CVE-2023-4727 Fix token authentication bypass vulnerability #1104
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish PKI | |
on: | |
push: | |
branches: | |
- v10.13 | |
env: | |
NAMESPACE: ${{ vars.REGISTRY_NAMESPACE || github.repository_owner }} | |
jobs: | |
init: | |
name: Initialization | |
uses: ./.github/workflows/init.yml | |
secrets: inherit | |
if: vars.REGISTRY != '' | |
build: | |
name: Waiting for build | |
needs: init | |
runs-on: ubuntu-latest | |
steps: | |
- name: Wait for build | |
uses: lewagon/wait-on-check-action@v1.2.0 | |
with: | |
ref: ${{ github.ref }} | |
check-name: 'Building PKI' | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
wait-interval: 30 | |
publish: | |
name: Publishing PKI | |
needs: [init, build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Log in to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ vars.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
if: vars.REGISTRY == 'ghcr.io' | |
- name: Log in to other container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ vars.REGISTRY }} | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
if: vars.REGISTRY != 'ghcr.io' | |
- name: Retrieve pki-dist image | |
uses: actions/cache@v3 | |
with: | |
key: pki-dist-${{ github.sha }} | |
path: pki-dist.tar | |
- name: Publish pki-dist image | |
run: | | |
docker load --input pki-dist.tar | |
docker tag pki-dist ${{ vars.REGISTRY }}/$NAMESPACE/pki-dist:10.13 | |
docker push ${{ vars.REGISTRY }}/$NAMESPACE/pki-dist:10.13 | |
- name: Retrieve pki-acme image | |
uses: actions/cache@v3 | |
with: | |
key: pki-acme-${{ github.sha }} | |
path: pki-acme.tar | |
- name: Publish pki-acme image | |
run: | | |
docker load --input pki-acme.tar | |
docker tag pki-acme ${{ vars.REGISTRY }}/$NAMESPACE/pki-acme:10.13 | |
docker push ${{ vars.REGISTRY }}/$NAMESPACE/pki-acme:10.13 |