🔒️(all) refactor Docker Hub login to use official GitHub actions

Replace custom Docker Hub authentication with standard, secure, official GitHub actions for improved security and maintainability. Uses officially supported actions that follow security best practices and receive regular updates from GitHub. Avoid unsecure handling of GitHub secrets.
2025-08-23 01:38:44 +02:00
parent eee17b6b58
commit 3c13e287e6
1 changed files with 20 additions and 5 deletions
--- a/.github/workflows/docker-hub.yml
+++ b/.github/workflows/docker-hub.yml
@@ -31,7 +31,10 @@ jobs:
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
@@ -64,7 +67,10 @@ jobs:
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
@@ -98,7 +104,10 @@ jobs:
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
@@ -132,7 +141,10 @@ jobs:
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Build and push
        uses: docker/build-push-action@v6
@@ -160,7 +172,10 @@ jobs:
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Build and push
        uses: docker/build-push-action@v6