From 3c13e287e6ccd968567bafd09428421dd2a3ba47 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Sat, 23 Aug 2025 01:38:44 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(all)=20refactor=20Docker?= =?UTF-8?q?=20Hub=20login=20to=20use=20official=20GitHub=20actions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace custom Docker Hub authentication with standard, secure, official GitHub actions for improved security and maintainability. Uses officially supported actions that follow security best practices and receive regular updates from GitHub. Avoid unsecure handling of GitHub secrets. --- .github/workflows/docker-hub.yml | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index 662a03af..f5f7b4af 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -31,7 +31,10 @@ jobs: - name: Login to DockerHub if: github.event_name != 'pull_request' - run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Run trivy scan uses: numerique-gouv/action-trivy-cache@main @@ -64,7 +67,10 @@ jobs: - name: Login to DockerHub if: github.event_name != 'pull_request' - run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Run trivy scan uses: numerique-gouv/action-trivy-cache@main @@ -98,7 +104,10 @@ jobs: - name: Login to DockerHub if: github.event_name != 'pull_request' - run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Run trivy scan uses: numerique-gouv/action-trivy-cache@main @@ -132,7 +141,10 @@ jobs: - name: Login to DockerHub if: github.event_name != 'pull_request' - run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Build and push uses: docker/build-push-action@v6 @@ -160,7 +172,10 @@ jobs: - name: Login to DockerHub if: github.event_name != 'pull_request' - run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Build and push uses: docker/build-push-action@v6