Skip to content

Commit

Permalink
docs: Add note about registry username secret to docs (#1659)
Browse files Browse the repository at this point in the history
Signed-off-by: Ian Lewis <ianlewis@google.com>
Co-authored-by: asraa <asraa@google.com>
  • Loading branch information
Ian Lewis and asraa authored Feb 24, 2023
1 parent 478820e commit 1ab4b3f
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@
#### New Features

- A new boolean [`continue-on-error`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#workflow-outputs) output.
- A new [`repository-username`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#workflow-inputs) secret input was added to allow users to pass their repository username that is stored in a [Github Actions encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets).
- A new [`repository-username`](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#workflow-inputs) secret input was added to allow users to pass their repository username that is stored in a [Github Actions encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets). This secret input should only be used for high-entropy registry username values such as AWS Access Key.
- Support was added for authenticating with [Google Artifact Registry](https://cloud.google.com/artifact-registry) and [Google Container Registry](https://cloud.google.com/container-registry) using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). Users can use this new feature by using the [`gcp-workload-identity-provider` and `gcp-service-account` inputs](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#workflow-inputs)

## Changelog since v1.4.0
Expand Down
8 changes: 4 additions & 4 deletions internal/builders/container/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -216,10 +216,10 @@ Inputs:

Secrets:

| Name | Description |
| ------------------- | ---------------------------------------------------------------------------------------------------------------------- |
| `registry-username` | Username to log in the container registry. Either `registry-username` input or `registry-username` secret is required. |
| `registry-password` | **(Required)** Password to log in the container registry. |
| Name | Description |
| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `registry-username` | Username to log in the container registry. Either `registry-username` input or `registry-username` secret is required. This should only be used for high entropy values such as AWS Access Key as described [here](https://github.com/docker/login-action#aws-elastic-container-registry-ecr). Normal username values could match other input values and cause them to be ignored by GitHub Actions and causing your build to fail. In those cases, use the `registry-username` input instead. |
| `registry-password` | **(Required)** Password to log in the container registry. |

### Workflow Outputs

Expand Down

0 comments on commit 1ab4b3f

Please sign in to comment.