Skip to content

Add scope input to set scopes for the authentication token#912

Merged
crazy-max merged 3 commits intomasterfrom
scope
Jan 27, 2026
Merged

Add scope input to set scopes for the authentication token#912
crazy-max merged 3 commits intomasterfrom
scope

Conversation

@crazy-max
Copy link
Member

@crazy-max crazy-max commented Jan 6, 2026
edited
Loading

follow-up docker/buildx#3562

Adds scope input to create alternative Docker config on login that will be used by Buildx.

Example to scope auth token to specific repo:

  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
          scope: docker/buildx-bin

Docker config files on GitHub Runner:

## /home/runner/.docker/buildx/config/registry-1.docker.io/docker/buildx-bin/config.json
{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "REDACTED"
    }
  }
}

## /home/runner/.docker/config.json
{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "REDACTED"
    }
  }
}

/home/runner/.docker/config.json is the default one available on the runner.

Other example with scope auth token to specific repo and only push:

  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
          scope: docker/buildx-bin@push

Docker config files on GitHub Runner:

## /home/runner/.docker/buildx/config/registry-1.docker.io/docker/buildx-bin@push/config.json
{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "REDACTED"
    }
  }
}

## /home/runner/.docker/config.json
{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "REDACTED"
    }
  }
}

@crazy-max crazy-max force-pushed the scope branch 12 times, most recently from cff0443 to e80a2ed Compare January 7, 2026 09:46
@crazy-max crazy-max requested a review from tonistiigi January 7, 2026 09:48
@crazy-max crazy-max force-pushed the scope branch 2 times, most recently from 117d48e to f95fe26 Compare January 7, 2026 12:25
@crazy-max crazy-max marked this pull request as ready for review January 7, 2026 12:26
@crazy-max crazy-max force-pushed the scope branch 2 times, most recently from 1586934 to e5665a8 Compare January 7, 2026 14:50
@crazy-max crazy-max mentioned this pull request Jan 8, 2026
Merged
@crazy-max crazy-max mentioned this pull request Jan 8, 2026
Closed
27 tasks
@crazy-max
Add scope input to set scopes for the authentication token
7567f92 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max
documentation for scope input
a603229 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max
chore: update generated content
b268aa5 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max crazy-max merged commit 8339c95 into master Jan 27, 2026
8 checks passed
@crazy-max crazy-max deleted the scope branch January 27, 2026 16:49
@ldoktor ldoktor mentioned this pull request Feb 2, 2026
Open
mergify bot added a commit to ArcadeData/arcadedb that referenced this pull request Feb 2, 2026
@mergify
chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 [skip ci]
ed1f98f 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.6.0 to 3.7.0.
Release notes

*Sourced from [docker/login-action's releases](https://github.com/docker/login-action/releases).*

> v3.7.0
> ------
>
> * Add `scope` input to set scopes for the authentication token by [`@​crazy-max`](https://github.com/crazy-max) in [docker/login-action#912](https://redirect.github.com/docker/login-action/pull/912)
> * Add support for AWS European Sovereign Cloud ECR by [`@​dphi`](https://github.com/dphi) in [docker/login-action#914](https://redirect.github.com/docker/login-action/pull/914)
> * Ensure passwords are redacted with `registry-auth` input by [`@​crazy-max`](https://github.com/crazy-max) in [docker/login-action#911](https://redirect.github.com/docker/login-action/pull/911)
> * build(deps): bump lodash from 4.17.21 to 4.17.23 in [docker/login-action#915](https://redirect.github.com/docker/login-action/pull/915)
>
> **Full Changelog**: <docker/login-action@v3.6.0...v3.7.0>


Commits

* [`c94ce9f`](docker/login-action@c94ce9f) Merge pull request [#915](https://redirect.github.com/docker/login-action/issues/915) from docker/dependabot/npm\_and\_yarn/lodash-4.17.23
* [`8339c95`](docker/login-action@8339c95) Merge pull request [#912](https://redirect.github.com/docker/login-action/issues/912) from docker/scope
* [`c83e932`](docker/login-action@c83e932) build(deps): bump lodash from 4.17.21 to 4.17.23
* [`b268aa5`](docker/login-action@b268aa5) chore: update generated content
* [`a603229`](docker/login-action@a603229) documentation for scope input
* [`7567f92`](docker/login-action@7567f92) Add scope input to set scopes for the authentication token
* [`0567fa5`](docker/login-action@0567fa5) Merge pull request [#914](https://redirect.github.com/docker/login-action/issues/914) from dphi/add-support-for-amazonaws.eu
* [`f6ef577`](docker/login-action@f6ef577) feat: add support for AWS European Sovereign Cloud ECR registries
* [`916386b`](docker/login-action@916386b) Merge pull request [#911](https://redirect.github.com/docker/login-action/issues/911) from crazy-max/ensure-redact
* [`5b3f94a`](docker/login-action@5b3f94a) chore: update generated content
* Additional commits viewable in [compare view](docker/login-action@5e57cd1...c94ce9f)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=docker/login-action&package-manager=github\_actions&previous-version=3.6.0&new-version=3.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

Assignees

@crazy-max crazy-max

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@crazy-max @tonistiigi