Handling Docker Credentials

[psychemedia]

As the action runs, a warning is posted regarding the way docker credentials are handled:

  WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
  Login Succeeded
  Configure a credential helper to remove this warning. See
  https://docs.docker.com/engine/reference/commandline/login/#credentials-store

A recent post mentioning the latest official docker action shows the use of a token rather than credentials: https://www.docker.com/blog/docker-github-actions/

It would probably make sense to use token based authentication with Dockerhub for pushing images.

[hamelsmu]

It looks like no change to the api is necessary, and instead of a password, the user should enter their personal access token. Is my understanding correct?

[psychemedia]

Yes, that seems to be the case. Will give it a go...

I'm guess the warning will still show though?

[hamelsmu]

Hmm not sure. I’m hoping no warning shows up if a token is used.

Perhaps I should update the README to remind the user to use a TOKEN? What do you think?

[psychemedia]

Yes, I think recommeding using a TOKEN would be a Good Thing, along with a note that even though the field says "PASSWORD" a token is fine. Docker docs where it says that here:

You can use an access token anywhere that requires your Docker Hub password.