ci/release: Fix secret handling for Dockerhub publishing (#35967)

Signed-off-by: Ryan Northey <[email protected]>
envoyproxy · Sep 4, 2024 · 788f266 · 788f266
1 parent dbcee3e
commit 788f266
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/.github/workflows/_publish_build.yml b/.github/workflows/_publish_build.yml
@@ -117,6 +117,9 @@ jobs:
     permissions:
       contents: read
       packages: read
+    secrets:
+      dockerhub-username: ${{ secrets.dockerhub-username }}
+      dockerhub-password: ${{ secrets.dockerhub-password }}
     name: ${{ matrix.name || matrix.target }}
     needs:
     - binary
@@ -132,8 +135,6 @@ jobs:
       source: |
         export NO_BUILD_SETUP=1
         export ENVOY_DOCKER_IN_DOCKER=1
-        export DOCKERHUB_USERNAME=${{ secrets.dockerhub-username }}
-        export DOCKERHUB_PASSWORD=${{ secrets.dockerhub-password }}
       trusted: ${{ inputs.trusted }}
       upload-name: docker
       upload-path: build_images

diff --git a/.github/workflows/_run.yml b/.github/workflows/_run.yml
@@ -8,6 +8,8 @@ on:
     secrets:
       app-id:
       app-key:
+      dockerhub-username:
+      dockerhub-password:
       gpg-key:
       gpg-key-password:
       rbe-key:
@@ -279,6 +281,8 @@ jobs:
         working-directory: ${{ inputs.working-directory }}
       env:
         GITHUB_TOKEN: ${{ inputs.trusted && steps.appauth.outputs.token || github.token }}
+        DOCKERHUB_USERNAME: ${{ secrets.dockerhub-username }}
+        DOCKERHUB_PASSWORD: ${{ secrets.dockerhub-password }}
         ENVOY_DOCKER_BUILD_DIR: ${{ runner.temp }}
         ENVOY_RBE: ${{ inputs.rbe == true && 1 || '' }}
         RBE_KEY: ${{ secrets.rbe-key }}