I have a project where I use GitHub Actions to build and push my image to the Docker registry. I use a shell script to do the Docker login and I get this message:
WARNING! Your password will be stored unencrypted in $HOME.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
So right now what I'm doing is to just delete the config.json after the build completes. The documentation says that I should use one of the credential store, but how should I go about doing it? Here is what I'm doing right now. Not sure if this is enough?
echo "Attempting log in to $DOCKER_REGISTRY_URL"
# Use Credential store to avoid unencrypted password showing un in $HOME/.docker/config.json
echo '{ "credsStore": "pass" }' | tee "$HOME".docker/config.json
echo "$DOCKER_REGISTRY_PASSWORD" | docker login -u "$DOCKER_REGISTRY_USERNAME" --password-stdin
echo "Successfully logged into Docker hub $DOCKER_REGISTRY_URL"
As suggested by @GuiFalourd, I ended up using the Docker Login GitHub action while retaining the rest of my interactions with Docker in my shell script.
Please note that the password should actually be a personal access token.
Here is the snippet:
- name: docker-login
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
- name: docker-push
env:
GH_REPO: github.com/${{ env.USER }}/${{ env.DEPLOYMENT_REPO_NAME }}
API_TOKEN: ${{ secrets.API_TOKEN }}
DOCKER_APP_URL: ${{ env.DOCKER_REGISTRY_URL }}/${{ env.USER }}/plant-simulator
run: |
echo "Running sbt assembly for release version $RELEASE_VERSION"
sbt "set test in assembly := {}" assembly
bash docker/docker_push.sh && \
bash ./.github/scripts/tag_deployment