When using this action, the following warning is displayed and it states that secrets are visible inside the container in plaintext in /github/home/.docker/config.json. I am aware that action containers are ephemeral, but isn't this file accessible to subsequent executed actions?
15 Logging in to registry 16 WARNING! Using --password via the CLI is insecure. Use --password-stdin. 17 WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json. 18 Configure a credential helper to remove this warning. See 19 https://docs.docker.com/engine/reference/commandline/login/#credentials-store
When using this action, the following warning is displayed and it states that secrets are visible inside the container in plaintext in
/github/home/.docker/config.json. I am aware that action containers are ephemeral, but isn't this file accessible to subsequent executed actions?15 Logging in to registry 16 WARNING! Using --password via the CLI is insecure. Use --password-stdin. 17 WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json. 18 Configure a credential helper to remove this warning. See 19 https://docs.docker.com/engine/reference/commandline/login/#credentials-store