Make input username and password optional

If user has authenticated to container image registry
before running this action, then it's not required
to provide username and password in this action

Signed-off-by: divyansh42 <diagrawa@redhat.com>

.github/workflows/verify-push.yaml

@@ -86,6 +86,16 @@ jobs:
             spring-petclinic-*.jar
           port: 8080
           oci: 'true'
+        env:
+          STORAGE_OPTS: "overlay.mount_program=/usr/bin/fuse-overlayfs"
+
+      # Authenticate to container image registry to push the image
+      - name: Podman Login
+        uses: redhat-actions/podman-login@v1
+        with:
+          registry: quay.io
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
 
       # Push the image to Quay.io (Image Registry)
       - name: Push To Quay
@@ -95,8 +105,6 @@ jobs:
           image: ${{ steps.build_image.outputs.image }}
           tags: ${{ steps.build_image.outputs.tags }}
           registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
-          username: ${{ secrets.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_PASSWORD }}
           extra-args: |
             --disable-content-trust
 

README.md

@@ -9,7 +9,7 @@
 [![license badge](https://img.shields.io/github/license/redhat-actions/push-to-registry)](./LICENSE)
 [![size badge](https://img.shields.io/github/size/redhat-actions/push-to-registry/dist/index.js)](./dist)
 
-Push-to-registry is a GitHub Action for pushing a container image to an image registry, such as Dockerhub, Quay.io, the GitHub Container Registry, or an OpenShift integrated registry.
+Push-to-registry is a GitHub Action for pushing a container image to an image registry, such as Dockerhub, quay.io, the GitHub Container Registry, or an OpenShift integrated registry.
 
 This action only runs on Linux, as it uses [podman](https://github.com/containers/Podman) to perform the push. [GitHub's Ubuntu action runners](https://github.com/actions/virtual-environments#available-environments) come with Podman preinstalled. If you are not using those runners, you must first [install Podman](https://podman.io/getting-started/installation).
 
@@ -17,72 +17,16 @@ This action only runs on Linux, as it uses [podman](https://github.com/container
 
 Refer to the [`podman push`](http://docs.podman.io/en/latest/markdown/podman-manifest-push.1.html) documentation for more information.
 
-<table>
+| Input Name | Description | Default |
-  <thead>
+| ---------- | ----------- | ------- |
-    <tr>
+| image	| Name of the image you want to push. | **Required**
-      <th>Input</th>
+| tags | The tag or tags of the image to push. For multiple tags, seperate by a space. For example, `latest ${{ github.sha }}` | `latest`
-      <th>Required</th>
+| registry | URL of the registry to push the image to. Eg. `quay.io/<username>` | **Required**
-      <th>Description</th>
+| username | Username with which to authenticate to the registry. | None
-    </tr>
+| password | Password, encrypted password, or access token with which to authenticate to the registry. | None
-  </thead>
+| tls-verify | Verify TLS certificates when contacting the registry. Set to `false` to skip certificate verification. | `true`
-
+| digestfile | After copying the image, write the digest of the resulting image to the file. The contents of this file are the digest output. | Auto determined from image and tag
-  <tr>
+| extra-args | Extra args to be passed to podman push. Separate arguments by newline. Do not use quotes. | None
-    <td>image</td>
-    <td>Yes</td>
-    <td>
-      Name of the image you want to push.
-    </td>
-  </tr>
-
-  <tr>
-    <td>tags</td>
-    <td>No</td>
-    <td>
-      The tag or tags of the image to push. For multiple tags, seperate by a space. For example, <code>latest ${{ github.sha }}</code><br>
-      Defaults to <code>latest</code>.
-    </td>
-  </tr>
-
-  <tr>
-    <td>registry</td>
-    <td>Yes</td>
-    <td>URL of the registry to push the image to.<br>
-    Eg. <code>quay.io/&lt;username&gt;</code></td>
-  </tr>
-
-  <tr>
-    <td>username</td>
-    <td>Yes</td>
-    <td>Username with which to authenticate to the registry.</td>
-  </tr>
-
-  <tr>
-    <td>password</td>
-    <td>Yes</td>
-    <td>Password, encrypted password, or access token with which to authenticate to the registry.</td>
-  </tr>
-
-   <tr>
-    <td>tls-verify</td>
-    <td>No</td>
-    <td>Verify TLS certificates when contacting the registry. Set to "false" to skip certificate verification.</td>
-  </tr>
-
-  <tr>
-    <td>digestfile</td>
-    <td>No</td>
-    <td>After copying the image, write the digest of the resulting image to the file. By default, the filename will be determined from the image and tag.
-    The contents of this file are the <code>digest</code> output.</td>
-  </tr>
-
-  <tr>
-    <td>extra-args</td>
-    <td>No</td>
-    <td>Extra args to be passed to podman push.
-      Separate arguments by newline. Do not use quotes.</td>
-  </tr>
-
-</table>
 
 ## Action Outputs
 
@@ -97,7 +41,7 @@ For example, `[ quay.io/username/spring-image:v1, quay.io/username/spring-image:
 
 ## Examples
 
-The example below shows how the `push-to-registry` action can be used to push an image created by the [buildah-build](https://github.com/redhat-actions/buildah-build) action.
+The example below shows how the `push-to-registry` action can be used to push an image created by the **[buildah-build](https://github.com/redhat-actions/buildah-build)** action. **[podman-login](https://github.com/redhat-actions/podman-login)** action is used here to authenticate to quay.io to push the built image.
 
 ```yaml
 name: Build and Push Image
@@ -110,6 +54,8 @@ jobs:
     env:
       IMAGE_NAME: my-app
       IMAGE_TAGS: latest v1
+      REGISTRY_USER: quayuser
+      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
 
     steps:
     - uses: actions/checkout@v2
@@ -124,15 +70,20 @@ jobs:
         dockerfiles: |
           ./Dockerfile
 
-    - name: Push To Quay
+    - name: Log in to quay.io
+      uses: redhat-actions/podman-login@v1
+      with:
+        username: ${{ env.REGISTRY_USER }}
+        password: ${{ env.REGISTRY_PASSWORD }}
+        registry: quay.io
+
+    - name: Push To quay.io
       id: push-to-quay
       uses: redhat-actions/push-to-registry@v2
       with:
         image: ${{ steps.build-image.outputs.image }}
         tags: ${{ steps.build-image.outputs.tags }}
         registry: ${{ secrets.QUAY_REPO }}
-        username: ${{ secrets.QUAY_USERNAME }}
-        password: ${{ secrets.QUAY_TOKEN }}
 
     - name: Use the image
       run: echo "New image has been pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"

action.yml

@@ -17,10 +17,10 @@ inputs:
     required: true
   username:
     description: 'Username to use as credential to authenticate to the registry'
-    required: true
+    required: false
   password:
     description: 'Password to use as credential to authenticate to the registry'
-    required: true
+    required: false
   tls-verify:
     description: 'Verify TLS certificates when contacting the registry'
     required: false

src/generated/inputs-outputs.ts

@@ -23,7 +23,7 @@ export enum Inputs {
     IMAGE = "image",
     /**
      * Password to use as credential to authenticate to the registry
-     * Required: true
+     * Required: false
      * Default: None.
      */
     PASSWORD = "password",
@@ -47,7 +47,7 @@ export enum Inputs {
     TLS_VERIFY = "tls-verify",
     /**
      * Username to use as credential to authenticate to the registry
-     * Required: true
+     * Required: false
      * Default: None.
      */
     USERNAME = "username",

src/index.ts

@@ -49,8 +49,8 @@ async function run(): Promise<void> {
         tagsList.push(DEFAULT_TAG);
     }
     const registry = core.getInput(Inputs.REGISTRY, { required: true });
-    const username = core.getInput(Inputs.USERNAME, { required: true });
+    const username = core.getInput(Inputs.USERNAME);
-    const password = core.getInput(Inputs.PASSWORD, { required: true });
+    const password = core.getInput(Inputs.PASSWORD);
     const tlsVerify = core.getInput(Inputs.TLS_VERIFY);
     const digestFileInput = core.getInput(Inputs.DIGESTFILE);
 
@@ -158,7 +158,10 @@ async function run(): Promise<void> {
 
     const registryWithoutTrailingSlash = registry.replace(/\/$/, "");
 
-    const creds = `${username}:${password}`;
+    let creds = "";
+    if (username && password) {
+        creds = `${username}:${password}`;
+    }
 
     let digestFile = digestFileInput;
     const imageNameWithTag = `${imageToPush}:${tagsList[0]}`;
@@ -179,8 +182,6 @@ async function run(): Promise<void> {
             "--quiet",
             "--digestfile",
             digestFile,
-            "--creds",
-            creds,
             imageWithTag,
             registryPath,
         ];
@@ -194,6 +195,11 @@ async function run(): Promise<void> {
             args.push(`--tls-verify=${tlsVerify}`);
         }
 
+        // check if registry creds are provided
+        if (creds) {
+            args.push(`--creds=${creds}`);
+        }
+
         await execute(await getPodmanPath(), args);
         core.info(`Successfully pushed "${imageWithTag}" to "${registryPath}"`);