From 2f0e52d6ebad4c4f825e88142de2c62660053456 Mon Sep 17 00:00:00 2001 From: Ivan Gabaldon Date: Sun, 23 Nov 2025 13:11:05 +0100 Subject: [PATCH] [upd] ci: docker secret maintenance I've narrowed the permissions and rotated the token for the deploy account on DockerHub registry. I replaced the secret ref in GitHub so that it's available organization wide. No further actions are necessary. --- .github/workflows/container.yml | 4 ++-- .github/workflows/security.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 4af3a9f70..827f389e1 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -194,8 +194,8 @@ jobs: uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: "docker.io" - username: "${{ secrets.DOCKERHUB_USERNAME }}" - password: "${{ secrets.DOCKERHUB_TOKEN }}" + username: "${{ secrets.DOCKER_USER }}" + password: "${{ secrets.DOCKER_TOKEN }}" - name: Release env: diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index b121abd29..ee44a363b 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -32,8 +32,8 @@ jobs: uses: docker/scout-action@f8c776824083494ab0d56b8105ba2ca85c86e4de # v1.18.2 with: organization: "searxng" - dockerhub-user: "${{ secrets.DOCKERHUB_USERNAME }}" - dockerhub-password: "${{ secrets.DOCKERHUB_TOKEN }}" + dockerhub-user: "${{ secrets.DOCKER_USER }}" + dockerhub-password: "${{ secrets.DOCKER_TOKEN }}" image: "registry://ghcr.io/searxng/searxng:latest" command: "cves" sarif-file: "./scout.sarif"