Add custom docker registry authentication (#665)

* Add custom docker registry authentication Uses DOCKER_USERNAME and DOCKER_PASSWORD as secrets provided into the act cli. Closes #527 Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de> * Add test to check if pull authentication is filled in * Update debug message to be more descriptive Co-authored-by: Ryan (hackercat) <me@hackerc.at> Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de> Co-authored-by: Ryan (hackercat) <me@hackerc.at>
2025-08-11 17:50:58 +00:00 · 2021-05-05 18:37:17 +02:00 · 2021-05-05 18:37:17 +02:00 · 16c81e63ff
commit 16c81e63ff
parent ee17cec6cb
5 changed files with 61 additions and 4 deletions
--- a/act/container/docker_pull.go
+++ b/act/container/docker_pull.go
@ -2,6 +2,8 @@ package container

 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"strings"

@ -17,6 +19,8 @@ type NewDockerPullExecutorInput struct {
 	Image     string
 	ForcePull bool
 	Platform  string
+	Username  string
+	Password  string
 }

 // NewDockerPullExecutor function to create a run executor for the container
@ -54,9 +58,13 @@ func NewDockerPullExecutor(input NewDockerPullExecutorInput) common.Executor {
 			return err
 		}

-		reader, err := cli.ImagePull(ctx, imageRef, types.ImagePullOptions{
-			Platform: input.Platform,
-		})
+		imagePullOptions, err := getImagePullOptions(ctx, input)
+		if err != nil {
+			return err
+		}
+
+		reader, err := cli.ImagePull(ctx, imageRef, imagePullOptions)
+
 		_ = logDockerResponse(logger, reader, err != nil)
 		if err != nil {
 			return err
@ -65,6 +73,30 @@ func NewDockerPullExecutor(input NewDockerPullExecutorInput) common.Executor {
 	}
 }

+func getImagePullOptions(ctx context.Context, input NewDockerPullExecutorInput) (types.ImagePullOptions, error) {
+	imagePullOptions := types.ImagePullOptions{
+		Platform: input.Platform,
+	}
+	if input.Username != "" && input.Password != "" {
+		logger := common.Logger(ctx)
+		logger.Debugf("using authentication for docker pull")
+
+		authConfig := types.AuthConfig{
+			Username: input.Username,
+			Password: input.Password,
+		}
+
+		encodedJSON, err := json.Marshal(authConfig)
+		if err != nil {
+			return imagePullOptions, err
+		}
+
+		imagePullOptions.RegistryAuth = base64.URLEncoding.EncodeToString(encodedJSON)
+	}
+
+	return imagePullOptions, nil
+}
+
 func cleanImage(image string) string {
 	imageParts := len(strings.Split(image, "/"))
 	if imageParts == 1 {