tidy up login password secrets

dotmh · Jun 19, 2024 · 346c6ae · 346c6ae
1 parent 0d8fa12
commit 346c6ae
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 19 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -25,11 +25,15 @@ jobs:
           - name: Build base container
             run: just build
           - name: Publish base container
-            run: just action-publish devcontainer ${{ github.actor }} ${{secrets.GITHUB_TOKEN}}
+            run: just action-publish devcontainer ${{ github.actor }}
+            env: 
+              DOCKER_GIT_LOGIN: ${{secrets.GITHUB_TOKEN}}
           - name: Build base cloud container
             run: just build devcontainer-cloud Cloud.Dockerfile
           - name: Publish base cloud container
-            run: just action-publish devcontainer-cloud ${{ github.actor }} ${{secrets.GITHUB_TOKEN}}
+            run: just action-publish devcontainer-cloud ${{ github.actor }}
+            env: 
+              DOCKER_GIT_LOGIN: ${{secrets.GITHUB_TOKEN}}
 
     publish-rocky-bases:
       runs-on: ubuntu-latest
@@ -45,11 +49,15 @@ jobs:
           - name: Build Rocky Linux base
             run: just build devcontainer-rocky Rocky.Dockerfile
           - name: Publish Rocky Linux base
-            run: just action-publish devcontainer-rocky ${{ github.actor }} ${{secrets.GITHUB_TOKEN}}
+            run: just action-publish devcontainer-rocky ${{ github.actor }}
+            env: 
+              DOCKER_GIT_LOGIN: ${{secrets.GITHUB_TOKEN}}
           - name: Build Rocky Linux Cloud
             run: just build devcontainer-rocky-cloud Rocky.Cloud.Dockerfile
           - name: Publish Rocky Linux Cloud
-            run: just action-publish devcontainer-rocky-cloud ${{ github.actor }} ${{secrets.GITHUB_TOKEN}}
+            run: just action-publish devcontainer-rocky-cloud ${{ github.actor }}
+            env: 
+              DOCKER_GIT_LOGIN: ${{secrets.GITHUB_TOKEN}}
 
     publishes-dev-containers:
       runs-on: ubuntu-latest
@@ -79,11 +87,15 @@ jobs:
           with:
             just-version: 1.5.0
         - name: Login into the registry
-          run: just action-login ${{github.actor}} ${{secrets.GITHUB_TOKEN}}
+          run: just login ${{github.actor}}
+          env: 
+            DOCKER_GIT_LOGIN: ${{secrets.GITHUB_TOKEN}}
         - name: Build base container
           run: just build ${{matrix.base}}-${{matrix.container.container}} ${{matrix.container.file}} ${{matrix.base}}
         - name: Publish base container
-          run: just action-publish ${{matrix.base}}-${{matrix.container.container}} ${{github.actor}} ${{secrets.GITHUB_TOKEN}}
+          run: just action-publish ${{matrix.base}}-${{matrix.container.container}} ${{github.actor}}
+          env: 
+            DOCKER_GIT_LOGIN: ${{secrets.GITHUB_TOKEN}}
 
     publish-templates:
       runs-on: ubuntu-latest
@@ -100,6 +112,5 @@ jobs:
               publish-templates: "true"
               base-path-to-templates: "./devcontainers"
               generate-docs: "true"
-
             env:
-              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/devcontainers/cloud/.devcontainer/devcontainer.json b/devcontainers/cloud/.devcontainer/devcontainer.json
@@ -0,0 +1,4 @@
+{
+    "name" : "DotMH Cloud Core",
+    "image" : "ghcr.io/dotmh/devcontainer-cloud:latest"
+}
diff --git a/justfile b/justfile
@@ -16,26 +16,20 @@ run CONTAINER=devcontainer:
     @echo "running {{CONTAINER}} version {{version}}"
     docker run -it {{namespace}}/{{CONTAINER}}:{{version}} /bin/zsh
 
-# Publish a docker container to the registry
-publish CONTAINER=devcontainer: mac-unlock && (_publish CONTAINER)
-    echo $DOCKER_GIT_LOGIN | docker login {{registry}} --username {{namespace}} --password-stdin
-
 # Runs a Trivy scan on the container
 scan CONTAINER=devcontainer:
     mkdir -p {{reports}}
     which -s trivy && trivy image {{namespace}}/{{CONTAINER}} --output {{reports}}/{{CONTAINER}}-scan.log
 
-# Publish within a Github action to the registry
-# action-publish CONTAINER USERNAME PASSWORD: && (_publish CONTAINER)
-#     docker login {{registry}} --username {{USERNAME}} --password {{PASSWORD}}
+# Publish a docker container to the registry
+publish USERNAME CONTAINER=devcontainer: mac-unlock (login USERNAME) && (_publish CONTAINER)
 
 # Publish within a Github action to the registry
-action-publish CONTAINER USERNAME PASSWORD : (action-login USERNAME PASSWORD) && (_publish CONTAINER)
+action-publish CONTAINER USERNAME PASSWORD : (login USERNAME) && (_publish CONTAINER)
 
 # Login to the registry within Github action to the registry
-action-login USERNAME PASSWORD:
-    docker login {{registry}} --username {{USERNAME}} --password {{PASSWORD}}
-
+login USERNAME:
+    echo $DOCKER_GIT_LOGIN | docker login {{registry}} --username {{USERNAME}} --password-stdin
 
 # Show the version of the repo
 version: