From 29739f3d4d55bcefc8019e97a0cae2ba22148133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christopher=20M=C3=BChl?= Date: Wed, 4 Mar 2026 14:56:40 +0100 Subject: [PATCH] feat: make registry auth optional in docker-build-nix Support unauthenticated registries (e.g., Tailscale-protected internal registries) by making username/password optional. Only passes credentials to skopeo if both are provided. Co-Authored-By: Claude Sonnet 4.5 --- docker-build-nix/action.yaml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/docker-build-nix/action.yaml b/docker-build-nix/action.yaml index 9c24d52..e12a787 100644 --- a/docker-build-nix/action.yaml +++ b/docker-build-nix/action.yaml @@ -21,13 +21,14 @@ inputs: default: 'registry.toph.so' registry-username: - description: 'Registry username' + description: 'Registry username (optional for unauthenticated registries)' required: false - default: ${{ gitea.actor }} + default: '' registry-password: - description: 'Registry password/token' - required: true + description: 'Registry password/token (optional for unauthenticated registries)' + required: false + default: '' cache-name: description: 'Attic cache name to push build artifacts' @@ -86,8 +87,11 @@ runs: TARGET_IMAGE="docker://${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.image-tag }}" echo "Pushing OCI image to: $TARGET_IMAGE" + # Build skopeo command with optional credentials + SKOPEO_CMD="skopeo copy" + if [ -n "${{ inputs.registry-username }}" ] && [ -n "${{ inputs.registry-password }}" ]; then + SKOPEO_CMD="$SKOPEO_CMD --dest-creds ${{ inputs.registry-username }}:${{ inputs.registry-password }}" + fi + # Use skopeo to push directly from OCI tarball to registry - skopeo copy \ - --dest-creds "${{ inputs.registry-username }}:${{ inputs.registry-password }}" \ - "docker-archive:./result" \ - "$TARGET_IMAGE" + $SKOPEO_CMD "docker-archive:./result" "$TARGET_IMAGE"