feat: output docker credentials after login

Adding the outputs and hiding the secrets so they can't be read in the logs.
aws-actions · Sep 13, 2021 · 57206dc · 57206dc
1 parent 3f76e10
commit 57206dc
Show file tree

Hide file tree

Showing 4 changed files with 4,871 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -57,6 +57,12 @@ We recommend following [Amazon IAM best practices](https://docs.aws.amazon.com/I
 * [Rotate the credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials) used in GitHub Actions workflows regularly.
 * [Monitor the activity](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#keep-a-log) of the credentials used in GitHub Actions workflows.
 
+### Docker credentials
+After the authentication, you can access the docker username and password via Action outputs using the following format:
+- Registry URL: `111111111111.dkr.ecr.aws-region-1.amazonaws.com`
+- Docker username output: `111111111111_dkr_ecr_aws_region_1_amazonaws_com_docker_username`
+- Docker password output: `111111111111_dkr_ecr_aws_region_1_amazonaws_com_docker_password`
+
 ## Permissions
 
 This action requires the following minimum set of permissions:

diff --git a/index.js b/index.js
@@ -2,6 +2,10 @@ const core = require('@actions/core');
 const exec = require('@actions/exec');
 const aws = require('aws-sdk');
 
+function replaceSpecialCharacters(registryUri) {
+  return registryUri.replace(/[^a-zA-Z0-9_]+/g, '_')
+}
+
 async function run() {
   const registryUriState = [];
   const skipLogout = core.getInput('skip-logout', { required: false });
@@ -58,9 +62,12 @@ async function run() {
         core.debug(doLoginStdout);
         throw new Error('Could not login: ' + doLoginStderr);
       }
-
-      core.setSecret('docker_username', creds[0]);
-      core.setSecret('docker_password', creds[1]);
+
+      const secretPrefix = replaceSpecialCharacters(registryUri)
+      core.setSecret(creds[0])
+      core.setSecret(creds[1])
+      core.setOutput(`${secretPrefix}_docker_username`, creds[0]);
+      core.setOutput(`${secretPrefix}_docker_password`, creds[1]);
 
       registryUriState.push(registryUri);
     }
@@ -78,7 +85,10 @@ async function run() {
   }
 }
 
-module.exports = run;
+module.exports = {
+  run,
+  replaceSpecialCharacters
+};
 
 /* istanbul ignore next */
 if (require.main === module) {

diff --git a/index.test.js b/index.test.js
@@ -1,4 +1,4 @@
-const run = require('./index.js');
+const {run, replaceSpecialCharacters} = require('./index.js');
 const core = require('@actions/core');
 const exec = require('@actions/exec');
 
@@ -261,4 +261,9 @@ describe('Login to ECR', () => {
         expect(exec.exec).toHaveBeenCalledTimes(2);
         expect(core.saveState).toHaveBeenCalledTimes(0);
     });
+
+    test('replaces special characters', () => {
+        expect(replaceSpecialCharacters('111111111111.dkr.ecr.aws-region-1.amazonaws.com')).toBe('111111111111_dkr_ecr_aws_region_1_amazonaws_com')
+        expect(replaceSpecialCharacters('229236603350.dkr.ecr.us-east-1.amazonaws.com')).toBe('229236603350_dkr_ecr_us_east_1_amazonaws_com')
+    });
 });