Make input username and password optional

If user has authenticated to container image registry before running this action, then it's not required to provide username and password in this action Signed-off-by: divyansh42 <diagrawa@redhat.com>
2025-04-19 22:26:18 +02:00 · 2021-04-09 14:56:06 +05:30 · 2021-04-09 14:56:06 +05:30 · 2c3fb7261b
commit 2c3fb7261b
parent 002092527f
7 changed files with 49 additions and 84 deletions
--- a/.github/workflows/verify-push.yaml
+++ b/.github/workflows/verify-push.yaml
@ -86,6 +86,16 @@ jobs:
            spring-petclinic-*.jar
          port: 8080
          oci: 'true'
+        env:
+          STORAGE_OPTS: "overlay.mount_program=/usr/bin/fuse-overlayfs"
+
+      # Authenticate to container image registry to push the image
+      - name: Podman Login
+        uses: redhat-actions/podman-login@v1
+        with:
+          registry: quay.io
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}

      # Push the image to Quay.io (Image Registry)
      - name: Push To Quay
@ -95,8 +105,6 @@ jobs:
          image: ${{ steps.build_image.outputs.image }}
          tags: ${{ steps.build_image.outputs.tags }}
          registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
-          username: ${{ secrets.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_PASSWORD }}
          extra-args: |
            --disable-content-trust

--- a/README.md
+++ b/README.md
@ -9,7 +9,7 @@
 [![license badge](https://img.shields.io/github/license/redhat-actions/push-to-registry)](./LICENSE)
 [![size badge](https://img.shields.io/github/size/redhat-actions/push-to-registry/dist/index.js)](./dist)

-Push-to-registry is a GitHub Action for pushing a container image to an image registry, such as Dockerhub, Quay&#46;io, the GitHub Container Registry, or an OpenShift integrated registry.
+Push-to-registry is a GitHub Action for pushing a container image to an image registry, such as Dockerhub, quay&#46;io, the GitHub Container Registry, or an OpenShift integrated registry.

 This action only runs on Linux, as it uses [podman](https://github.com/containers/Podman) to perform the push. [GitHub's Ubuntu action runners](https://github.com/actions/virtual-environments#available-environments) come with Podman preinstalled. If you are not using those runners, you must first [install Podman](https://podman.io/getting-started/installation).

@ -17,72 +17,16 @@ This action only runs on Linux, as it uses [podman](https://github.com/container

 Refer to the [`podman push`](http://docs.podman.io/en/latest/markdown/podman-manifest-push.1.html) documentation for more information.

-<table>
-  <thead>
-    <tr>
-      <th>Input</th>
-      <th>Required</th>
-      <th>Description</th>
-    </tr>
-  </thead>
-
-  <tr>
-    <td>image</td>
-    <td>Yes</td>
-    <td>
-      Name of the image you want to push.
-    </td>
-  </tr>
-
-  <tr>
-    <td>tags</td>
-    <td>No</td>
-    <td>
-      The tag or tags of the image to push. For multiple tags, seperate by a space. For example, <code>latest ${{ github.sha }}</code><br>
-      Defaults to <code>latest</code>.
-    </td>
-  </tr>
-
-  <tr>
-    <td>registry</td>
-    <td>Yes</td>
-    <td>URL of the registry to push the image to.<br>
-    Eg. <code>quay.io/&lt;username&gt;</code></td>
-  </tr>
-
-  <tr>
-    <td>username</td>
-    <td>Yes</td>
-    <td>Username with which to authenticate to the registry.</td>
-  </tr>
-
-  <tr>
-    <td>password</td>
-    <td>Yes</td>
-    <td>Password, encrypted password, or access token with which to authenticate to the registry.</td>
-  </tr>
-
-   <tr>
-    <td>tls-verify</td>
-    <td>No</td>
-    <td>Verify TLS certificates when contacting the registry. Set to "false" to skip certificate verification.</td>
-  </tr>
-
-  <tr>
-    <td>digestfile</td>
-    <td>No</td>
-    <td>After copying the image, write the digest of the resulting image to the file. By default, the filename will be determined from the image and tag.
-    The contents of this file are the <code>digest</code> output.</td>
-  </tr>
-
-  <tr>
-    <td>extra-args</td>
-    <td>No</td>
-    <td>Extra args to be passed to podman push.
-      Separate arguments by newline. Do not use quotes.</td>
-  </tr>
-
-</table>
+| Input Name | Description | Default |
+| ---------- | ----------- | ------- |
+| image	| Name of the image you want to push. | **Required**
+| tags | The tag or tags of the image to push. For multiple tags, seperate by a space. For example, `latest ${{ github.sha }}` | `latest`
+| registry | URL of the registry to push the image to. Eg. `quay.io/<username>` | **Required**
+| username | Username with which to authenticate to the registry. | None
+| password | Password, encrypted password, or access token with which to authenticate to the registry. | None
+| tls-verify | Verify TLS certificates when contacting the registry. Set to `false` to skip certificate verification. | `true`
+| digestfile | After copying the image, write the digest of the resulting image to the file. The contents of this file are the digest output. | Auto determined from image and tag
+| extra-args | Extra args to be passed to podman push. Separate arguments by newline. Do not use quotes. | None

 ## Action Outputs

@ -97,7 +41,7 @@ For example, `[ quay.io/username/spring-image:v1, quay.io/username/spring-image:

 ## Examples

-The example below shows how the `push-to-registry` action can be used to push an image created by the [buildah-build](https://github.com/redhat-actions/buildah-build) action.
+The example below shows how the `push-to-registry` action can be used to push an image created by the **[buildah-build](https://github.com/redhat-actions/buildah-build)** action. **[podman-login](https://github.com/redhat-actions/podman-login)** action is used here to authenticate to quay.io to push the built image.

 ```yaml
 name: Build and Push Image
@ -110,6 +54,8 @@ jobs:
    env:
      IMAGE_NAME: my-app
      IMAGE_TAGS: latest v1
+      REGISTRY_USER: quayuser
+      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}

    steps:
    - uses: actions/checkout@v2
@ -124,15 +70,20 @@ jobs:
        dockerfiles: |
          ./Dockerfile

-    - name: Push To Quay
+    - name: Log in to quay.io
+      uses: redhat-actions/podman-login@v1
+      with:
+        username: ${{ env.REGISTRY_USER }}
+        password: ${{ env.REGISTRY_PASSWORD }}
+        registry: quay.io
+
+    - name: Push To quay.io
      id: push-to-quay
      uses: redhat-actions/push-to-registry@v2
      with:
        image: ${{ steps.build-image.outputs.image }}
        tags: ${{ steps.build-image.outputs.tags }}
        registry: ${{ secrets.QUAY_REPO }}
-        username: ${{ secrets.QUAY_USERNAME }}
-        password: ${{ secrets.QUAY_TOKEN }}

    - name: Use the image
      run: echo "New image has been pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
--- a/action.yml
+++ b/action.yml
@ -17,10 +17,10 @@ inputs:
    required: true
  username:
    description: 'Username to use as credential to authenticate to the registry'
-    required: true
+    required: false
  password:
    description: 'Password to use as credential to authenticate to the registry'
-    required: true
+    required: false
  tls-verify:
    description: 'Verify TLS certificates when contacting the registry'
    required: false
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/src/generated/inputs-outputs.ts
+++ b/src/generated/inputs-outputs.ts
@ -23,7 +23,7 @@ export enum Inputs {
    IMAGE = "image",
    /**
     * Password to use as credential to authenticate to the registry
-     * Required: true
+     * Required: false
     * Default: None.
     */
    PASSWORD = "password",
@ -47,7 +47,7 @@ export enum Inputs {
    TLS_VERIFY = "tls-verify",
    /**
     * Username to use as credential to authenticate to the registry
-     * Required: true
+     * Required: false
     * Default: None.
     */
    USERNAME = "username",
--- a/src/index.ts
+++ b/src/index.ts
@ -49,8 +49,8 @@ async function run(): Promise<void> {
        tagsList.push(DEFAULT_TAG);
    }
    const registry = core.getInput(Inputs.REGISTRY, { required: true });
-    const username = core.getInput(Inputs.USERNAME, { required: true });
-    const password = core.getInput(Inputs.PASSWORD, { required: true });
+    const username = core.getInput(Inputs.USERNAME);
+    const password = core.getInput(Inputs.PASSWORD);
    const tlsVerify = core.getInput(Inputs.TLS_VERIFY);
    const digestFileInput = core.getInput(Inputs.DIGESTFILE);

@ -158,7 +158,10 @@ async function run(): Promise<void> {

    const registryWithoutTrailingSlash = registry.replace(/\/$/, "");

-    const creds = `${username}:${password}`;
+    let creds = "";
+    if (username && password) {
+        creds = `${username}:${password}`;
+    }

    let digestFile = digestFileInput;
    const imageNameWithTag = `${imageToPush}:${tagsList[0]}`;
@ -179,8 +182,6 @@ async function run(): Promise<void> {
            "--quiet",
            "--digestfile",
            digestFile,
-            "--creds",
-            creds,
            imageWithTag,
            registryPath,
        ];
@ -194,6 +195,11 @@ async function run(): Promise<void> {
            args.push(`--tls-verify=${tlsVerify}`);
        }

+        // check if registry creds are provided
+        if (creds) {
+            args.push(`--creds=${creds}`);
+        }
+
        await execute(await getPodmanPath(), args);
        core.info(`Successfully pushed "${imageWithTag}" to "${registryPath}"`);