From 5c14dfc561fd9f1d737a51bd439d6e1075066ba0 Mon Sep 17 00:00:00 2001
From: Simon Templer <simon@wetransform.to>
Date: Tue, 25 Jun 2024 17:01:17 +0200
Subject: [PATCH] feat(scan-images): support logging in to secondary registry

ING-4250
---
 .github/workflows/scan-images.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index a8d673d..8c6b6b6 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -30,6 +30,11 @@ on:
         description: If the merged SBOM should be scanned to create an aggregated HTML report (prone to failure as trivy does not accept many merged SBOMs)
         type: boolean
         default: false
+      secondaryRegistry:
+        description: 'Optional secondary registry to login to'
+        type: string
+        required: false
+        default: ''
     secrets:
       # GH_PAT:
       #   required: true
@@ -38,6 +43,11 @@ on:
       DOCKER_HUB_PASSWORD:
         required: true
       DOCKER_HUB_EMAIL:
+        required: false
+      SECONDARY_REGISTRY_PASSWORD:
+        required: false
+      SECONDARY_REGISTRY_USERNAME:
+        required: false
 
 jobs:
   scan:
@@ -56,6 +66,14 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_PASSWORD }}
 
+      - name: Login to secondary registry
+        if: inputs.secondaryRegistry != ''
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        with:
+          registry: ${{ inputs.secondaryRegistry }}
+          username: ${{ secrets.SECONDARY_REGISTRY_USERNAME }}
+          password: ${{ secrets.SECONDARY_REGISTRY_PASSWORD }}
+
       - name: Pull image
         if: ${{ inputs.pull }}
         shell: bash