cicd/login-action
1
0
Fork 0
mirror of https://github.com/docker/login-action.git synced 2025-10-31 01:40:11 +08:00
Code Issues Projects Wiki Activity

Merge 810869f3bb into 327cd5a69d

Browse Source
This commit is contained in:
Fedor Dikarev 2025-01-24 12:34:07 +00:00 committed by GitHub
commit 9dbb803b69
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 150 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
README.md
View File

@ -148,7 +148,7 @@ jobs:
> Google Container Registry. As a fully-managed service with support for both
> container images and non-container artifacts. If you currently use Google
> Container Registry, use the information [on this page](https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr)
> to learn about transitioning to Google Artifact Registry.
> to learn about transitioning to Google Artifact Registry.
You can authenticate with workload identity federation or a service account.
@ -421,7 +421,7 @@ must be placed in format `<tenancy>/<username>` (in case of federated tenancy us
For password [create an auth token](https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/registry/index.html#GetanAuthToken).
Save username and token [as a secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
in your GitHub repo.
in your GitHub repo.
```yaml
name: ci
@ -500,13 +500,16 @@ jobs:
The following inputs can be used as `step.with` keys:
| Name | Type | Default | Description |
|------------|--------|---------|-------------------------------------------------------------------------------|
| `registry` | String | | Server address of Docker registry. If not set then will default to Docker Hub |
| `username` | String | | Username for authenticating to the Docker registry |
| `password` | String | | Password or personal access token for authenticating the Docker registry |
| `ecr` | String | `auto` | Specifies whether the given registry is ECR (`auto`, `true` or `false`) |
| `logout` | Bool | `true` | Log out from the Docker registry at the end of a job |
| Name | Type | Default | Description |
|-----------------------|--------|---------|-------------------------------------------------------------------------------|
| `registry` | String | | Server address of Docker registry. If not set then will default to Docker Hub |
| `username` | String | | Username for authenticating to the Docker registry |
| `password` | String | | Password or personal access token for authenticating the Docker registry |
| `ecr` | String | `auto` | Specifies whether the given registry is ECR (`auto`, `true` or `false`) |
| `logout` | Bool | `true` | Log out from the Docker registry at the end of a job |
| `http-codes-to-retry` | String | `408,500,502,504` | Comma separated list of HTTP error codes we want to retry |
| `max-attempts` | String | `1` | Overall maximum number of attempts we could make (`1` means no retries) |
| `retry-timeout` | String | `15` | Timeout between retries, in seconds |
## Contributing

46
__tests__/retries_fail.test.ts Normal file
View File

@ -0,0 +1,46 @@
import {expect, jest, test} from '@jest/globals';
import {login} from '../src/docker';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
test('login retries function', async () => {
let stderrStrings: string[] = [];
let callCount: number = -1;
// using spyOn() here isn't enough, as we alter the logic
// so use `jest.fn()` here for the `Docker.getExecOutput`
Docker.getExecOutput = jest.fn(async () => {
callCount++;
console.log(`Mock: ${callCount}, ${stderrStrings}`);
if (callCount >= stderrStrings.length) {
return {
exitCode: 0,
stdout: 'Mock success',
stderr: ''
};
}
return {
exitCode: 1,
stdout: '',
stderr: stderrStrings[callCount % stderrStrings.length]
};
});
const username = 'dbowie';
const password = 'groundcontrol';
const registry = 'https://ghcr.io';
stderrStrings = ['mock error, failed with status: 408 Request Timeout', 'mock error, failed with status: 502 Request Timeout', 'mock error, failed with status: 400 Request Timeout'];
callCount = -1;
await expect(async () => {
await login(registry, username, password, 'false', ['408', '400'], 5, 0.1);
}).rejects.toThrow('mock error, failed with status: 502 Request Timeout');
expect(Docker.getExecOutput).toHaveBeenCalledTimes(2);
stderrStrings = ['not matching error', 'mock error, failed with status: 502 Request Timeout', 'mock error, failed with status: 400 Request Timeout'];
callCount = -1;
await expect(async () => {
await login(registry, username, password, 'false', ['408', '400'], 5, 0.1);
}).rejects.toThrow('not matching error');
expect(Docker.getExecOutput).toHaveBeenCalledTimes(2 + 1);
});

42
__tests__/retries_success.test.ts Normal file
View File

@ -0,0 +1,42 @@
import {expect, jest, test} from '@jest/globals';
import {login} from '../src/docker';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
test('login retries success function', async () => {
let stderrStrings: string[] = [];
let callCount: number = -1;
// using spyOn() here isn't enough, as we alter the logic
// so use `jest.fn()` here for the `Docker.getExecOutput`
Docker.getExecOutput = jest.fn(async () => {
callCount++;
console.log(`Mock: ${callCount}, ${stderrStrings}`);
if (callCount >= stderrStrings.length) {
return {
exitCode: 0,
stdout: 'Mock success',
stderr: ''
};
}
return {
exitCode: 1,
stdout: '',
stderr: stderrStrings[callCount % stderrStrings.length]
};
});
const username = 'dbowie';
const password = 'groundcontrol';
const registry = 'https://ghcr.io';
stderrStrings = [];
callCount = -1;
await login(registry, username, password, 'false', ['408', '502', '400'], 5, 0.1);
expect(Docker.getExecOutput).toHaveBeenCalledTimes(1);
stderrStrings = ['mock error, failed with status: 408 Request Timeout', 'mock error, failed with status: 502 Request Timeout', 'mock error, failed with status: 400 Request Timeout'];
callCount = -1;
await login(registry, username, password, 'false', ['408', '502', '400'], 5, 0.1);
expect(Docker.getExecOutput).toHaveBeenCalledTimes(1 + 4);
});

11
action.yml
View File

@ -24,6 +24,17 @@ inputs:
description: 'Log out from the Docker registry at the end of a job'
default: 'true'
required: false
http-codes-to-retry:
description: 'Comma separated list of HTTP error codes we want to retry'
default: '408,500,502,504'
max-attempts:
description: 'Overall maximum number of attempts we will make trying to login'
default: '1'
required: false
retry-timeout:
description: 'Timeout between retries, in seconds'
default: '15'
required: false
runs:
using: 'node20'

2
dist/index.js generated vendored
View File

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

8
src/context.ts
View File

@ -6,6 +6,9 @@ export interface Inputs {
password: string;
ecr: string;
logout: boolean;
httpCodesToRetry: string[];
maxAttempts: number;
retryTimeout: number;
}
export function getInputs(): Inputs {
@ -14,6 +17,9 @@ export function getInputs(): Inputs {
username: core.getInput('username'),
password: core.getInput('password'),
ecr: core.getInput('ecr'),
logout: core.getBooleanInput('logout')
logout: core.getBooleanInput('logout'),
httpCodesToRetry: core.getInput('http-codes-to-retry').split(','),
maxAttempts: Number.parseInt(core.getInput('max-attempts')),
retryTimeout: Number.parseInt(core.getInput('retry-timeout'))
};
}

34
src/docker.ts
View File

@ -3,11 +3,24 @@ import * as core from '@actions/core';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
export async function login(registry: string, username: string, password: string, ecr: string): Promise<void> {
if (/true/i.test(ecr) || (ecr == 'auto' && aws.isECR(registry))) {
await loginECR(registry, username, password);
} else {
await loginStandard(registry, username, password);
export async function login(registry: string, username: string, password: string, ecr: string, httpCodesToRetry: string[], maxAttempts: number, retryTimeout: number): Promise<void> {
let succeeded: boolean = false;
for (let attempt = 1; attempt <= maxAttempts && !succeeded; attempt++) {
try {
if (/true/i.test(ecr) || (ecr == 'auto' && aws.isECR(registry))) {
await loginECR(registry, username, password);
} else {
await loginStandard(registry, username, password);
}
succeeded = true;
} catch (error) {
if (attempt < maxAttempts && isRetriableError(error.message, httpCodesToRetry)) {
core.info(`Attempt ${attempt} out of ${maxAttempts} failed, retrying after ${retryTimeout} seconds`);
await new Promise(r => setTimeout(r, retryTimeout * 1000));
} else {
throw error;
}
}
}
}
@ -21,6 +34,17 @@ export async function logout(registry: string): Promise<void> {
});
}
function isRetriableError(errorMessage: string, httpCodesToRetry: string[]): boolean {
for (const errCode of httpCodesToRetry) {
if (errorMessage.includes('failed with status: ' + errCode)) {
core.info(`Retryable match found in ${errorMessage} for retryable code: ${errCode}`);
return true;
}
}
core.info(`No matches in ${errorMessage} when lookging for retryable codes: ${httpCodesToRetry}`);
return false;
}
export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
if (!username && !password) {
throw new Error('Username and password required');

2
src/main.ts
View File

@ -8,7 +8,7 @@ export async function main(): Promise<void> {
const input: context.Inputs = context.getInputs();
stateHelper.setRegistry(input.registry);
stateHelper.setLogout(input.logout);
await docker.login(input.registry, input.username, input.password, input.ecr);
await docker.login(input.registry, input.username, input.password, input.ecr, input.httpCodesToRetry, input.maxAttempts, input.retryTimeout);
}
async function post(): Promise<void> {