6 +30,7 @@ ___
   * [Define custom `limactl start` arguments (macOS)](#define-custom-limactl-start-arguments-macos)
 * [Customizing](#customizing)
   * [inputs](#inputs)
+  * [inputs.version](#inputsversion)
   * [outputs](#outputs)
 * [Contributing](#contributing)
 * [License](#license)
@@ -50,7 +51,7 @@ jobs:
     steps:
       -
         name: Set up Docker
-        uses: step-security/ghaction-setup-docker@v3
+        uses: step-security/ghaction-setup-docker@v4
 ```
 
 ### Daemon configuration
@@ -72,7 +73,7 @@ jobs:
     steps:
       -
         name: Set up Docker
-        uses: step-security/ghaction-setup-docker@v3
+        uses: step-security/ghaction-setup-docker@v4
         with:
           daemon-config: |
             {
@@ -100,7 +101,7 @@ jobs:
     steps:
       -
         name: Set up Docker
-        uses: step-security/ghaction-setup-docker@v3
+        uses: step-security/ghaction-setup-docker@v4
         env:
           LIMA_START_ARGS: --cpus 4 --memory 8
 ```
@@ -113,20 +114,88 @@ The following inputs can be used as `step.with` keys
 
 | Name            | Type   | Default               | Description                                                                                                                 |
 |-----------------|--------|-----------------------|-----------------------------------------------------------------------------------------------------------------------------|
-| `version`       | String | `latest`              | Docker CE version (e.g., `v24.0.6`).                                                                                        |
-| `channel`       | String | `stable`              | Docker CE [channel](https://download.docker.com/linux/static/) (e.g, `stable`, `edge` or `test`).                           |
+| `version`       | String | `latest`              | Docker version to use. See [inputs.version](#inputs.version).                                                               |
+| `channel`       | String | `stable`              | Docker CE [channel](https://download.docker.com/linux/static/) (`stable` or `test`). Only applicable to `type=archive`      |
 | `daemon-config` | String |                       | [Docker daemon JSON configuration](https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file) |
+| `tcp-port`      | Number |                       | TCP port to expose the Docker API locally                                                                                   |
 | `context`       | String | `setup-docker-action` | Docker context name.                                                                                                        |
 | `set-host`      | Bool   | `false`               | Set `DOCKER_HOST` environment variable to docker socket path.                                                               |
 | `rootless`      | Bool   | `false`               | Start daemon in rootless mode                                                                                               |
 
+### inputs.version
+
+By default, the latest stable version of Docker is fetched from download.docker.com.
+
+You can specify a specific version number (e.g. `v27.4.0`).
+Which is a shorthand for the full comma separated value:
+
+`type=archive,channel=stable,version=v27.4.0`
+
+You can also use this full csv format instead.
+
+Currently supported source types are:
+- `archive`
+- `image`
+
+#### `type=archive`
+| Key       |  Default   | Description                                                                          |
+|-----------|------------|--------------------------------------------------------------------------------------| 
+| `type`    | `archive`  | The source type of the Docker binaries. Possible values are `archive` and `image`.   | 
+| `channel` | `stable`   | The download.docker.com channel (`stable` or `test`).                                | 
+| `version` | `latest`   | The Docker version to use.                                                           | 
+
+Examples:
+```yaml
+# last stable released version
+version: latest
+version: type=archive                 # same as above
+version: version=latest               # same as above
+version: type=archive,version=latest  # same as above
+```
+
+```yaml
+# v27.3.0-rc.1 from test channel
+version: type=archive,version=27.3.0-rc.1,channel=test
+```
+
+#### `type=image`
+
+Other possible source type is `image` which will pull the Docker binaries from the `moby/moby-bin` and
+`dockereng/cli-bin` Docker Hub repositories.
+The advantage of using this source type is that these images are built by the Moby and Docker CI pipelines
+for each branch and PR, so you can use the `tag` input to install a specific version or branch (e.g. `master`).
+
+| Key       |  Default   | Description                                                                          |
+|-----------|------------|--------------------------------------------------------------------------------------|
+| `tag`     | `latest`   | The image tag to use.                                                                |
+
+See https://hub.docker.com/r/moby/moby-bin/tags and https://hub.docker.com/r/dockereng/cli-bin/tags for available tags.
+
+Examples:
+```yaml
+# install last stable released version from bin images
+version: type=image
+version: type=image,tag=latest        # same as above
+```
+
+```yaml
+# a cutting-edge version from the `master` branch
+version: type=image,tag=master
+```
+
+```yaml
+# install v27.4.0 from bin images
+version: type=image,tag=27.4.0
+```
+
 ### outputs
 
 The following outputs are available
 
-| Name   | Type   | Description        |
-|--------|--------|--------------------|
-| `sock` | String | Docker socket path |
+| Name   | Type   | Description                           |
+|--------|--------|---------------------------------------|
+| `sock` | String | Docker socket path                    |
+| `tcp`  | String | Docker TCP address if tcp-port is set |
 
 ## License
 

__tests__/context.test.ts

@@ -185,6 +185,27 @@ describe('getInputs', () => {
         rootless: true,
       } as context.Inputs
     ],
+    [
+      9,
+      new Map<string, string>([
+        ['version', 'v24.0.8'],
+        ['tcp-port', '2378'],
+        ['set-host', 'false'],
+        ['rootless', 'false'],
+      ]),
+      {
+        source: {
+          type: 'archive',
+          version: 'v24.0.8',
+          channel: 'stable'
+        },
+        context: '',
+        daemonConfig: '',
+        tcpPort: 2378,
+        rootless: false,
+        setHost: false
+      } as context.Inputs
+    ],
   ])(
     '[%d] given %p as inputs, returns %p',
     async (num: number, inputs: Map<string, string>, expected: context.Inputs) => {

action.yml

@@ -16,6 +16,9 @@ inputs:
   daemon-config:
     description: 'Docker daemon JSON configuration'
     required: false
+  tcp-port:
+    description: 'TCP port to expose the Docker API locally'
+    required: false
   context:
     description: 'Docker context name. (default setup-docker-action)'
     required: false
@@ -31,6 +34,8 @@ inputs:
 outputs:
   sock:
     description: "Docker socket path"
+  tcp:
+    description: "Docker TCP address if tcp-port is set"
 
 runs:
   using: 'node20'

dist/index.js

@@ -25,7 +25,7 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@actions/core": "^1.10.1",
-    "@docker/actions-toolkit": "^0.46.0",
+    "@docker/actions-toolkit": "^0.49.0",
     "uuid": "^10.0.0"
   },
   "devDependencies": {

dist/index.js.map

@@ -1,10 +1,13 @@
 import * as core from '@actions/core';
-import {InstallSource} from '@docker/actions-toolkit/lib/docker/install';
 import {parse} from 'csv-parse/sync';
 
+import {InstallSource} from '@docker/actions-toolkit/lib/docker/install';
+import {Util} from '@docker/actions-toolkit/lib/util';
+
 export interface Inputs {
   source: InstallSource;
   daemonConfig?: string;
+  tcpPort?: number;
   context: string;
   setHost: boolean;
   rootless: boolean;
@@ -21,6 +24,7 @@ export function getInputs(): Inputs {
   return {
     source: source,
     daemonConfig: core.getInput('daemon-config'),
+    tcpPort: Util.getInputNumber('tcp-port'),
     context: core.getInput('context'),
     setHost: core.getBooleanInput('set-host'),
     rootless: core.getBooleanInput('rootless')