secrets in the docker push action require values (unlike build args)

springernature · Sep 12, 2023 · bdac6a0 · bdac6a0
1 parent aa86312
commit bdac6a0
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 24 deletions.
diff --git a/.github/workflows/for-dependabot-to-check.yml b/.github/workflows/for-dependabot-to-check.yml
@@ -164,9 +164,9 @@ jobs:
         provenance: false
         push: true
         secrets: |
-          ARTIFACTORY_PASSWORD
-          ARTIFACTORY_URL
-          ARTIFACTORY_USERNAME
+          ARTIFACTORY_PASSWORD=${{ secrets.EE_ARTIFACTORY_PASSWORD }}
+          ARTIFACTORY_URL=${{ secrets.EE_ARTIFACTORY_URL }}
+          ARTIFACTORY_USERNAME=${{ secrets.EE_ARTIFACTORY_USERNAME }}
         tags: eu.gcr.io/halfpipe-io/cache/blah:${{ env.GIT_REVISION }}
     - name: Run Trivy vulnerability scanner
       uses: docker://aquasec/trivy

diff --git a/defaults/task_docker_push.go b/defaults/task_docker_push.go
@@ -37,9 +37,9 @@ func dockerPushDefaulter(original manifest.DockerPush, man manifest.Manifest, de
 		updated.Secrets["ARTIFACTORY_PASSWORD"] = defaults.Artifactory.Password
 	}
 	if man.Platform.IsActions() {
-		updated.Secrets["ARTIFACTORY_URL"] = ""
-		updated.Secrets["ARTIFACTORY_USERNAME"] = ""
-		updated.Secrets["ARTIFACTORY_PASSWORD"] = ""
+		updated.Secrets["ARTIFACTORY_URL"] = "${{ secrets.EE_ARTIFACTORY_URL }}"
+		updated.Secrets["ARTIFACTORY_USERNAME"] = "${{ secrets.EE_ARTIFACTORY_USERNAME }}"
+		updated.Secrets["ARTIFACTORY_PASSWORD"] = "${{ secrets.EE_ARTIFACTORY_PASSWORD }}"
 	}
 
 	return updated

diff --git a/e2e/actions/deploy-katee/workflowExpected.yml b/e2e/actions/deploy-katee/workflowExpected.yml
@@ -50,9 +50,9 @@ jobs:
         provenance: false
         push: true
         secrets: |
-          ARTIFACTORY_PASSWORD
-          ARTIFACTORY_URL
-          ARTIFACTORY_USERNAME
+          ARTIFACTORY_PASSWORD=${{ secrets.EE_ARTIFACTORY_PASSWORD }}
+          ARTIFACTORY_URL=${{ secrets.EE_ARTIFACTORY_URL }}
+          ARTIFACTORY_USERNAME=${{ secrets.EE_ARTIFACTORY_USERNAME }}
         tags: eu.gcr.io/halfpipe-io/cache/halfpipe-team/someImage:${{ env.GIT_REVISION }}
     - name: Run Trivy vulnerability scanner
       uses: docker://aquasec/trivy

diff --git a/e2e/actions/docker-push/workflowExpected.yml b/e2e/actions/docker-push/workflowExpected.yml
@@ -85,9 +85,9 @@ jobs:
         provenance: false
         push: true
         secrets: |
-          ARTIFACTORY_PASSWORD
-          ARTIFACTORY_URL
-          ARTIFACTORY_USERNAME
+          ARTIFACTORY_PASSWORD=${{ secrets.EE_ARTIFACTORY_PASSWORD }}
+          ARTIFACTORY_URL=${{ secrets.EE_ARTIFACTORY_URL }}
+          ARTIFACTORY_USERNAME=${{ secrets.EE_ARTIFACTORY_USERNAME }}
         tags: eu.gcr.io/halfpipe-io/cache/someImage:${{ env.GIT_REVISION }}
     - name: Run Trivy vulnerability scanner
       uses: docker://aquasec/trivy
@@ -171,9 +171,9 @@ jobs:
         provenance: false
         push: true
         secrets: |
-          ARTIFACTORY_PASSWORD
-          ARTIFACTORY_URL
-          ARTIFACTORY_USERNAME
+          ARTIFACTORY_PASSWORD=${{ secrets.EE_ARTIFACTORY_PASSWORD }}
+          ARTIFACTORY_URL=${{ secrets.EE_ARTIFACTORY_URL }}
+          ARTIFACTORY_USERNAME=${{ secrets.EE_ARTIFACTORY_USERNAME }}
         tags: eu.gcr.io/halfpipe-io/cache/dockerhubusername/someImage:${{ env.GIT_REVISION }}
     - name: Run Trivy vulnerability scanner
       uses: docker://aquasec/trivy
@@ -237,9 +237,9 @@ jobs:
         provenance: false
         push: true
         secrets: |
-          ARTIFACTORY_PASSWORD
-          ARTIFACTORY_URL
-          ARTIFACTORY_USERNAME
+          ARTIFACTORY_PASSWORD=${{ secrets.EE_ARTIFACTORY_PASSWORD }}
+          ARTIFACTORY_URL=${{ secrets.EE_ARTIFACTORY_URL }}
+          ARTIFACTORY_USERNAME=${{ secrets.EE_ARTIFACTORY_USERNAME }}
         tags: eu.gcr.io/halfpipe-io/cache/someImage:${{ env.GIT_REVISION }}
     - name: Run Trivy vulnerability scanner
       uses: docker://aquasec/trivy
@@ -305,9 +305,9 @@ jobs:
         provenance: false
         push: true
         secrets: |
-          ARTIFACTORY_PASSWORD
-          ARTIFACTORY_URL
-          ARTIFACTORY_USERNAME
+          ARTIFACTORY_PASSWORD=${{ secrets.EE_ARTIFACTORY_PASSWORD }}
+          ARTIFACTORY_URL=${{ secrets.EE_ARTIFACTORY_URL }}
+          ARTIFACTORY_USERNAME=${{ secrets.EE_ARTIFACTORY_USERNAME }}
         tags: |-
           eu.gcr.io/halfpipe-io/cache/someImage:${{ env.GIT_REVISION }}
           eu.gcr.io/halfpipe-io/cache/someImage:buildcache
@@ -379,9 +379,9 @@ jobs:
         provenance: false
         push: true
         secrets: |
-          ARTIFACTORY_PASSWORD
-          ARTIFACTORY_URL
-          ARTIFACTORY_USERNAME
+          ARTIFACTORY_PASSWORD=${{ secrets.EE_ARTIFACTORY_PASSWORD }}
+          ARTIFACTORY_URL=${{ secrets.EE_ARTIFACTORY_URL }}
+          ARTIFACTORY_USERNAME=${{ secrets.EE_ARTIFACTORY_USERNAME }}
           C=${{ steps.secrets.outputs.springernature_data_halfpipe-team_secret_c }}
           D=d
         tags: eu.gcr.io/halfpipe-io/cache/someImage:${{ env.GIT_REVISION }}