Skip to content

CVE-2023-4727 Fix token authentication bypass vulnerability #1104

CVE-2023-4727 Fix token authentication bypass vulnerability

CVE-2023-4727 Fix token authentication bypass vulnerability #1104

Workflow file for this run

name: Publish PKI
on:
push:
branches:
- v10.13
env:
NAMESPACE: ${{ vars.REGISTRY_NAMESPACE || github.repository_owner }}
jobs:
init:
name: Initialization
uses: ./.github/workflows/init.yml
secrets: inherit
if: vars.REGISTRY != ''
build:
name: Waiting for build
needs: init
runs-on: ubuntu-latest
steps:
- name: Wait for build
uses: lewagon/wait-on-check-action@v1.2.0
with:
ref: ${{ github.ref }}
check-name: 'Building PKI'
repo-token: ${{ secrets.GITHUB_TOKEN }}
wait-interval: 30
publish:
name: Publishing PKI
needs: [init, build]
runs-on: ubuntu-latest
steps:
- name: Log in to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ${{ vars.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
if: vars.REGISTRY == 'ghcr.io'
- name: Log in to other container registry
uses: docker/login-action@v2
with:
registry: ${{ vars.REGISTRY }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
if: vars.REGISTRY != 'ghcr.io'
- name: Retrieve pki-dist image
uses: actions/cache@v3
with:
key: pki-dist-${{ github.sha }}
path: pki-dist.tar
- name: Publish pki-dist image
run: |
docker load --input pki-dist.tar
docker tag pki-dist ${{ vars.REGISTRY }}/$NAMESPACE/pki-dist:10.13
docker push ${{ vars.REGISTRY }}/$NAMESPACE/pki-dist:10.13
- name: Retrieve pki-acme image
uses: actions/cache@v3
with:
key: pki-acme-${{ github.sha }}
path: pki-acme.tar
- name: Publish pki-acme image
run: |
docker load --input pki-acme.tar
docker tag pki-acme ${{ vars.REGISTRY }}/$NAMESPACE/pki-acme:10.13
docker push ${{ vars.REGISTRY }}/$NAMESPACE/pki-acme:10.13