Closed psychemedia closed 4 years ago
It looks like no change to the api is necessary, and instead of a password, the user should enter their personal access token. Is my understanding correct?
Yes, that seems to be the case. Will give it a go...
I'm guess the warning will still show though?
Hmm not sure. I’m hoping no warning shows up if a token is used.
Perhaps I should update the README to remind the user to use a TOKEN? What do you think?
Yes, I think recommeding using a TOKEN would be a Good Thing, along with a note that even though the field says "PASSWORD" a token is fine. Docker docs where it says that here:
You can use an access token anywhere that requires your Docker Hub password.
As the action runs, a warning is posted regarding the way docker credentials are handled:
A recent post mentioning the latest official docker action shows the use of a token rather than credentials: https://www.docker.com/blog/docker-github-actions/
It would probably make sense to use token based authentication with Dockerhub for pushing images.