login-action/src/docker.ts

import * as core from '@actions/core';

import * as aws from './aws';
import * as context from './context';

import {Docker} from '@docker/actions-toolkit/lib/docker/docker';

async function sleep(ms: number): Promise<void> {
  return new Promise(resolve => setTimeout(resolve, ms));
}

function isRetryableError(error: Error): boolean {
  const errorMsg = error.message.toLowerCase();
  const statusCode5xxPattern = /\b5\d{2}\b/;
  return !statusCode5xxPattern.test(errorMsg);
}

async function withRetry<T>(fn: () => Promise<T>, retryArgs: context.RetryArgs, context: string): Promise<T> {
  const maxAttempts = Math.max(1, retryArgs.attempts + 1);
  let lastError: Error;

  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
    try {
      return await fn();
    } catch (error) {
      lastError = error as Error;

      if (attempt === maxAttempts || !isRetryableError(lastError)) {
        if (attempt > 1) {
          core.info(`${context}: Failed after ${attempt} attempts`);
        }
        throw lastError;
      }

      const delay = retryArgs.delayMs * Math.pow(2, attempt - 1);
      core.warning(`${context}: Attempt ${attempt}/${maxAttempts} failed: ${lastError.message}. Retrying in ${delay}ms...`);
      await sleep(delay);
    }
  }

  throw lastError!;
}

export async function login(auth: context.Auth): Promise<void> {
  if (/true/i.test(auth.ecr) || (auth.ecr == 'auto' && aws.isECR(auth.registry))) {
    await loginECR(auth.registry, auth.username, auth.password, auth.scope, auth.retryArgs);
  } else {
    await loginStandard(auth.registry, auth.username, auth.password, auth.scope, auth.retryArgs);
  }
}

export async function logout(registry: string, configDir: string): Promise<void> {
  let envs: {[key: string]: string} | undefined;
  if (configDir !== '') {
    envs = Object.assign({}, process.env, {
      DOCKER_CONFIG: configDir
    }) as {
      [key: string]: string;
    };
    core.info(`Alternative config dir: ${configDir}`);
  }
  await Docker.getExecOutput(['logout', registry], {
    ignoreReturnCode: true,
    env: envs
  }).then(res => {
    if (res.stderr.length > 0 && res.exitCode != 0) {
      core.warning(res.stderr.trim());
    }
  });
}

export async function loginStandard(registry: string, username: string, password: string, scope?: string, retryArgs?: context.RetryArgs): Promise<void> {
  if (!username && !password) {
    throw new Error('Username and password required');
  }
  if (!username) {
    throw new Error('Username required');
  }
  if (!password) {
    throw new Error('Password required');
  }
  await loginExec(registry, username, password, scope, retryArgs);
}

export async function loginECR(registry: string, username: string, password: string, scope?: string, retryArgs?: context.RetryArgs): Promise<void> {
  core.info(`Retrieving registries data through AWS SDK...`);
  const regDatas = await aws.getRegistriesData(registry, username, password);
  for (const regData of regDatas) {
    await loginExec(regData.registry, regData.username, regData.password, scope, retryArgs);
  }
}

async function loginExec(registry: string, username: string, password: string, scope?: string, retryArgs?: context.RetryArgs): Promise<void> {
  let envs: {[key: string]: string} | undefined;
  const configDir = context.scopeToConfigDir(registry, scope);
  if (configDir !== '') {
    envs = Object.assign({}, process.env, {
      DOCKER_CONFIG: configDir
    }) as {
      [key: string]: string;
    };
    core.info(`Logging into ${registry} (scope ${scope})...`);
  } else {
    core.info(`Logging into ${registry}...`);
  }

  const retry = retryArgs || {attempts: 0, delayMs: 5000};

  await withRetry(
    async () => {
      await Docker.getExecOutput(['login', '--password-stdin', '--username', username, registry], {
        ignoreReturnCode: true,
        silent: true,
        input: Buffer.from(password),
        env: envs
      }).then(res => {
        if (res.stderr.length > 0 && res.exitCode != 0) {
          throw new Error(res.stderr.trim());
        }
        core.info('Login Succeeded!');
      });
    },
    retry,
    `Login to ${registry}`
  );
}
Use built-in `getExecOutput` Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-06-22 09:09:26 +00:00			`import * as core from '@actions/core';`
switch to Docker exec Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2024-07-22 08:41:37 +00:00
Add scope input to set scopes for the authentication token Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2026-01-06 12:51:25 +00:00			`import * as aws from './aws';`
			`import * as context from './context';`

switch to Docker exec Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2024-07-22 08:41:37 +00:00			`import {Docker} from '@docker/actions-toolkit/lib/docker/docker';`
Refactor 2020-08-20 14:40:33 +00:00
Add retry logic for transient login failures Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com> 2026-01-30 18:32:24 +00:00			`async function sleep(ms: number): Promise<void> {`
			`return new Promise(resolve => setTimeout(resolve, ms));`
			`}`

			`function isRetryableError(error: Error): boolean {`
			`const errorMsg = error.message.toLowerCase();`
			`const statusCode5xxPattern = /\b5\d{2}\b/;`
			`return !statusCode5xxPattern.test(errorMsg);`
			`}`

			`async function withRetry<T>(fn: () => Promise<T>, retryArgs: context.RetryArgs, context: string): Promise<T> {`
			`const maxAttempts = Math.max(1, retryArgs.attempts + 1);`
			`let lastError: Error;`

			`for (let attempt = 1; attempt <= maxAttempts; attempt++) {`
			`try {`
			`return await fn();`
			`} catch (error) {`
			`lastError = error as Error;`

			`if (attempt === maxAttempts \|\| !isRetryableError(lastError)) {`
			`if (attempt > 1) {`
			core.info(`${context}: Failed after ${attempt} attempts`);
			`}`
			`throw lastError;`
			`}`

			`const delay = retryArgs.delayMs * Math.pow(2, attempt - 1);`
			core.warning(`${context}: Attempt ${attempt}/${maxAttempts} failed: ${lastError.message}. Retrying in ${delay}ms...`);
			`await sleep(delay);`
			`}`
			`}`

			`throw lastError!;`
			`}`

Add scope input to set scopes for the authentication token Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2026-01-06 12:51:25 +00:00			`export async function login(auth: context.Auth): Promise<void> {`
			`if (/true/i.test(auth.ecr) \|\| (auth.ecr == 'auto' && aws.isECR(auth.registry))) {`
Add retry logic for transient login failures Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com> 2026-01-30 18:32:24 +00:00			`await loginECR(auth.registry, auth.username, auth.password, auth.scope, auth.retryArgs);`
Refactor 2020-08-20 14:40:33 +00:00			`} else {`
Add retry logic for transient login failures Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com> 2026-01-30 18:32:24 +00:00			`await loginStandard(auth.registry, auth.username, auth.password, auth.scope, auth.retryArgs);`
Refactor 2020-08-20 14:40:33 +00:00			`}`
			`}`

Add scope input to set scopes for the authentication token Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2026-01-06 12:51:25 +00:00			`export async function logout(registry: string, configDir: string): Promise<void> {`
			`let envs: {[key: string]: string} \| undefined;`
			`if (configDir !== '') {`
			`envs = Object.assign({}, process.env, {`
			`DOCKER_CONFIG: configDir`
			`}) as {`
			`[key: string]: string;`
			`};`
			core.info(`Alternative config dir: ${configDir}`);
			`}`
switch to Docker exec Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2024-07-22 08:41:37 +00:00			`await Docker.getExecOutput(['logout', registry], {`
Add scope input to set scopes for the authentication token Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2026-01-06 12:51:25 +00:00			`ignoreReturnCode: true,`
			`env: envs`
switch to actions-toolkit implementation Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2023-02-21 09:06:17 +00:00			`}).then(res => {`
			`if (res.stderr.length > 0 && res.exitCode != 0) {`
			`core.warning(res.stderr.trim());`
			`}`
			`});`
Refactor 2020-08-20 14:40:33 +00:00			`}`

Add retry logic for transient login failures Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com> 2026-01-30 18:32:24 +00:00			`export async function loginStandard(registry: string, username: string, password: string, scope?: string, retryArgs?: context.RetryArgs): Promise<void> {`
docker auth: improve missing user/pwd Specify the "missing username and password" error message. This makes debugging the action easier when for example mistyping the username or the password. Signed-off-by: Frank Villaro-Dixon <frank@vi-di.fr> Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-04-30 19:52:07 +00:00			`if (!username && !password) {`
Handle AWS credentials Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-10-20 12:41:56 +00:00			`throw new Error('Username and password required');`
Refactor 2020-08-20 14:40:33 +00:00			`}`
docker auth: improve missing user/pwd Specify the "missing username and password" error message. This makes debugging the action easier when for example mistyping the username or the password. Signed-off-by: Frank Villaro-Dixon <frank@vi-di.fr> Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-04-30 19:52:07 +00:00			`if (!username) {`
			`throw new Error('Username required');`
			`}`
			`if (!password) {`
			`throw new Error('Password required');`
			`}`
Add retry logic for transient login failures Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com> 2026-01-30 18:32:24 +00:00			`await loginExec(registry, username, password, scope, retryArgs);`
Add scope input to set scopes for the authentication token Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2026-01-06 12:51:25 +00:00			`}`
Handle AWS credentials Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-10-20 12:41:56 +00:00
Add retry logic for transient login failures Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com> 2026-01-30 18:32:24 +00:00			`export async function loginECR(registry: string, username: string, password: string, scope?: string, retryArgs?: context.RetryArgs): Promise<void> {`
Add scope input to set scopes for the authentication token Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2026-01-06 12:51:25 +00:00			core.info(`Retrieving registries data through AWS SDK...`);
			`const regDatas = await aws.getRegistriesData(registry, username, password);`
			`for (const regData of regDatas) {`
Add retry logic for transient login failures Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com> 2026-01-30 18:32:24 +00:00			`await loginExec(regData.registry, regData.username, regData.password, scope, retryArgs);`
Add scope input to set scopes for the authentication token Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2026-01-06 12:51:25 +00:00			`}`
			`}`
Refactor 2020-08-20 14:40:33 +00:00
Add retry logic for transient login failures Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com> 2026-01-30 18:32:24 +00:00			`async function loginExec(registry: string, username: string, password: string, scope?: string, retryArgs?: context.RetryArgs): Promise<void> {`
Add scope input to set scopes for the authentication token Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> 2026-01-06 12:51:25 +00:00			`let envs: {[key: string]: string} \| undefined;`
			`const configDir = context.scopeToConfigDir(registry, scope);`
			`if (configDir !== '') {`
			`envs = Object.assign({}, process.env, {`
			`DOCKER_CONFIG: configDir`
			`}) as {`
			`[key: string]: string;`
			`};`
			core.info(`Logging into ${registry} (scope ${scope})...`);
			`} else {`
			core.info(`Logging into ${registry}...`);
			`}`
Add retry logic for transient login failures Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com> 2026-01-30 18:32:24 +00:00
			`const retry = retryArgs \|\| {attempts: 0, delayMs: 5000};`

			`await withRetry(`
			`async () => {`
			`await Docker.getExecOutput(['login', '--password-stdin', '--username', username, registry], {`
			`ignoreReturnCode: true,`
			`silent: true,`
			`input: Buffer.from(password),`
			`env: envs`
			`}).then(res => {`
			`if (res.stderr.length > 0 && res.exitCode != 0) {`
			`throw new Error(res.stderr.trim());`
			`}`
			`core.info('Login Succeeded!');`
			`});`
			`},`
			`retry,`
			`Login to ${registry}`
			`);`
Refactor 2020-08-20 14:40:33 +00:00			`}`