fix(sconify)!: move usernames to secrets

Author: PierreJeanjacquot

.github/workflows/sconify.yml

@@ -7,10 +7,6 @@ on:
         description: "Docker registry of docker image to sconify"
         default: "docker.io"
         type: string
-      docker-username:
-        description: "Docker registry username"
-        type: string
-        required: true
       image-name:
         description: "Name of docker image to sconify"
         type: string
@@ -19,10 +15,6 @@ on:
         description: "Tag of docker image to sconify"
         type: string
         required: true
-      scontain-username:
-        description: "Scontain registry username"
-        type: string
-        required: true
       sconify-version:
         description: "Version of the sconify image to use"
         type: string
@@ -72,9 +64,15 @@ on:
         type: string
         default: "ubuntu-latest"
     secrets:
+      docker-username:
+        description: "Docker registry username"
+        required: true
       docker-password:
         description: "Docker Registry Password or Token"
         required: true
+      scontain-username:
+        description: "Scontain registry username"
+        required: true
       scontain-password:
         description: "Scontain Registry Password or Token"
         required: true
@@ -161,14 +159,14 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ${{ inputs.docker-registry }}
-          username: ${{ inputs.docker-username }}
+          username: ${{ secrets.docker-username }}
           password: ${{ secrets.docker-password }}
 
       - name: Login to Scontain Docker Registry
         uses: docker/login-action@v3
         with:
           registry: "registry.scontain.com"
-          username: ${{ inputs.scontain-username }}
+          username: ${{ secrets.scontain-username }}
           password: ${{ secrets.scontain-password }}
 
       - name: Pull Image to Sconify

sconify/README.md

@@ -22,23 +22,22 @@ The workflow performs the following actions:
 
 ## Workflow Inputs 🛠️
 
-| **Input**             | **Description**                                                                                          | **Required** | **Default**                      |
-| --------------------- | -------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------- |
-| **docker-registry**   | Docker registry of docker image to sconify                                                               | No           | docker.io                        |
-| **docker-username**   | Docker registry username                                                                                 | Yes          | -                                |
-| **image-name**        | Name of docker image to sconify                                                                          | Yes          | -                                |
-| **image-tag**         | Tag of docker image to sconify                                                                           | Yes          | -                                |
-| **scontain-username** | Scontain registry username                                                                               | Yes          | -                                |
-| **sconify-version**   | Version of the sconify image to use                                                                      | Yes          | -                                |
-| **binary**            | [SCONE] Path of the binary to use                                                                        | Yes          | -                                |
-| **command**           | [SCONE] Command to execute                                                                               | No           | ENTRYPOINT + CMD of native image |
-| **binary-fs**         | [SCONE] Embed the file system into the binary via Scone binary file system                               | No           | false                            |
-| **fs-dir**            | [SCONE] Path of directories to add to the binary file system (use multiline to add multiple directories) | No           | -                                |
-| **fs-file**           | [SCONE] Path of files to add to the binary file system (use multiline to add multiple files)             | No           | -                                |
-| **host-path**         | [SCONE] Host path, served directly from the host file system (use multiline to add multiple path)        | No           | -                                |
-| **heap**              | [SCONE] Enclave heap size                                                                                | No           | 1G                               |
-| **dlopen**            | [SCONE] Scone dlopen mode (0:disable; 1:enable)                                                          | No           | 0                                |
-| **mprotect**          | [SCONE] Scone mprotect mode (0:disable; 1:enable)                                                        | No           | 0                                |
+| **Input**           | **Description**                                                                                          | **Required** | **Default**                      |
+| ------------------- | -------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------- |
+| **docker-registry** | Docker registry of docker image to sconify                                                               | No           | docker.io                        |
+| **docker-username** | Docker registry username                                                                                 | Yes          | -                                |
+| **image-name**      | Name of docker image to sconify                                                                          | Yes          | -                                |
+| **image-tag**       | Tag of docker image to sconify                                                                           | Yes          | -                                |
+| **sconify-version** | Version of the sconify image to use                                                                      | Yes          | -                                |
+| **binary**          | [SCONE] Path of the binary to use                                                                        | Yes          | -                                |
+| **command**         | [SCONE] Command to execute                                                                               | No           | ENTRYPOINT + CMD of native image |
+| **binary-fs**       | [SCONE] Embed the file system into the binary via Scone binary file system                               | No           | false                            |
+| **fs-dir**          | [SCONE] Path of directories to add to the binary file system (use multiline to add multiple directories) | No           | -                                |
+| **fs-file**         | [SCONE] Path of files to add to the binary file system (use multiline to add multiple files)             | No           | -                                |
+| **host-path**       | [SCONE] Host path, served directly from the host file system (use multiline to add multiple path)        | No           | -                                |
+| **heap**            | [SCONE] Enclave heap size                                                                                | No           | 1G                               |
+| **dlopen**          | [SCONE] Scone dlopen mode (0:disable; 1:enable)                                                          | No           | 0                                |
+| **mprotect**        | [SCONE] Scone mprotect mode (0:disable; 1:enable)                                                        | No           | 0                                |
 
 | **sconify-debug** | Create Scone debug image | No | true |
 | **sconify-prod** | Create Scone production image | No | true |
@@ -50,7 +49,9 @@ The workflow performs the following actions:
 
 | **Secret**            | **Description**                                 | **Required**                            |
 | --------------------- | ----------------------------------------------- | --------------------------------------- |
+| **docker-username**   | Docker registry username                        | yes                                     |
 | **docker-password**   | Docker Registry Password or Token               | Yes                                     |
+| **scontain-username** | Scontain registry username                      | Yes                                     |
 | **scontain-password** | Scontain Registry Password or Token             | Yes                                     |
 | **scone-signing-key** | Signing Key for Scone Production (PEM RSA-3072) | Yes unless `inputs.sconify-prod: false` |
 
@@ -113,9 +114,9 @@ jobs:
       heap: 1G
       dlopen: 1
       mprotect: 1
-      docker-username: ${{ vars.DOCKER_USERNAME }}
-      scontain-username: ${{ vars.SCONTAIN_USERNAME }}
     secrets:
+      docker-username: ${{ secrets.DOCKER_USERNAME }}
+      scontain-username: ${{ secrets.SCONTAIN_USERNAME }}
       docker-password: ${{ secrets.DOCKER_TOKEN }}
       scontain-password: ${{ secrets.SCONTAIN_TOKEN }}
       scone-signing-key: ${{ secrets.SCONE_SIGNING_KEY }}