ci: Use the Docker login action for GHCR auth (#5091)

Use the `docker/login-action` action and the default `GITHUB_TOKEN` for setting up the GHCR credentials for Flux and Cosign to be able to push OCI artifacts to ` ghcr.io/kyverno/manifests/kyverno`. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-03-31 03:45:17 +00:00 · 2022-10-20 21:23:27 +03:00 · 2022-10-20 21:23:27 +03:00 · 96f0523d5a
commit 96f0523d5a
parent 7735ac3f83
1 changed files with 16 additions and 13 deletions
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -140,27 +140,30 @@ jobs:
          file: config/.release/install.yaml
          asset_name: install.yaml
          tag: ${{ github.ref }}
-      
+
+      - name: Login to GHCR
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
      - name: Push manifests to GHCR with Flux
        env:
          CR_PAT_ARTIFACTS:  ${{ secrets.CR_PAT_ARTIFACTS }}
        run: |
-            set -e
-            cd config/.release/ && \
-            flux push artifact oci://ghcr.io/${{ github.repository_owner }}/manifests/kyverno:$(git rev-parse --short HEAD) \
-              --path="." \
-              --source="$(git config --get remote.origin.url)" \
-              --revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)"
-              --creds flux:${CR_PAT_ARTIFACTS}
-      
+          set -e
+          cd config/.release/ && \
+          flux push artifact oci://ghcr.io/${{ github.repository_owner }}/manifests/kyverno:$(git rev-parse --short HEAD) \
+            --path="." \
+            --source="$(git config --get remote.origin.url)" \
+            --revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)"
+
      - name: Sign manifests in GHCR with Cosign
        env:
          COSIGN_EXPERIMENTAL: 1
-          CR_PAT_ARTIFACTS:  ${{ secrets.CR_PAT_ARTIFACTS }}
        run: |
-            set -e
-            cosign login --username ${GITHUB_ACTOR} --password ${CR_PAT_ARTIFACTS} ghcr.io
-            cosign sign ghcr.io/${{ github.repository_owner }}/manifests/kyverno:$(git rev-parse --short HEAD)
+          cosign sign ghcr.io/${{ github.repository_owner }}/manifests/kyverno:$(git rev-parse --short HEAD)

  release-cli-via-krew:
    runs-on: ubuntu-latest