Remove the 'tag a Docker image' action
claudioandre-br opened this issue · 0 comments
claudioandre-br commented
1. Describe the bug
It seems like a bad idea to keep the 'tag Docker image' action active in main
. It requires a permissive policy enabled by default and is not important for the repository's daily activities.
In the future, if we need to tag an image, we can do so using the code below (in a temporary branch).
2. How the final version turned out
For the record:
name: Tag Docker Image
on:
workflow_dispatch:
inputs:
target:
description: "ID of the image to be tagged"
required: true
default: "rolling-2310"
tag:
description: "The tag that will be applied"
required: true
default: "latest"
jobs:
add-tag:
permissions: write-all
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
egress-policy: audit
- name: Log in to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Run script file
run: |
docker pull "ghcr.io/openwall/john:${{ github.event.inputs.target }}"
docker tag "ghcr.io/openwall/john:${{ github.event.inputs.target }}" "ghcr.io/openwall/john:${{ github.event.inputs.tag }}"
docker images
docker push "ghcr.io/openwall/john:${{ github.event.inputs.tag }}"
shell: bash