8888 Accepts either a string (container image name) or a JSON object with container options.
8989
9090 String format (simple):
91- ```
91+ ```yml
9292 container: "node:18"
9393 ```
9494
123123 SECRET_EXAMPLE=$\{{ secrets.SECRET_EXAMPLE }}
124124 ```
125125 required : false
126+ container-password :
127+ description : |
128+ Password for container registry authentication, if required.
129+ Used when the container image is hosted in a private registry.
130+ See https://docs.github.com/en/actions/how-tos/write-workflows/choose-where-workflows-run/run-jobs-in-a-container#defining-credentials-for-a-container-registry.
131+ required : false
126132 outputs :
127133 build-artifact-id :
128134 description : " ID of the build artifact) uploaded during the build step."
@@ -131,13 +137,14 @@ on:
131137permissions : {}
132138
133139jobs :
134- parse-container :
135- name : 📦 Parse Container Configuration
136- if : inputs.container != ''
140+ prepare :
141+ name : 📦 Prepare configuration
137142 runs-on : ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
138143 permissions : {}
139144 outputs :
140- config : ${{ steps.parse.outputs.config }}
145+ container-image : ${{ steps.parse.outputs.container-image }}
146+ container-options : ${{ steps.parse.outputs.container-options }}
147+ container-username : ${{ steps.parse.outputs.container-username }}
141148 steps :
142149 - id : parse
143150 uses : actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
@@ -150,7 +157,7 @@ jobs:
150157 // Check if input is a JSON object or a simple string
151158 const isJson = containerInput.startsWith('{');
152159
153- let config = {
160+ let container = {
154161 image: '',
155162 options: '--user root:root'
156163 };
@@ -160,27 +167,35 @@ jobs:
160167 const container = JSON.parse(containerInput);
161168
162169 // Set image
163- config .image = container.image || '';
170+ container .image = container.image || '';
164171
165172 // Add env if provided
166173 if (container.env && Object.keys(container.env).length > 0) {
167- config .env = container.env;
174+ container .env = container.env;
168175 }
169176
170177 // Merge user options with default --user root:root
171178 if (container.options) {
172- config .options = `${config .options} ${container.options}`;
179+ container .options = `${container .options} ${container.options}`;
173180 }
174181 } catch (error) {
175182 core.setFailed(`Failed to parse container input as JSON: ${error.message}`);
176183 return;
177184 }
178185 } else {
179186 // Simple string format - just the image name
180- config .image = containerInput;
187+ container .image = containerInput;
181188 }
182189
183- core.setOutput('config', JSON.stringify(config));
190+ if (container.image) {
191+ core.setOutput('container-image', container.image);
192+ }
193+ if (container.options) {
194+ core.setOutput('container-options', JSON.stringify(container.options));
195+ }
196+ if (container.username) {
197+ core.setOutput('container-username', container.username);
198+ }
184199
185200 code-ql :
186201 name : 🛡️ CodeQL Analysis
@@ -208,9 +223,12 @@ jobs:
208223 setup :
209224 name : ⚙️ Setup
210225 runs-on : ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
211- container : ${{ inputs.container != '' && fromJSON(needs.parse-container.outputs.config) || null }}
212- needs : parse-container
213- if : ${{ always() && !cancelled() && !failure() }}
226+ needs : prepare
227+ container :
228+ image : ${{ needs.prepare.outputs.container-image || '' }}
229+ options : ${{ needs.prepare.outputs.container-options && fromJSON(needs.prepare.outputs.container-options) || null }}
230+ credentials : |
231+ ${{ needs.prepare.outputs.container-username && fromJSON(format('{"username":"{0}","password": "{1}"}',needs.prepare.outputs.container-username,secrets.container-password)) || null }}
214232 permissions :
215233 contents : read
216234 # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
@@ -220,7 +238,7 @@ jobs:
220238 build-commands : ${{ steps.build-variables.outputs.commands }}
221239 build-artifact : ${{ steps.build-variables.outputs.artifact }}
222240 steps :
223- - if : inputs. container == ''
241+ - if : needs.prepare.outputs. container-image == null
224242 uses : hoverkraft-tech/ci-github-common/actions/checkout@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
225243
226244 - id : build-variables
@@ -324,22 +342,26 @@ jobs:
324342
325343 lint :
326344 name : 👕 Lint
327- if : inputs.checks == true && inputs.lint && always() && !cancelled() && !failure()
328- runs-on : ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
329- container : ${{ inputs.container != '' && fromJSON(needs.parse-container.outputs.config) || null }}
345+ if : inputs.checks == true && inputs.lint
330346 needs :
331- - parse-container
347+ - prepare
332348 - setup
349+ runs-on : ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
350+ container :
351+ image : ${{ needs.prepare.outputs.container-image || null }}
352+ options : ${{ needs.prepare.outputs.container-options || null }}
353+ credentials :
354+ username : ${{ needs.prepare.outputs.container-username || null }}
355+ password : ${{ secrets.container-password || null }}
333356 # jscpd:ignore-start
334357 permissions :
335358 contents : read
336359 # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
337360 id-token : write
338361 steps :
339362 - uses : hoverkraft-tech/ci-github-common/actions/checkout@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
340- if : inputs. container == ''
363+ if : needs.prepare.outputs. container-image == null
341364
342- # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
343365 - id : oidc
344366 uses : ChristopherHX/oidc@73eee1ff03fdfce10eda179f617131532209edbd # v3
345367 - uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -375,16 +397,21 @@ jobs:
375397 - uses : ./self-workflow/actions/lint
376398 with :
377399 working-directory : ${{ inputs.working-directory }}
378- container : ${{ inputs. container != ' ' }}
400+ container : ${{ needs.prepare.outputs. container-image && 'true' || 'false ' }}
379401
380402 build :
381403 name : 🏗️ Build
382- if : inputs.checks == true && always() && !cancelled() && !failure()
404+ if : inputs.checks == true
383405 runs-on : ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
406+ container :
407+ image : ${{ needs.prepare.outputs.container-image || null }}
408+ options : ${{ needs.prepare.outputs.container-options || null }}
409+ credentials :
410+ username : ${{ needs.prepare.outputs.container-username || null }}
411+ password : ${{ secrets.container-password || null }}
384412 # jscpd:ignore-start
385- container : ${{ inputs.container != '' && fromJSON(needs.parse-container.outputs.config) || null }}
386413 needs :
387- - parse-container
414+ - prepare
388415 - setup
389416 permissions :
390417 contents : read
@@ -394,7 +421,7 @@ jobs:
394421 artifact-id : ${{ steps.build.outputs.artifact-id }}
395422 steps :
396423 - uses : hoverkraft-tech/ci-github-common/actions/checkout@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
397- if : needs.setup.outputs.build-commands && inputs. container == ''
424+ if : needs.setup.outputs.build-commands && needs.prepare.outputs. container-image == null
398425
399426 # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
400427 - id : oidc
@@ -422,15 +449,20 @@ jobs:
422449 build-env : ${{ needs.setup.outputs.build-env }}
423450 build-secrets : ${{ secrets.build-secrets }}
424451 build-artifact : ${{ needs.setup.outputs.build-artifact }}
425- container : ${{ inputs. container != ' ' }}
452+ container : ${{ needs.prepare.outputs. container-image && 'true' || 'false ' }}
426453
427454 test :
428455 name : 🧪 Test
429- if : inputs.checks == true && inputs.test && always() && !cancelled() && !failure()
456+ if : inputs.checks == true && inputs.test
430457 runs-on : ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
431- container : ${{ inputs.container != '' && fromJSON(needs.parse-container.outputs.config) || null }}
458+ container :
459+ image : ${{ needs.prepare.outputs.container-image || null }}
460+ options : ${{ needs.prepare.outputs.container-options || null }}
461+ credentials :
462+ username : ${{ needs.prepare.outputs.container-username || null }}
463+ password : ${{ secrets.container-password || null }}
432464 needs :
433- - parse-container
465+ - prepare
434466 - setup
435467 - build
436468 permissions :
@@ -440,9 +472,9 @@ jobs:
440472 id-token : write
441473 steps :
442474 - uses : hoverkraft-tech/ci-github-common/actions/checkout@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
443- if : inputs. container == ''
475+ if : needs.prepare.outputs. container-image == null
444476
445- - if : needs.build.outputs.artifact-id && inputs. container == ''
477+ - if : needs.build.outputs.artifact-id && needs.prepare.outputs. container-image == null
446478 uses : actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
447479 with :
448480 artifact-ids : ${{ needs.build.outputs.artifact-id }}
@@ -491,7 +523,7 @@ jobs:
491523 - uses : ./self-workflow/actions/test
492524 with :
493525 working-directory : ${{ inputs.working-directory }}
494- container : ${{ inputs. container != ' ' }}
526+ container : ${{ needs.prepare.outputs. container-image && 'true' || 'false ' }}
495527 coverage : ${{ steps.prepare-test-options.outputs.coverage }}
496- coverage-files : ${{ steps.prepare-test-options.outputs[' coverage-files'] }}
528+ coverage-files : ${{ steps.prepare-test-options.outputs. coverage-files }}
497529 github-token : ${{ github.token }}
0 commit comments