Merge pull request #1035 from crazy-max/fix-registry-auth-empty-mask

skip empty registry-auth secret mask
This commit is contained in:
CrazyMax
2026-07-03 14:56:11 +02:00
committed by GitHub
4 changed files with 42 additions and 5 deletions
+36 -1
View File
@@ -1,4 +1,4 @@
import {afterEach, expect, test} from 'vitest';
import {afterEach, expect, test, vi} from 'vitest';
import * as path from 'path';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
@@ -6,6 +6,7 @@ import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
import {getAuthList, getInputs} from '../src/context.js';
afterEach(() => {
vi.restoreAllMocks();
for (const key of Object.keys(process.env)) {
if (key.startsWith('INPUT_')) {
delete process.env[key];
@@ -33,3 +34,37 @@ test('getAuthList uses the default Docker Hub registry when computing scoped con
configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope')
});
});
test('getAuthList skips secret masking when registry-auth password is absent', async () => {
const stdoutWriteSpy = vi.spyOn(process.stdout, 'write').mockImplementation(() => true);
const [auth] = getAuthList({
registry: '',
username: '',
password: '',
scope: '',
ecr: '',
logout: true,
registryAuth: '- registry: public.ecr.aws\n'
});
expect(stdoutWriteSpy.mock.calls.map(call => call[0]).join('')).not.toContain('::add-mask::');
expect(auth).toMatchObject({
registry: 'public.ecr.aws',
ecr: 'auto'
});
});
test('getAuthList masks registry-auth password when present', async () => {
const stdoutWriteSpy = vi.spyOn(process.stdout, 'write').mockImplementation(() => true);
getAuthList({
registry: '',
username: '',
password: '',
scope: '',
ecr: '',
logout: true,
registryAuth: '- registry: ghcr.io\n username: dbowie\n password: groundcontrol\n'
});
expect(stdoutWriteSpy.mock.calls.map(call => call[0]).join('')).toContain('::add-mask::groundcontrol');
});
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+2 -2
View File
File diff suppressed because one or more lines are too long
+3 -1
View File
@@ -53,7 +53,9 @@ export function getAuthList(inputs: Inputs): Array<Auth> {
});
} else {
auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
core.setSecret(auth.password); // redacted in workflow logs
if (auth.password) {
core.setSecret(auth.password); // redacted in workflow logs
}
const registry = auth.registry || 'docker.io';
return {
registry,