2026-03-25 14:27:40 +08:00
12 changed files with 72 additions and 85 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -5,41 +5,46 @@ on:
    branches:
      - 'master'
      - 'releases/v*'
    paths:
      - '.github/workflows/codeql.yml'
      - 'dist/**'
      - 'src/**'
  pull_request:
    paths:
      - '.github/workflows/codeql.yml'
      - 'dist/**'
      - 'src/**'
 permissions:
  actions: read
  contents: read
  security-events: write
 env:
  NODE_VERSION: "24"
 jobs:
  analyze:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        language:
          - javascript-typescript
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Enable corepack
        run: |
          corepack enable
          yarn --version
      -
        name: Set up Node
        uses: actions/setup-node@v6
        with:
          node-version: ${{ env.NODE_VERSION }}
      -
        name: Initialize CodeQL
        uses: github/codeql-action/init@v4
        with:
-          languages: javascript-typescript
+          languages: ${{ matrix.language }}
-          build-mode: none
+          config: |
            paths:
              - src
      -
        name: Autobuild
        uses: github/codeql-action/autobuild@v4
      -
        name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v4
        with:
-          category: "/language:javascript-typescript"
+          category: "/language:${{matrix.language}}"
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -20,7 +20,7 @@ jobs:
        uses: actions/checkout@v6
      -
        name: Test
-        uses: docker/bake-action@v7
+        uses: docker/bake-action@v6
        with:
          source: .
          targets: test
--- a/.github/workflows/update-dist.yml
+++ b/.github/workflows/update-dist.yml
@ -14,7 +14,7 @@ jobs:
      -
        name: GitHub auth token from GitHub App
        id: docker-read-app
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@v2
        with:
          app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
          private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
@ -28,7 +28,7 @@ jobs:
          token: ${{ steps.docker-read-app.outputs.token || github.token }}
      -
        name: Build
-        uses: docker/bake-action@v7
+        uses: docker/bake-action@v6
        with:
          source: .
          targets: build
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -15,15 +15,15 @@ jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
-      matrix: ${{ steps.generate.outputs.matrix }}
+      targets: ${{ steps.generate.outputs.targets }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
-        name: Generate matrix
+        name: List targets
        id: generate
-        uses: docker/bake-action/subaction/matrix@v7
+        uses: docker/bake-action/subaction/list-targets@v6
        with:
          target: validate
@ -34,10 +34,10 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
    steps:
      -
        name: Validate
-        uses: docker/bake-action@v7
+        uses: docker/bake-action@v6
        with:
          targets: ${{ matrix.target }}
--- a/README.md
+++ b/README.md
@ -51,7 +51,7 @@ jobs:
    steps:
      -
        name: Login to Docker Hub
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
@ -76,7 +76,7 @@ jobs:
    steps:
      -
        name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@ -104,7 +104,7 @@ jobs:
    steps:
      -
        name: Login to GitLab
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: registry.gitlab.com
          username: ${{ vars.GITLAB_USERNAME }}
@ -135,7 +135,7 @@ jobs:
    steps:
      -
        name: Login to ACR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: <registry-name>.azurecr.io
          username: ${{ vars.AZURE_CLIENT_ID }}
@ -183,7 +183,7 @@ jobs:
        service_account: <service_account>
    -
      name: Login to GCR
-      uses: docker/login-action@v4
+      uses: docker/login-action@v3
      with:
        registry: gcr.io
        username: oauth2accesstoken
@ -216,7 +216,7 @@ jobs:
    steps:
      -
        name: Login to GCR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: gcr.io
          username: _json_key
@ -254,7 +254,7 @@ jobs:
          service_account: <service_account>
      -
        name: Login to GAR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: <location>-docker.pkg.dev
          username: oauth2accesstoken
@ -291,7 +291,7 @@ jobs:
    steps:
      -
        name: Login to GAR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: <location>-docker.pkg.dev
          username: _json_key
@ -320,7 +320,7 @@ jobs:
    steps:
      -
        name: Login to ECR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
          username: ${{ vars.AWS_ACCESS_KEY_ID }}
@ -343,7 +343,7 @@ jobs:
    steps:
      -
        name: Login to ECR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
          username: ${{ vars.AWS_ACCESS_KEY_ID }}
@ -377,7 +377,7 @@ jobs:
          aws-region: <region>
      -
        name: Login to ECR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
 ```
@ -404,7 +404,7 @@ jobs:
    steps:
      -
        name: Login to Public ECR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: public.ecr.aws
          username: ${{ vars.AWS_ACCESS_KEY_ID }}
@ -438,7 +438,7 @@ jobs:
    steps:
      -
        name: Login to OCIR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: <region>.ocir.io
          username: ${{ vars.OCI_USERNAME }}
@ -465,7 +465,7 @@ jobs:
    steps:
      -
        name: Login to Quay.io
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: quay.io
          username: ${{ vars.QUAY_USERNAME }}
@ -489,7 +489,7 @@ jobs:
    steps:
      -
        name: Login to DigitalOcean Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: registry.digitalocean.com
          username: ${{ vars.DIGITALOCEAN_USERNAME }}
@ -514,13 +514,13 @@ jobs:
    steps:
      -
        name: Login to Docker Hub
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@ -548,7 +548,7 @@ jobs:
    steps:
      -
        name: Login to registries
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry-auth: |
            - username: ${{ vars.DOCKERHUB_USERNAME }}
@ -596,7 +596,7 @@ jobs:
    steps:
      -
        name: Login to Docker Hub (scoped)
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
--- a/tests/context.test.ts
+++ b/tests/context.test.ts
@ -1,17 +1,6 @@
-import {afterEach, expect, test} from 'vitest';
+import {expect, test} from 'vitest';
 import * as path from 'path';
-import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
+import {getInputs} from '../src/context.js';
 import {getAuthList, getInputs} from '../src/context.js';
 afterEach(() => {
  for (const key of Object.keys(process.env)) {
    if (key.startsWith('INPUT_')) {
      delete process.env[key];
    }
  }
 });
 test('with password and username getInputs does not throw error', async () => {
  process.env['INPUT_USERNAME'] = 'dbowie';
@ -21,15 +10,3 @@ test('with password and username getInputs does not throw error', async () => {
    getInputs();
  }).not.toThrow();
 });
 test('getAuthList uses the default Docker Hub registry when computing scoped config dir', async () => {
  process.env['INPUT_USERNAME'] = 'dbowie';
  process.env['INPUT_PASSWORD'] = 'groundcontrol';
  process.env['INPUT_SCOPE'] = 'myscope';
  process.env['INPUT_LOGOUT'] = 'false';
  const [auth] = getAuthList(getInputs());
  expect(auth).toMatchObject({
    registry: 'docker.io',
    configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope')
  });
 });
--- a/tests/docker.test.ts
+++ b/tests/docker.test.ts
@ -1,10 +1,15 @@
 import {expect, test, vi} from 'vitest';
 import * as path from 'path';
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js';
 import {loginStandard, logout} from '../src/docker.js';
 process.env['RUNNER_TEMP'] = path.join(__dirname, 'runner');
 test('loginStandard calls exec', async () => {
  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
  // @ts-ignore
  const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
    return {
      exitCode: expect.any(Number),
@ -33,6 +38,8 @@ test('loginStandard calls exec', async () => {
 });
 test('logout calls exec', async () => {
  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
  // @ts-ignore
  const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
    return {
      exitCode: expect.any(Number),
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/package.json
+++ b/package.json
@ -25,7 +25,7 @@
    "@actions/core": "^3.0.0",
    "@aws-sdk/client-ecr": "^3.1000.0",
    "@aws-sdk/client-ecr-public": "^3.1000.0",
-    "@docker/actions-toolkit": "^0.79.0",
+    "@docker/actions-toolkit": "^0.77.0",
    "http-proxy-agent": "^7.0.2",
    "https-proxy-agent": "^7.0.6",
    "js-yaml": "^4.1.1"
--- a/src/context.ts
+++ b/src/context.ts
@ -42,26 +42,24 @@ export function getAuthList(inputs: Inputs): Array<Auth> {
  }
  let auths: Array<Auth> = [];
  if (!inputs.registryAuth) {
    const registry = inputs.registry || 'docker.io';
    auths.push({
-      registry,
+      registry: inputs.registry || 'docker.io',
      username: inputs.username,
      password: inputs.password,
      scope: inputs.scope,
      ecr: inputs.ecr || 'auto',
-      configDir: scopeToConfigDir(registry, inputs.scope)
+      configDir: scopeToConfigDir(inputs.registry, inputs.scope)
    });
  } else {
    auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
      core.setSecret(auth.password); // redacted in workflow logs
      const registry = auth.registry || 'docker.io';
      return {
-        registry,
+        registry: auth.registry || 'docker.io',
        username: auth.username,
        password: auth.password,
        scope: auth.scope,
        ecr: auth.ecr || 'auto',
-        configDir: scopeToConfigDir(registry, auth.scope)
+        configDir: scopeToConfigDir(auth.registry || 'docker.io', auth.scope)
      };
    });
  }
--- a/yarn.lock
+++ b/yarn.lock
@ -877,9 +877,9 @@ __metadata:
  languageName: node
  linkType: hard
-"@docker/actions-toolkit@npm:^0.79.0":
+"@docker/actions-toolkit@npm:^0.77.0":
-  version: 0.79.0
+  version: 0.77.0
-  resolution: "@docker/actions-toolkit@npm:0.79.0"
+  resolution: "@docker/actions-toolkit@npm:0.77.0"
  dependencies:
    "@actions/artifact": "npm:^6.2.0"
    "@actions/cache": "npm:^6.0.0"
@ -903,7 +903,7 @@ __metadata:
    semver: "npm:^7.7.4"
    tar-stream: "npm:^3.1.7"
    tmp: "npm:^0.2.5"
-  checksum: 10/d64849ba49b2b59e2e93237a70be03fd7c43b1f7f01bac3f7557616ba5f59be785cb12a273bbb6a71c1e0d959f1bc6c673111b587c57bd2d6da105dcc500921a
+  checksum: 10/f3ae817a5a6827efc63d1a1730e918801a8fa33867cda72bd7a1f78309631c45d91de60bc57985c7520fae168e96daed0fcab0003b5fab9b50bdd7aa355d651b
  languageName: node
  linkType: hard
@ -3145,7 +3145,7 @@ __metadata:
    "@actions/core": "npm:^3.0.0"
    "@aws-sdk/client-ecr": "npm:^3.1000.0"
    "@aws-sdk/client-ecr-public": "npm:^3.1000.0"
-    "@docker/actions-toolkit": "npm:^0.79.0"
+    "@docker/actions-toolkit": "npm:^0.77.0"
    "@eslint/js": "npm:^9.39.3"
    "@types/js-yaml": "npm:^4.0.9"
    "@types/node": "npm:^24.11.0"
@ -3639,9 +3639,9 @@ __metadata:
  linkType: hard
 "flatted@npm:^3.2.9":
-  version: 3.4.2
+  version: 3.3.3
-  resolution: "flatted@npm:3.4.2"
+  resolution: "flatted@npm:3.3.3"
-  checksum: 10/a9e78fe5c2c1fcd98209a015ccee3a6caa953e01729778e83c1fe92e68601a63e1e69cd4e573010ca99eaf585a581b80ccf1018b99283e6cbc2117bcba1e030f
+  checksum: 10/8c96c02fbeadcf4e8ffd0fa24983241e27698b0781295622591fc13585e2f226609d95e422bcf2ef044146ffacb6b68b1f20871454eddf75ab3caa6ee5f4a1fe
  languageName: node
  linkType: hard