docker/login-action
1
0
Fork 0
mirror of https://github.com/docker/login-action.git synced 2026-05-24 13:28:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

document ACR OIDC login with Azure Login

Browse Source 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2026-05-22 13:32:46 +02:00
parent 650006c6eb
commit b04cd7ece0
No known key found for this signature in database
GPG Key ID: ADE44D8C9D44FBE4
1 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
README.md
View File

@ -117,6 +117,8 @@ instead of a password.
### Azure Container Registry (ACR) ### Azure Container Registry (ACR)
#### Service principal
[Create a service principal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal#create-a-service-principal) [Create a service principal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal#create-a-service-principal)
with access to your container registry through the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) with access to your container registry through the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
and take note of the generated service principal's ID (also called _client ID_) and take note of the generated service principal's ID (also called _client ID_)
@ -144,6 +146,53 @@ jobs:
> Replace `<registry-name>` with the name of your registry. > Replace `<registry-name>` with the name of your registry.
#### OpenID Connect (OIDC)
To authenticate with OpenID Connect, configure a federated identity credential
for GitHub Actions and use the [Azure Login](https://github.com/Azure/login)
action to sign in to Azure. Then expose an ACR access token and pass it to this
action as the password.
```yaml
name: ci
on:
push:
branches: main
permissions:
contents: read
id-token: write
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Login to Azure
uses: azure/login@v3
with:
client-id: ${{ vars.AZURE_CLIENT_ID }}
tenant-id: ${{ vars.AZURE_TENANT_ID }}
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
-
name: Get ACR access token
id: acr-token
run: |
ACR_TOKEN=$(az acr login --name <registry-name> --expose-token --output tsv --query accessToken)
echo "::add-mask::$ACR_TOKEN" # mask the token in workflow logs
echo "token=$ACR_TOKEN" >> "$GITHUB_OUTPUT"
-
name: Login to ACR
uses: docker/login-action@v4
with:
registry: <registry-name>.azurecr.io
username: 00000000-0000-0000-0000-000000000000
password: ${{ steps.acr-token.outputs.token }}
```
> Replace `<registry-name>` with the name of your registry.
### Google Container Registry (GCR) ### Google Container Registry (GCR)
> [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of > [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of