Skip to content

Add scope input to set scopes for the authentication token #912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
crazy-max wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add scope input to set scopes for the authentication token #912

crazy-max wants to merge 3 commits into from

Conversation

@crazy-max
Copy link
Member

@crazy-max crazy-max commented Jan 6, 2026
edited
Loading

follow-up docker/buildx#3562

Adds scope input to create alternative Docker config on login that will be used by Buildx.

Example to scope auth token to specific repo:

  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
          scope: docker/buildx-bin

Docker config files on GitHub Runner:

## /home/runner/.docker/buildx/config/registry-1.docker.io/docker/buildx-bin/config.json
{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "REDACTED"
    }
  }
}

## /home/runner/.docker/config.json
{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "REDACTED"
    }
  }
}

/home/runner/.docker/config.json is the default one available on the runner.

Other example with scope auth token to specific repo and only push:

  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
          scope: docker/buildx-bin@push

Docker config files on GitHub Runner:

## /home/runner/.docker/buildx/config/registry-1.docker.io/docker/buildx-bin@push/config.json
{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "REDACTED"
    }
  }
}

## /home/runner/.docker/config.json
{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "REDACTED"
    }
  }
}

@crazy-max crazy-max force-pushed the scope branch 12 times, most recently from cff0443 to e80a2ed Compare January 7, 2026 09:46
@crazy-max crazy-max requested a review from tonistiigi January 7, 2026 09:48
@crazy-max crazy-max force-pushed the scope branch 2 times, most recently from 117d48e to f95fe26 Compare January 7, 2026 12:25
@crazy-max crazy-max marked this pull request as ready for review January 7, 2026 12:26
@crazy-max crazy-max force-pushed the scope branch 2 times, most recently from 1586934 to e5665a8 Compare January 7, 2026 14:50
@crazy-max crazy-max mentioned this pull request Jan 8, 2026
Draft
@crazy-max crazy-max mentioned this pull request Jan 8, 2026
Open
28 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi Awaiting requested review from tonistiigi

At least 1 approving review is required to merge this pull request.

Assignees

@crazy-max crazy-max

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@crazy-max