From ac443d3b6ff9ffa71e3c4ff4e1b7bff41f6d665b Mon Sep 17 00:00:00 2001 From: Quentin BEY Date: Fri, 5 Sep 2025 14:55:17 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(all)=20refactor=20Docker?= =?UTF-8?q?=20Hub=20login=20to=20use=20official=20GitHub=20actions=20Repla?= =?UTF-8?q?ce=20custom=20Docker=20Hub=20authentication=20with=20standard,?= =?UTF-8?q?=20secure,=20official=20GitHub=20actions=20for=20improved=20sec?= =?UTF-8?q?urity=20and=20maintainability.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Uses officially supported actions that follow security best practices and receive regular updates from GitHub. Avoid unsecure handling of GitHub secrets. Thanks to @lebaudantoine --- .github/workflows/docker-hub.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index c65a3af..ee5ed83 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -58,7 +58,10 @@ jobs: - name: Login to DockerHub if: github.event_name != 'pull_request' - run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: create-version-json id: create-version-json uses: jsdaniell/create-json@v1.2.3 @@ -99,7 +102,10 @@ jobs: - name: Login to DockerHub if: github.event_name != 'pull_request' - run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Build and push uses: docker/build-push-action@v6