From 8df61f6ed7fd8379d07fd2fbcf36b722429de526 Mon Sep 17 00:00:00 2001
From: scito <info@scito.ch>
Date: Tue, 7 Feb 2023 10:51:07 +0100
Subject: [PATCH] ci: no docker login for dependabot

---
 .github/workflows/ci_docker.yml  | 12 +++++++++---
 .github/workflows/ci_release.yml |  2 ++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci_docker.yml b/.github/workflows/ci_docker.yml
index cd00d75..94b26e2 100644
--- a/.github/workflows/ci_docker.yml
+++ b/.github/workflows/ci_docker.yml
@@ -58,12 +58,14 @@ jobs:
 
       - name: Login to DockerHub
         uses: docker/login-action@v2
+        if: github.secret_source == 'Actions'
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to Github Packages
         uses: docker/login-action@v2
+        if: github.secret_source == 'Actions'
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -87,7 +89,7 @@ jobs:
             ghcr.io/scito/extract_otp_secrets:latest
             ghcr.io/scito/extract_otp_secrets:bullseye
           # build on feature branches, push only on master branch
-          push: ${{ github.ref == 'refs/heads/master' }}
+          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
 
       - name: Image digest
         # TODO upload digests to assets
@@ -130,12 +132,14 @@ jobs:
 
       - name: Login to DockerHub
         uses: docker/login-action@v2
+        if: github.secret_source == 'Actions'
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to Github Packages
         uses: docker/login-action@v2
+        if: github.secret_source == 'Actions'
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -158,7 +162,7 @@ jobs:
             ghcr.io/scito/extract_otp_secrets:only-txt
             ghcr.io/scito/extract_otp_secrets:alpine
           # build on feature branches, push only on master branch
-          push: ${{ github.ref == 'refs/heads/master' }}
+          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
           build-args: |
             RUN_TESTS=true
 
@@ -209,12 +213,14 @@ jobs:
 
       - name: Login to DockerHub
         uses: docker/login-action@v2
+        if: github.secret_source == 'Actions'
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to Github Packages
         uses: docker/login-action@v2
+        if: github.secret_source == 'Actions'
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -237,7 +243,7 @@ jobs:
           pull: true
           tags: |
             scit0/extract_otp_secrets:buster
-          push: true
+          push: ${{ github.secret_source == 'Actions' }}
 
       - name: Image digest
         # TODO upload digests to assets
diff --git a/.github/workflows/ci_release.yml b/.github/workflows/ci_release.yml
index 9482f80..640e275 100644
--- a/.github/workflows/ci_release.yml
+++ b/.github/workflows/ci_release.yml
@@ -137,12 +137,14 @@ jobs:
 
       - name: Login to DockerHub
         uses: docker/login-action@v2
+        if: github.secret_source == 'Actions'
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to Github Packages
         uses: docker/login-action@v2
+        if: github.secret_source == 'Actions'
         with:
           registry: ghcr.io
           username: ${{ github.actor }}