Merge pull request #894 from docker/dependabot/github_actions/github/codeql-action-4

build(deps): bump github/codeql-action from 3 to 4
2025-10-17 11:22:27 +02:00 · 2025-10-08 05:01:54 +00:00 · 2025-09-29 12:29:19 +02:00 · 2025-09-29 12:27:12 +02:00 · 2025-09-17 05:04:22 +00:00 · 2025-09-13 14:06:31 +02:00
51 changed files with 25521 additions and 8773 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,12 @@
 /coverage
 # Dependency directories
 node_modules/
 jspm_packages/
 # yarn v2
 .yarn/cache
 .yarn/unplugged
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
--- a/.eslintignore
+++ b/.eslintignore
@ -0,0 +1,3 @@
 /dist/**
 /coverage/**
 /node_modules/**
--- a/.eslintrc.json
+++ b/.eslintrc.json
@ -0,0 +1,24 @@
 {
  "env": {
    "node": true,
    "es6": true,
    "jest": true
  },
  "extends": [
    "eslint:recommended",
    "plugin:@typescript-eslint/eslint-recommended",
    "plugin:@typescript-eslint/recommended",
    "plugin:jest/recommended",
    "plugin:prettier/recommended"
  ],
  "parser": "@typescript-eslint/parser",
  "parserOptions": {
    "ecmaVersion": "latest",
    "sourceType": "module"
  },
  "plugins": [
    "@typescript-eslint",
    "jest",
    "prettier"
  ]
 }
--- a/.gitattributes
+++ b/.gitattributes
@ -1,2 +1,4 @@
 /.yarn/releases/** binary
 /.yarn/plugins/** binary
 /dist/** linguist-generated=true
 /lib/** linguist-generated=true
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1 +0,0 @@
 *	@crazy-max
--- a/.github/CODE_OF_CONDUCT.md
+++ b/.github/CODE_OF_CONDUCT.md
@ -0,0 +1,3 @@
 # Code of conduct
 - [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@ -2,20 +2,24 @@
 Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
-Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE).
+Contributions to this project are [released](https://docs.github.com/en/github/site-policy/github-terms-of-service#6-contributions-under-repository-license)
 to the public under the [project's open source license](LICENSE).
 ## Submitting a pull request
 1. [Fork](https://github.com/docker/login-action/fork) and clone the repository
 2. Configure and install the dependencies: `yarn install`
-4. Create a new branch: `git checkout -b my-branch-name`
+3. Create a new branch: `git checkout -b my-branch-name`
-5. Make your change
+4. Make your changes
-6. Run pre-checkin: `yarn run pre-checkin`
+5. Make sure the tests pass: `docker buildx bake test`
-7. Push to your fork and [submit a pull request](https://github.com/docker/login-action/compare)
+6. Format code and build javascript artifacts: `docker buildx bake pre-checkin`
-8. Pat your self on the back and wait for your pull request to be reviewed and merged.
+7. Validate all code has correctly formatted and built: `docker buildx bake validate`
 8. Push to your fork and [submit a pull request](https://github.com/docker/login-action/compare)
 9. Pat your self on the back and wait for your pull request to be reviewed and merged.
 Here are a few things you can do that will increase the likelihood of your pull request being accepted:
 - Write tests.
 - Make sure the `README.md` and any other relevant **documentation are kept up-to-date**.
 - We try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option.
 - Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as **separate pull requests**.
@ -24,5 +28,5 @@ Here are a few things you can do that will increase the likelihood of your pull
 ## Resources
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
- [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
+- [Using Pull Requests](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests)
- [GitHub Help](https://help.github.com)
+- [GitHub Help](https://docs.github.com/en)
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@ -0,0 +1,101 @@
 # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
 name: Bug Report
 description: Report a bug
 labels:
  - status/triage
 body:
  - type: markdown
    attributes:
      value: |
        Thank you for taking the time to report a bug!
        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
  - type: checkboxes
    attributes:
      label: Contributing guidelines
      description: >
        Make sure you've read the contributing guidelines before proceeding.
      options:
        - label: I've read the [contributing guidelines](https://github.com/docker/login-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
          required: true
  - type: checkboxes
    attributes:
      label: "I've found a bug, and:"
      description: |
        Make sure that your request fulfills all of the following requirements.
        If one requirement cannot be satisfied, explain in detail why.
      options:
        - label: The documentation does not mention anything about my problem
        - label: There are no open or closed issues that are related to my problem
  - type: textarea
    attributes:
      label: Description
      description: >
        Provide a brief description of the bug in 1-2 sentences.
    validations:
      required: true
  - type: textarea
    attributes:
      label: Expected behaviour
      description: >
        Describe precisely what you'd expect to happen.
    validations:
      required: true
  - type: textarea
    attributes:
      label: Actual behaviour
      description: >
        Describe precisely what is actually happening.
    validations:
      required: true
  - type: input
    attributes:
      label: Repository URL
      description: >
        Enter the URL of the repository where you are experiencing the
        issue. If your repository is private, provide a link to a minimal
        repository that reproduces the issue.
  - type: input
    attributes:
      label: Workflow run URL
      description: >
        Enter the URL of the GitHub Action workflow run if public (e.g.
        `https://github.com/<user>/<repo>/actions/runs/<id>`)
  - type: textarea
    attributes:
      label: YAML workflow
      description: |
        Provide the YAML of the workflow that's causing the issue.
        Make sure to remove any sensitive information.
      render: yaml
    validations:
      required: true
  - type: textarea
    attributes:
      label: Workflow logs
      description: >
        [Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
        the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
        and make sure to remove any sensitive information.
  - type: textarea
    attributes:
      label: BuildKit logs
      description: >
        If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
      render: text
  - type: textarea
    attributes:
      label: Additional info
      description: |
        Provide any additional information that could be useful.
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -1,33 +0,0 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 ---
 ### Behaviour
 #### Steps to reproduce this issue
 1.
 2.
 3.
 #### Expected behaviour
 > Tell us what should happen
 #### Actual behaviour
 > Tell us what happens instead
 ### Configuration
 * Repository URL (if public): 
 * Build URL (if public): 
 ```yml
 # paste your YAML workflow file here and remove sensitive data
 ```
 ### Logs
 > Download the [log file of your build](https://help.github.com/en/actions/configuring-and-managing-workflows/managing-a-workflow-run#downloading-logs) and [attach it](https://help.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1,9 @@
 # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
 blank_issues_enabled: true
 contact_links:
  - name: Questions and Discussions
    url: https://github.com/docker/login-action/discussions/new
    about: Use Github Discussions to ask questions and/or open discussion topics.
  - name: Documentation
    url: https://docs.docker.com/build/ci/github-actions/
    about: Read the documentation.
--- a/.github/ISSUE_TEMPLATE/feature.yml
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@ -0,0 +1,15 @@
 # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
 name: Feature request
 description: Missing functionality? Come tell us about it!
 labels:
  - kind/enhancement
  - status/triage
 body:
  - type: textarea
    id: description
    attributes:
      label: Description
      description: What is the feature you want to see?
    validations:
      required: true
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -0,0 +1,12 @@
 # Reporting security issues
 The project maintainers take security seriously. If you discover a security
 issue, please bring it to their attention right away!
 **Please _DO NOT_ file a public issue**, instead send your report privately to
 [security@docker.com](mailto:security@docker.com).
 Security reports are greatly appreciated, and we will publicly thank you for it.
 We also like to send gifts&mdash;if you'd like Docker swag, make sure to let
 us know. We currently do not offer a paid security bounty program, but are not
 ruling it out in the future.
--- a/.github/SUPPORT.md
+++ b/.github/SUPPORT.md
@ -1,29 +0,0 @@
 # Support [![](https://isitmaintained.com/badge/resolution/docker/login-action.svg)](https://isitmaintained.com/project/docker/login-action)
 ## Reporting an issue
 Please do a search in [open issues](https://github.com/docker/login-action/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed.
 If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment.
 :+1: - upvote
 :-1: - downvote
 If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
 ## Writing good bug reports and feature requests
 File a single issue per problem and feature request.
 * Do not enumerate multiple bugs or feature requests in the same issue.
 * Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
 The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
 You are now ready to [create a new issue](https://github.com/docker/login-action/issues/new/choose)!
 ## Closure policy
 * Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
 * Issues that go a week without a response from original poster are subject to closure at our discretion.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -4,19 +4,23 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
      time: "06:00"
      timezone: "Europe/Paris"
    labels:
-      - ":game_die: dependencies"
+      - "dependencies"
-      - ":robot: bot"
+      - "bot"
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
-      time: "06:00"
+    versioning-strategy: "increase"
-      timezone: "Europe/Paris"
+    groups:
      aws-sdk-dependencies:
        patterns:
          - "*aws-sdk*"
      proxy-agent-dependencies:
        patterns:
          - "*-proxy-agent"
    allow:
      - dependency-type: "production"
    labels:
-      - ":game_die: dependencies"
+      - "dependencies"
-      - ":robot: bot"
+      - "bot"
--- a/.github/docker-login.png
+++ b/.github/docker-login.png
--- a/.github/labels.yml
+++ b/.github/labels.yml
@ -1,77 +0,0 @@
 ## more info https://github.com/crazy-max/ghaction-github-labeler
 - # automerge
  name: ":bell: automerge"
  color: "8f4fbc"
  description: ""
 - # bot
  name: ":robot: bot"
  color: "69cde9"
  description: ""
 - # bug
  name: ":bug: bug"
  color: "b60205"
  description: ""
 - # dependencies
  name: ":game_die: dependencies"
  color: "0366d6"
  description: ""
 - # documentation
  name: ":memo: documentation"
  color: "c5def5"
  description: ""
 - # duplicate
  name: ":busts_in_silhouette: duplicate"
  color: "cccccc"
  description: ""
 - # enhancement
  name: ":sparkles: enhancement"
  color: "0054ca"
  description: ""
 - # feature request
  name: ":bulb: feature request"
  color: "0e8a16"
  description: ""
 - # feedback
  name: ":mega: feedback"
  color: "03a9f4"
  description: ""
 - # future maybe
  name: ":rocket: future maybe"
  color: "fef2c0"
  description: ""
 - # good first issue
  name: ":hatching_chick: good first issue"
  color: "7057ff"
  description: ""
 - # help wanted
  name: ":pray: help wanted"
  color: "4caf50"
  description: ""
 - # hold
  name: ":hand: hold"
  color: "24292f"
  description: ""
 - # invalid
  name: ":no_entry_sign: invalid"
  color: "e6e6e6"
  description: ""
 - # maybe bug
  name: ":interrobang: maybe bug"
  color: "ff5722"
  description: ""
 - # needs more info
  name: ":thinking: needs more info"
  color: "795548"
  description: ""
 - # question
  name: ":question: question"
  color: "3f51b5"
  description: ""
 - # upstream
  name: ":eyes: upstream"
  color: "fbca04"
  description: ""
 - # wontfix
  name: ":coffin: wontfix"
  color: "ffffff"
  description: ""
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,150 +1,358 @@
 name: ci
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  workflow_dispatch:
  schedule:
    - cron: '0 10 * * *'
  push:
    branches:
-      - master
+      - 'master'
-      - releases/v*
+      - 'releases/v*'
 jobs:
-#  dockerhub:
+  stop-docker:
-#    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
-#    strategy:
+    steps:
-#      fail-fast: false
+      -
-#      matrix:
+        name: Checkout
-#        os:
+        uses: actions/checkout@v5
-#          - ubuntu-20.04
+      -
-#          - ubuntu-18.04
+        name: Stop docker
-#          - ubuntu-16.04
+        run: |
-#        logout:
+          sudo systemctl stop docker
-#          - true
+      -
-#          - false
+        name: Login to GitHub Container Registry
-#    steps:
+        uses: ./
-#      -
+        with:
-#        name: Checkout
+          registry: ghcr.io
-#        uses: actions/checkout@v2.3.2
+          username: ${{ github.actor }}
-#      -
+          password: ${{ secrets.GITHUB_TOKEN }}
 #        name: Login to DockerHub
 #        uses: ./
 #        with:
 #          username: ${{ secrets.DOCKERHUB_USERNAME_TEST }}
 #          password: ${{ secrets.DOCKERHUB_PASSWORD_TEST }}
 #          logout: ${{ matrix.logout }}
 #      -
 #        name: Clear
 #        if: always()
 #        run: |
 #          rm -f ${HOME}/.docker/config.json
-  gpr:
+  logout:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        logout:
          - true
          - false
          - true
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2.3.2
+        uses: actions/checkout@v5
      -
-        name: Login to GitHub Package Registry
+        name: Login to GitHub Container Registry
        uses: ./
        with:
-          registry: docker.pkg.github.com
+          registry: ghcr.io
-          username: ${{ github.repository_owner }}
+          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
          logout: ${{ matrix.logout }}
      -
        name: Clear
        if: always()
        run: |
          rm -f ${HOME}/.docker/config.json
-#  gitlab:
+  dind:
-#    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest
-#    strategy:
+    env:
-#      fail-fast: false
+      DOCKER_CONFIG: $HOME/.docker
-#      matrix:
+    steps:
-#        logout:
+      -
-#          - true
+        name: Checkout
-#          - false
+        uses: actions/checkout@v5
-#    steps:
+      -
-#      -
+        name: Login to GitHub Container Registry
-#        name: Checkout
+        uses: ./
-#        uses: actions/checkout@v2.3.2
+        with:
-#      -
+          registry: ghcr.io
-#        name: Login to GitLab
+          username: ${{ secrets.GHCR_USERNAME }}
-#        uses: ./
+          password: ${{ secrets.GHCR_PAT }}
-#        with:
+      -
-#          registry: registry.gitlab.com
+        name: DinD
-#          username: ${{ secrets.GITLAB_USERNAME_TEST }}
+        uses: docker://docker
-#          password: ${{ secrets.GITLAB_PASSWORD_TEST }}
+        with:
-#          logout: ${{ matrix.logout }}
+          entrypoint: docker
-#      -
+          args: pull ghcr.io/docker-ghactiontest/test
-#        name: Clear
+      -
-#        if: always()
+        name: Pull private image
-#        run: |
+        run: |
-#          rm -f ${HOME}/.docker/config.json
+          docker image prune -a -f >/dev/null 2>&1
-#
+          docker pull ghcr.io/docker-ghactiontest/test
-#  ecr:
+
-#    runs-on: ${{ matrix.os }}
+  acr:
-#    strategy:
+    runs-on: ubuntu-latest
-#      fail-fast: false
+    steps:
-#      matrix:
+      -
-#        os:
+        name: Checkout
-#          - ubuntu-20.04
+        uses: actions/checkout@v5
-#          - ubuntu-18.04
+      -
-#          - ubuntu-16.04
+        name: Login to ACR
-#        logout:
+        uses: ./
-#          - true
+        with:
-#          - false
+          registry: ${{ secrets.AZURE_REGISTRY_NAME }}.azurecr.io
-#    steps:
+          username: ${{ secrets.AZURE_CLIENT_ID }}
-#      -
+          password: ${{ secrets.AZURE_CLIENT_SECRET }}
-#        name: Checkout
+
-#        uses: actions/checkout@v2.3.1
+  dockerhub:
-#      -
+    runs-on: ${{ matrix.os }}
-#        name: Login to ECR
+    strategy:
-#        uses: ./
+      fail-fast: false
-#        with:
+      matrix:
-#          registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
+        os:
-#          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          - ubuntu-latest
-#          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          - windows-latest
-#          logout: ${{ matrix.logout }}
+    steps:
-#      -
+      -
-#        name: Clear
+        name: Checkout
-#        if: always()
+        uses: actions/checkout@v5
-#        run: |
+      -
-#          rm -f ${HOME}/.docker/config.json
+        name: Login to Docker Hub
-#
+        uses: ./
-#  ecr-aws-creds:
+        with:
-#    runs-on: ${{ matrix.os }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
-#    strategy:
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
-#      fail-fast: false
+
-#      matrix:
+  ecr:
-#        os:
+    runs-on: ${{ matrix.os }}
-#          - ubuntu-20.04
+    strategy:
-#          - ubuntu-18.04
+      fail-fast: false
-#          - ubuntu-16.04
+      matrix:
-#    steps:
+        os:
-#      -
+          - ubuntu-latest
-#        name: Checkout
+          - windows-latest
-#        uses: actions/checkout@v2.3.1
+    steps:
-#      -
+      -
-#        name: Configure AWS Credentials
+        name: Checkout
-#        uses: aws-actions/configure-aws-credentials@v1
+        uses: actions/checkout@v5
-#        with:
+      -
-#          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        name: Login to ECR
-#          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        uses: ./
-#          aws-region: ${{ secrets.AWS_REGION }}
+        with:
-#      -
+          registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.us-east-1.amazonaws.com
-#        name: Login to ECR
+          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
-#        uses: ./
+          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-#        with:
+
-#          registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
+  ecr-aws-creds:
-#      -
+    runs-on: ${{ matrix.os }}
-#        name: Clear
+    strategy:
-#        if: always()
+      fail-fast: false
-#        run: |
+      matrix:
-#          rm -f ${HOME}/.docker/config.json
+        os:
          - ubuntu-latest
          - windows-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v5
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      -
        name: Login to ECR
        uses: ./
        with:
          registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.us-east-1.amazonaws.com
  ecr-public:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - windows-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Login to Public ECR
        continue-on-error: ${{ matrix.os == 'windows-latest' }}
        uses: ./
        with:
          registry: public.ecr.aws
          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        env:
          AWS_REGION: us-east-1
  ecr-public-aws-creds:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - windows-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v5
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      -
        name: Login to Public ECR
        continue-on-error: ${{ matrix.os == 'windows-latest' }}
        uses: ./
        with:
          registry: public.ecr.aws
  github-container:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - windows-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Login to GitHub Container Registry
        uses: ./
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
  gitlab:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - windows-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Login to GitLab
        uses: ./
        with:
          registry: registry.gitlab.com
          username: ${{ secrets.GITLAB_USERNAME }}
          password: ${{ secrets.GITLAB_TOKEN }}
  google-artifact:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - windows-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Login to Google Artifact Registry
        uses: ./
        with:
          registry: ${{ secrets.GAR_LOCATION }}-docker.pkg.dev
          username: _json_key
          password: ${{ secrets.GAR_JSON_KEY }}
  google-container:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - windows-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Login to Google Container Registry
        uses: ./
        with:
          registry: gcr.io
          username: _json_key
          password: ${{ secrets.GCR_JSON_KEY }}
  registry-auth:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Login to registries
        uses: ./
        with:
          registry-auth: |
            - username: ${{ secrets.DOCKERHUB_USERNAME }}
              password: ${{ secrets.DOCKERHUB_TOKEN }}
            - registry: ghcr.io
              username: ${{ github.actor }}
              password: ${{ secrets.GITHUB_TOKEN }}
            - registry: public.ecr.aws
              username: ${{ secrets.AWS_ACCESS_KEY_ID }}
              password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
            - registry: registry.gitlab.com
              username: ${{ secrets.GITLAB_USERNAME }}
              password: ${{ secrets.GITLAB_TOKEN }}
  registry-auth-dup:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Login to registries
        uses: ./
        with:
          registry-auth: |
            - registry: ghcr.io
              username: ${{ github.actor }}
              password: ${{ secrets.GITHUB_TOKEN }}
            - registry: public.ecr.aws
              username: ${{ secrets.AWS_ACCESS_KEY_ID }}
              password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
            - registry: ghcr.io
              username: ${{ github.actor }}
              password: ${{ secrets.GITHUB_TOKEN }}
  registry-auth-exclusive:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Login to registries
        id: login
        continue-on-error: true
        uses: ./
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
          registry-auth: |
            - username: ${{ secrets.DOCKERHUB_USERNAME }}
              password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Check
        run: |
          if [ "${{ steps.login.outcome }}" != "failure" ] || [ "${{ steps.login.conclusion }}" != "success" ]; then
            echo "::error::Should have failed"
            exit 1
          fi
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -0,0 +1,50 @@
 name: codeql
 on:
  push:
    branches:
      - 'master'
      - 'releases/v*'
    paths:
      - '.github/workflows/codeql.yml'
      - 'dist/**'
      - 'src/**'
  pull_request:
    paths:
      - '.github/workflows/codeql.yml'
      - 'dist/**'
      - 'src/**'
 permissions:
  actions: read
  contents: read
  security-events: write
 jobs:
  analyze:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        language:
          - javascript-typescript
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Initialize CodeQL
        uses: github/codeql-action/init@v4
        with:
          languages: ${{ matrix.language }}
          config: |
            paths:
              - src
      -
        name: Autobuild
        uses: github/codeql-action/autobuild@v4
      -
        name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v4
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@ -1,20 +0,0 @@
 name: labels
 on:
  push:
    branches:
      - 'master'
    paths:
      - '.github/labels.yml'
      - '.github/workflows/labels.yml'
 jobs:
  labeler:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2.3.2
      -
        name: Run Labeler
        uses: crazy-max/ghaction-github-labeler@v3.0.0
--- a/.github/workflows/pr-assign-author.yml
+++ b/.github/workflows/pr-assign-author.yml
@ -0,0 +1,17 @@
 name: pr-assign-author
 permissions:
  contents: read
 on:
  pull_request_target:
    types:
      - opened
      - reopened
 jobs:
  run:
    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -0,0 +1,21 @@
 name: publish
 on:
  release:
    types:
      - published
 jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      packages: write
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Publish
        uses: actions/publish-immutable-action@v0.0.4
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -1,40 +1,32 @@
 name: test
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  push:
    branches:
-      - master
+      - 'master'
-      - releases/v*
+      - 'releases/v*'
    paths-ignore:
      - '**.md'
  pull_request:
    paths-ignore:
      - '**.md'
 jobs:
  test:
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-20.04
          - ubuntu-18.04
          - ubuntu-16.04
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2.3.2
+        uses: actions/checkout@v5
      -
        name: Install
        run: yarn install
      -
        name: Test
-        run: yarn run test
+        uses: docker/bake-action@v6
        with:
          source: .
          targets: test
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v1.0.13
+        uses: codecov/codecov-action@v5
        if: success()
        with:
          files: ./coverage/clover.xml
          token: ${{ secrets.CODECOV_TOKEN }}
          file: ./coverage/clover.xml
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -0,0 +1,43 @@
 name: validate
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  push:
    branches:
      - 'master'
      - 'releases/v*'
  pull_request:
 jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      targets: ${{ steps.generate.outputs.targets }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: List targets
        id: generate
        uses: docker/bake-action/subaction/list-targets@v6
        with:
          target: validate
  validate:
    runs-on: ubuntu-latest
    needs:
      - prepare
    strategy:
      fail-fast: false
      matrix:
        target: ${{ fromJson(needs.prepare.outputs.targets) }}
    steps:
      -
        name: Validate
        uses: docker/bake-action@v6
        with:
          targets: ${{ matrix.target }}
--- a/.gitignore
+++ b/.gitignore
@ -1,12 +1,5 @@
-/.dev
+# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
 node_modules/
 lib
 # Jetbrains
 /.idea
 /*.iml
 # Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
@ -14,6 +7,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 .pnpm-debug.log*
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@ -24,34 +18,14 @@ pids
 *.seed
 *.pid.lock
 # Directory for instrumented libs generated by jscoverage/JSCover
 lib-cov
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov
 # nyc test coverage
 .nyc_output
 # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
 .grunt
 # Bower dependency directory (https://bower.io/)
 bower_components
 # node-waf configuration
 .lock-wscript
 # Compiled binary addons (https://nodejs.org/api/addons.html)
 build/Release
 # Dependency directories
 node_modules/
 jspm_packages/
 # TypeScript v1 declaration files
 typings/
 # TypeScript cache
 *.tsbuildinfo
@ -61,36 +35,19 @@ typings/
 # Optional eslint cache
 .eslintcache
 # Optional REPL history
 .node_repl_history
 # Output of 'npm pack'
 *.tgz
 # Yarn Integrity file
 .yarn-integrity
-# dotenv environment variables file
+# dotenv environment variable files
 .env
-.env.test
+.env.development.local
 .env.test.local
 .env.production.local
 .env.local
-# parcel-bundler cache (https://parceljs.org/)
+# yarn v2
-.cache
+.yarn/cache
-
+.yarn/unplugged
-# next.js build output
+.yarn/build-state.yml
-.next
+.yarn/install-state.gz
-
+.pnp.*
 # nuxt.js build output
 .nuxt
 # vuepress build output
 .vuepress/dist
 # Serverless directories
 .serverless/
 # FuseBox cache
 .fusebox/
 # DynamoDB Local files
 .dynamodb/
--- a/.prettierignore
+++ b/.prettierignore
@ -0,0 +1,6 @@
 # Dependency directories
 node_modules/
 jspm_packages/
 # yarn v2
 .yarn/
--- a/.prettierrc.json
+++ b/.prettierrc.json
@ -1,5 +1,5 @@
 {
-  "printWidth": 120,
+  "printWidth": 240,
  "tabWidth": 2,
  "useTabs": false,
  "semi": true,
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@ -0,0 +1,17 @@
 # https://yarnpkg.com/configuration/yarnrc
 compressionLevel: mixed
 enableGlobalCache: false
 enableHardenedMode: true
 logFilters:
  - code: YN0013
    level: discard
  - code: YN0019
    level: discard
  - code: YN0076
    level: discard
  - code: YN0086
    level: discard
 nodeLinker: node-modules
--- a/README.md
+++ b/README.md
@ -1,48 +1,48 @@
 [![GitHub release](https://img.shields.io/github/release/docker/login-action.svg?style=flat-square)](https://github.com/docker/login-action/releases/latest)
 [![GitHub marketplace](https://img.shields.io/badge/marketplace-docker--login-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/docker-login)
-[![CI workflow](https://img.shields.io/github/workflow/status/docker/login-action/test?label=ci&logo=github&style=flat-square)](https://github.com/docker/login-action/actions?workflow=ci)
+[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/login-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/login-action/actions?workflow=ci)
-[![Test workflow](https://img.shields.io/github/workflow/status/docker/login-action/test?label=test&logo=github&style=flat-square)](https://github.com/docker/login-action/actions?workflow=test)
+[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/login-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/login-action/actions?workflow=test)
 [![Codecov](https://img.shields.io/codecov/c/github/docker/login-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/login-action)
 ## About
 GitHub Action to login against a Docker registry.
 > :bulb: See also:
 > * [setup-buildx](https://github.com/docker/setup-buildx-action) action
 > * [setup-qemu](https://github.com/docker/setup-qemu-action) action
 > * [build-push](https://github.com/docker/build-push-action) action
 ![Screenshot](.github/docker-login.png)
 ___
 * [Usage](#usage)
-  * [DockerHub](#dockerhub)
+  * [Docker Hub](#docker-hub)
  * [GitHub Packages Docker Registry](#github-packages-docker-registry)
  * [GitHub Container Registry](#github-container-registry)
  * [GitLab](#gitlab)
  * [Azure Container Registry (ACR)](#azure-container-registry-acr)
  * [Google Container Registry (GCR)](#google-container-registry-gcr)
  * [Google Artifact Registry (GAR)](#google-artifact-registry-gar)
  * [AWS Elastic Container Registry (ECR)](#aws-elastic-container-registry-ecr)
  * [AWS Public Elastic Container Registry (ECR)](#aws-public-elastic-container-registry-ecr)
  * [OCI Oracle Cloud Infrastructure Registry (OCIR)](#oci-oracle-cloud-infrastructure-registry-ocir)
  * [Quay.io](#quayio)
  * [DigitalOcean](#digitalocean-container-registry)
  * [Authenticate to multiple registries](#authenticate-to-multiple-registries)
 * [Customizing](#customizing)
  * [inputs](#inputs)
-* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
+* [Contributing](#contributing)
 * [Limitation](#limitation)
 ## Usage
 ### Docker Hub
-To authenticate against [DockerHub](https://hub.docker.com) it's strongly recommended to create a
+When authenticating to [Docker Hub](https://hub.docker.com) with GitHub Actions,
-[personal access token](https://docs.docker.com/docker-hub/access-tokens/) as an alternative to your password.
+use a [personal access token](https://docs.docker.com/docker-hub/access-tokens/).
 Don't use your account password.
 ```yaml
 name: ci
 on:
  push:
-    branches: master
+    branches: main
 jobs:
  login:
@ -50,52 +50,24 @@ jobs:
    steps:
      -
        name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
 ```
 ### GitHub Packages Docker Registry
 > :warning: GitHub Packages Docker Registry (aka `docker.pkg.github.com`) **is deprecated** and will sunset early next
 > year. It's strongly advised to [migrate to GitHub Container Registry](https://docs.github.com/en/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images)
 > instead.
 You can configure the Docker client to use [GitHub Packages to publish and retrieve docker images](https://docs.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-docker-for-use-with-github-packages).
 ```yaml
 name: ci
 on:
  push:
    branches: master
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to GitHub Packages Docker Registry
        uses: docker/login-action@v1
        with:
          registry: docker.pkg.github.com
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
 ```
 ### GitHub Container Registry
-To authenticate against the [GitHub Container Registry](https://docs.github.com/en/packages/getting-started-with-github-container-registry),
+To authenticate to the [GitHub Container Registry](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry),
-you will need to create a new [personal access token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token)
+use the [`GITHUB_TOKEN`](https://docs.github.com/en/actions/reference/authentication-in-a-workflow)
-with the [appropriate scopes](https://docs.github.com/en/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry).
+secret.
 ```yaml
 name: ci
 on:
  push:
-    branches: master
+    branches: main
 jobs:
  login:
@ -103,13 +75,19 @@ jobs:
    steps:
      -
        name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
-          username: ${{ github.repository_owner }}
+          username: ${{ github.actor }}
-          password: ${{ secrets.CR_PAT }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 ```
 You may need to [manage write and read access of GitHub Actions](https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio)
 for repositories in the container settings.
 You can also use a [personal access token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token)
 with the [appropriate scopes](https://docs.github.com/en/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry).
 ### GitLab
 ```yaml
@ -117,7 +95,7 @@ name: ci
 on:
  push:
-    branches: master
+    branches: main
 jobs:
  login:
@ -125,25 +103,30 @@ jobs:
    steps:
      -
        name: Login to GitLab
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          registry: registry.gitlab.com
-          username: ${{ secrets.GITLAB_USERNAME }}
+          username: ${{ vars.GITLAB_USERNAME }}
          password: ${{ secrets.GITLAB_PASSWORD }}
 ```
 If you have [Two-Factor Authentication](https://gitlab.com/help/user/profile/account/two_factor_authentication)
 enabled, use a [Personal Access Token](https://gitlab.com/help/user/profile/personal_access_tokens)
 instead of a password.
 ### Azure Container Registry (ACR)
 [Create a service principal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal#create-a-service-principal)
 with access to your container registry through the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
-and take note of the generated service principal's ID (also called _client ID_) and password (also called _client secret_).
+and take note of the generated service principal's ID (also called _client ID_)
 and password (also called _client secret_).
 ```yaml
 name: ci
 on:
  push:
-    branches: master
+    branches: main
 jobs:
  login:
@ -151,10 +134,10 @@ jobs:
    steps:
      -
        name: Login to ACR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          registry: <registry-name>.azurecr.io
-          username: ${{ secrets.AZURE_CLIENT_ID }}
+          username: ${{ vars.AZURE_CLIENT_ID }}
          password: ${{ secrets.AZURE_CLIENT_SECRET }}
 ```
@ -162,17 +145,69 @@ jobs:
 ### Google Container Registry (GCR)
-Use a service account with the ability to push to GCR and [configure access control](https://cloud.google.com/container-registry/docs/access-control).
+> [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of
-Then create and download the JSON key for this service account and save content of `.json` file
+> Google Container Registry. As a fully-managed service with support for both
-[as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
+> container images and non-container artifacts. If you currently use Google
-called `GCR_JSON_KEY` in your GitHub repo. Ensure you set the username to `_json_key`.
+> Container Registry, use the information [on this page](https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr)
 > to learn about transitioning to Google Artifact Registry. 
 You can authenticate with workload identity federation or a service account.
 #### Workload identity federation
 Configure the workload identity federation for GitHub Actions in Google Cloud,
 [see here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation).
 Your service account must have permission to push to GCR. Use the
 `google-github-actions/auth` action to authenticate using workload identity as
 shown in the following example:
 ```yaml
 name: ci
 on:
  push:
-    branches: master
+    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
    -
      name: Authenticate to Google Cloud
      id: auth
      uses: google-github-actions/auth@v1
      with:
        token_format: access_token
        workload_identity_provider: <workload_identity_provider>
        service_account: <service_account>
    -
      name: Login to GCR
      uses: docker/login-action@v3
      with:
        registry: gcr.io
        username: oauth2accesstoken
        password: ${{ steps.auth.outputs.access_token }}
 ```
 > Replace `<workload_identity_provider>` with configured workload identity
 > provider. For steps to configure, [see here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation).
 > Replace `<service_account>` with configured service account in workload
 > identity provider which has access to push to GCR
 #### Service account based authentication
 Use a service account with permission to push to GCR and [configure access control](https://cloud.google.com/container-registry/docs/access-control).
 Download the key for the service account as a JSON file. Save the contents of
 the file [as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
 named `GCR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`.
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
@ -180,17 +215,95 @@ jobs:
    steps:
      -
        name: Login to GCR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          registry: gcr.io
          username: _json_key
          password: ${{ secrets.GCR_JSON_KEY }}
 ```
 ### Google Artifact Registry (GAR)
 You can authenticate with workload identity federation or a service account.
 #### Workload identity federation
 Your service account must have permission to push to GAR. Use the
 `google-github-actions/auth` action to authenticate using workload identity as
 shown in the following example:
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Authenticate to Google Cloud
        id: auth
        uses: google-github-actions/auth@v1
        with:
          token_format: access_token
          workload_identity_provider: <workload_identity_provider>
          service_account: <service_account>
      -
        name: Login to GAR
        uses: docker/login-action@v3
        with:
          registry: <location>-docker.pkg.dev
          username: oauth2accesstoken
          password: ${{ steps.auth.outputs.access_token }}
 ```
 > Replace `<workload_identity_provider>` with configured workload identity
 > provider
 > Replace `<service_account>` with configured service account in workload
 > identity provider which has access to push to GCR
 > Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
 > of the repository where the image is stored.
 #### Service account based authentication
 Use a service account with permission to push to GAR and [configure access control](https://cloud.google.com/artifact-registry/docs/access-control).
 Download the key for the service account as a JSON file. Save the contents of
 the file [as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
 named `GAR_JSON_KEY` in your GitHub repository. Set the username to `_json_key`,
 or `_json_key_base64` if you use a base64-encoded key.
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to GAR
        uses: docker/login-action@v3
        with:
          registry: <location>-docker.pkg.dev
          username: _json_key
          password: ${{ secrets.GAR_JSON_KEY }}
 ```
 > Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
 > of the repository where the image is stored.
 ### AWS Elastic Container Registry (ECR)
-Use an IAM user with the [ability to push to ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html).
+Use an IAM user with the ability to [push to ECR with `AmazonEC2ContainerRegistryPowerUser` managed policy for example](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonEC2ContainerRegistryPowerUser).
-Then create and download access keys and save `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` [as secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
+Download the access keys and save them as `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` [as secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
 in your GitHub repo.
 ```yaml
@ -198,7 +311,7 @@ name: ci
 on:
  push:
-    branches: master
+    branches: main
 jobs:
  login:
@ -206,22 +319,49 @@ jobs:
    steps:
      -
        name: Login to ECR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
-          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          username: ${{ vars.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 ```
-You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials) action in
+If you need to log in to Amazon ECR registries associated with other accounts,
-combination with this action:
+you can use the `AWS_ACCOUNT_IDS` environment variable:
 ```yaml
 name: ci
 on:
  push:
-    branches: master
+    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to ECR
        uses: docker/login-action@v3
        with:
          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
          username: ${{ vars.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        env:
          AWS_ACCOUNT_IDS: 012345678910,023456789012
 ```
 > Only available with [AWS CLI version 1](https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html)
 You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials)
 action in combination with this action:
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
@ -229,49 +369,214 @@ jobs:
    steps:
      -
        name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: <region>
      -
        name: Login to ECR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
 ```
 > Replace `<aws-account-number>` and `<region>` with their respective values.
 ### AWS Public Elastic Container Registry (ECR)
 Use an IAM user with permission to push to ECR Public, for example using [managed policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonEC2ContainerRegistryPowerUser).
 Download the access keys and save them as `AWS_ACCESS_KEY_ID` and
 `AWS_SECRET_ACCESS_KEY` [secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
 in your GitHub repository.
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to Public ECR
        uses: docker/login-action@v3
        with:
          registry: public.ecr.aws
          username: ${{ vars.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        env:
          AWS_REGION: <region>
 ```
 > Replace `<region>` with its respective value (default `us-east-1`).
 ### OCI Oracle Cloud Infrastructure Registry (OCIR)
 To push into OCIR in specific tenancy the [username](https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/registry/index.html#LogintoOracleCloudInfrastructureRegistryfromtheDockerCLI)
 must be placed in format `<tenancy>/<username>` (in case of federated tenancy use the format
 `<tenancy-namespace>/oracleidentitycloudservice/<username>`).
 For password [create an auth token](https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/registry/index.html#GetanAuthToken).
 Save username and token [as a secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
 in your GitHub repo. 
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to OCIR
        uses: docker/login-action@v3
        with:
          registry: <region>.ocir.io
          username: ${{ vars.OCI_USERNAME }}
          password: ${{ secrets.OCI_TOKEN }}
 ```
 > Replace `<region>` with their respective values from [availability regions](https://docs.cloud.oracle.com/iaas/Content/Registry/Concepts/registryprerequisites.htm#Availab)
 ### Quay.io
 Use a [Robot account](https://docs.quay.io/glossary/robot-accounts.html) with
 permission to push to a Quay.io repository.
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to Quay.io
        uses: docker/login-action@v3
        with:
          registry: quay.io
          username: ${{ vars.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
 ```
 ### DigitalOcean Container Registry
 Use your DigitalOcean registered email address and an API access token to authenticate.
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to DigitalOcean Container Registry
        uses: docker/login-action@v3
        with:
          registry: registry.digitalocean.com
          username: ${{ vars.DIGITALOCEAN_USERNAME }}
          password: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
 ```
 ### Authenticate to multiple registries
 To authenticate against multiple registries, you can specify the login-action
 step multiple times in your workflow:
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
 ```
 You can also use the `registry-auth` input for raw authentication to
 registries, defined as YAML objects. Each object can contain `registry`,
 `username`, `password` and `ecr` keys similar to current inputs:
 > [!WARNING]
 > We don't recommend using this method, it's better to use the action multiple
 > times as shown above.
 ```yaml
 name: ci
 on:
  push:
    branches: main
 jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to registries
        uses: docker/login-action@v3
        with:
          registry-auth: |
            - username: ${{ vars.DOCKERHUB_USERNAME }}
              password: ${{ secrets.DOCKERHUB_TOKEN }}
            - registry: ghcr.io
              username: ${{ github.actor }}
              password: ${{ secrets.GITHUB_TOKEN }}
 ```
 ## Customizing
 ### inputs
-Following inputs can be used as `step.with` keys
+The following inputs can be used as `step.with` keys:
 | Name            | Type   | Default     | Description                                                                   |
-|------------------|---------|-----------------------------|------------------------------------|
+|-----------------|--------|-------------|-------------------------------------------------------------------------------|
-| `registry`       | String  |                             | Server address of Docker registry. If not set then will default to Docker Hub |
+| `registry`      | String | `docker.io` | Server address of Docker registry. If not set then will default to Docker Hub |
-| `username`       | String  |                             | Username used to log against the Docker registry |
+| `username`      | String |             | Username for authenticating to the Docker registry                            |
-| `password`       | String  |                             | Password or personal access token used to log against the Docker registry |
+| `password`      | String |             | Password or personal access token for authenticating the Docker registry      |
 | `ecr`           | String | `auto`      | Specifies whether the given registry is ECR (`auto`, `true` or `false`)       |
 | `logout`        | Bool   | `true`      | Log out from the Docker registry at the end of a job                          |
 | `registry-auth` | YAML   |             | Raw authentication to registries, defined as YAML objects                     |
-## Keep up-to-date with GitHub Dependabot
+> [!NOTE]
 > The `registry-auth` input is mutually exclusive with `registry`, `username`,
 > `password` and `ecr` inputs.
-Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
+## Contributing
 has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
 to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
-```yaml
+Want to contribute? Awesome! You can find information about contributing to
-version: 2
+this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
 updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
 ```
 ## Limitation
 This action is only available for Linux [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources).
--- a/tests/aws.test.ts
+++ b/tests/aws.test.ts
@ -1,54 +1,163 @@
-import * as semver from 'semver';
+import {beforeEach, describe, expect, jest, test} from '@jest/globals';
 import {AuthorizationData} from '@aws-sdk/client-ecr';
 import * as aws from '../src/aws';
 describe('isECR', () => {
  test.each([
    ['registry.gitlab.com', false],
    ['gcr.io', false],
-    ['012345678901.dkr.ecr.eu-west-3.amazonaws.com', true]
+    ['012345678901.dkr.ecr.eu-west-3.amazonaws.com', true],
    ['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', true],
    ['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', true],
    ['012345678901.dkr-ecr.eu-north-1.on.aws', true],
    ['public.ecr.aws', true],
    ['ecr-public.aws.com', true]
  ])('given registry %p', async (registry, expected) => {
-    expect(await aws.isECR(registry)).toEqual(expected);
+    expect(aws.isECR(registry)).toEqual(expected);
  });
 });
-describe('getCLI', () => {
+describe('isPubECR', () => {
  it('exists', async () => {
    const awsPath = await aws.getCLI();
    console.log(`awsPath: ${awsPath}`);
    expect(awsPath).not.toEqual('');
  });
 });
 describe('execCLI', () => {
  it('--version not empty', async () => {
    const cliCmdOutput = await aws.execCLI(['--version']);
    console.log(`cliCmdOutput: ${cliCmdOutput}`);
    expect(cliCmdOutput).not.toEqual('');
  }, 100000);
 });
 describe('getCLIVersion', () => {
  it('valid', async () => {
    const cliVersion = await aws.getCLIVersion();
    console.log(`cliVersion: ${cliVersion}`);
    expect(semver.valid(cliVersion)).not.toBeNull();
  }, 100000);
 });
 describe('parseCLIVersion', () => {
  test.each([
-    ['v1', 'aws-cli/1.18.120 Python/2.7.17 Linux/5.3.0-1034-azure botocore/1.17.43', '1.18.120'],
+    ['registry.gitlab.com', false],
-    ['v2', 'aws-cli/2.0.41 Python/3.7.3 Linux/4.19.104-microsoft-standard exe/x86_64.ubuntu.18', '2.0.41']
+    ['gcr.io', false],
-  ])('given aws %p', async (version, stdout, expected) => {
+    ['012345678901.dkr.ecr.eu-west-3.amazonaws.com', false],
-    expect(await aws.parseCLIVersion(stdout)).toEqual(expected);
+    ['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', false],
    ['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', false],
    ['012345678901.dkr-ecr.eu-north-1.on.aws', false],
    ['public.ecr.aws', true],
    ['ecr-public.aws.com', true]
  ])('given registry %p', async (registry, expected) => {
    expect(aws.isPubECR(registry)).toEqual(expected);
  });
 });
 describe('getRegion', () => {
-  test.each([['012345678901.dkr.ecr.eu-west-3.amazonaws.com', 'eu-west-3']])(
+  test.each([
-    'given registry %p',
+    ['012345678901.dkr.ecr.eu-west-3.amazonaws.com', 'eu-west-3'],
-    async (registry, expected) => {
+    ['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', 'cn-north-1'],
-      expect(await aws.getRegion(registry)).toEqual(expected);
+    ['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', 'cn-northwest-1'],
-    }
+    ['012345678901.dkr-ecr.eu-north-1.on.aws', 'eu-north-1'],
-  );
+    ['public.ecr.aws', 'us-east-1']
  ])('given registry %p', async (registry, expected) => {
    expect(aws.getRegion(registry)).toEqual(expected);
  });
 });
 describe('getAccountIDs', () => {
  test.each([
    ['012345678901.dkr.ecr.eu-west-3.amazonaws.com', undefined, ['012345678901']],
    ['012345678901.dkr.ecr.eu-west-3.amazonaws.com', '012345678910,023456789012', ['012345678901', '012345678910', '023456789012']],
    ['012345678901.dkr.ecr.eu-west-3.amazonaws.com', '012345678901,012345678910,023456789012', ['012345678901', '012345678910', '023456789012']],
    ['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', '012345678910,023456789012', ['390948362332', '012345678910', '023456789012']],
    ['876820548815.dkr-ecr.eu-north-1.on.aws', '012345678910,023456789012', ['876820548815', '012345678910', '023456789012']],
    ['public.ecr.aws', undefined, []]
  ])('given registry %p', async (registry, accountIDsEnv, expected) => {
    if (accountIDsEnv) {
      process.env.AWS_ACCOUNT_IDS = accountIDsEnv;
    }
    expect(aws.getAccountIDs(registry)).toEqual(expected);
  });
 });
 const mockEcrGetAuthToken = jest.fn();
 const mockEcrPublicGetAuthToken = jest.fn();
 jest.mock('@aws-sdk/client-ecr', () => {
  return {
    ECR: jest.fn(() => ({
      getAuthorizationToken: mockEcrGetAuthToken
    }))
  };
 });
 jest.mock('@aws-sdk/client-ecr-public', () => {
  return {
    ECRPUBLIC: jest.fn(() => ({
      getAuthorizationToken: mockEcrPublicGetAuthToken
    }))
  };
 });
 describe('getRegistriesData', () => {
  beforeEach(() => {
    jest.clearAllMocks();
    delete process.env.AWS_ACCOUNT_IDS;
  });
  // prettier-ignore
  test.each([
    [
      '012345678901.dkr.ecr.aws-region-1.amazonaws.com',
      'dkr.ecr.aws-region-1.amazonaws.com', undefined,
      [
        {
          registry: '012345678901.dkr.ecr.aws-region-1.amazonaws.com',
          username: '012345678901',
          password: 'world'
        }
      ]
    ],
    [
      '012345678901.dkr.ecr.eu-west-3.amazonaws.com',
      'dkr.ecr.eu-west-3.amazonaws.com',
      '012345678910,023456789012',
      [
        {
          registry: '012345678901.dkr.ecr.eu-west-3.amazonaws.com',
          username: '012345678901',
          password: 'world'
        },
        {
          registry: '012345678910.dkr.ecr.eu-west-3.amazonaws.com',
          username: '012345678910',
          password: 'world'
        },
        {
          registry: '023456789012.dkr.ecr.eu-west-3.amazonaws.com',
          username: '023456789012',
          password: 'world'
        }
      ]
    ],
    [
      'public.ecr.aws',
      undefined,
      undefined,
      [
        {
          registry: 'public.ecr.aws',
          username: 'AWS',
          password: 'world'
        }
      ]
    ]
  ])('given registry %p', async (registry, fqdn, accountIDsEnv, expected: aws.RegistryData[]) => {
    if (accountIDsEnv) {
      process.env.AWS_ACCOUNT_IDS = accountIDsEnv;
    }
    const accountIDs = aws.getAccountIDs(registry);
    const authData: AuthorizationData[] = [];
    if (accountIDs.length == 0) {
      mockEcrPublicGetAuthToken.mockImplementation(() => {
        return Promise.resolve({
          authorizationData: {
            authorizationToken: Buffer.from(`AWS:world`).toString('base64'),
          }
        });
      });
    } else {
      aws.getAccountIDs(registry).forEach(accountID => {
        authData.push({
          authorizationToken: Buffer.from(`${accountID}:world`).toString('base64'),
          proxyEndpoint: `${accountID}.${fqdn}`
        });
      });
      mockEcrGetAuthToken.mockImplementation(() => {
        return Promise.resolve({
          authorizationData: authData
        });
      });
    }
    const regData = await aws.getRegistriesData(registry);
    expect(regData).toEqual(expected);
  });
 });
--- a/tests/context.test.ts
+++ b/tests/context.test.ts
@ -1,11 +1,12 @@
-import osm = require('os');
+import {expect, test} from '@jest/globals';
 import {getInputs} from '../src/context';
 test('with password and username getInputs does not throw error', async () => {
  process.env['INPUT_USERNAME'] = 'dbowie';
  process.env['INPUT_PASSWORD'] = 'groundcontrol';
  process.env['INPUT_LOGOUT'] = 'true';
  expect(() => {
    getInputs();
-  }).not.toThrowError();
+  }).not.toThrow();
 });
--- a/tests/docker.test.ts
+++ b/tests/docker.test.ts
@ -1,49 +1,64 @@
-import {loginStandard, logout} from '../src/docker';
+import {expect, jest, test} from '@jest/globals';
 import * as path from 'path';
-import * as exec from '@actions/exec';
+import {loginStandard, logout} from '../src/docker';
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
 process.env['RUNNER_TEMP'] = path.join(__dirname, 'runner');
 test('loginStandard calls exec', async () => {
-  const execSpy: jest.SpyInstance = jest.spyOn(exec, 'exec');
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-  // don't let exec try to actually run the commands
+  // @ts-ignore
-  execSpy.mockImplementation(() => {});
+  const execSpy = jest.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
    return {
      exitCode: expect.any(Number),
      stdout: expect.any(Function),
      stderr: expect.any(Function)
    };
  });
-  const username: string = 'dbowie';
+  const username = 'dbowie';
-  const password: string = 'groundcontrol';
+  const password = 'groundcontrol';
-  const registry: string = 'https://ghcr.io';
+  const registry = 'https://ghcr.io';
  await loginStandard(registry, username, password);
-  expect(execSpy).toHaveBeenCalledWith(`docker`, ['login', '--password-stdin', '--username', username, registry], {
+  expect(execSpy).toHaveBeenCalledTimes(1);
  const callfunc = execSpy.mock.calls[0];
  if (callfunc && callfunc[1]) {
    // we don't want to check env opt
    callfunc[1].env = undefined;
  }
  expect(execSpy).toHaveBeenCalledWith(['login', '--password-stdin', '--username', username, registry], {
    input: Buffer.from(password),
    silent: true,
-    ignoreReturnCode: true,
+    ignoreReturnCode: true
    listeners: expect.objectContaining({
      stdout: expect.any(Function),
      stderr: expect.any(Function)
    })
  });
 });
 test('logout calls exec', async () => {
-  const execSpy: jest.SpyInstance = jest.spyOn(exec, 'exec');
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-  // don't let exec try to actually run the commands
+  // @ts-ignore
-  execSpy.mockImplementation(() => {});
+  const execSpy = jest.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
    return {
      exitCode: expect.any(Number),
      stdout: expect.any(Function),
      stderr: expect.any(Function)
    };
  });
-  const registry: string = 'https://ghcr.io';
+  const registry = 'https://ghcr.io';
  await logout(registry);
-  expect(execSpy).toHaveBeenCalledWith(`docker`, ['logout', registry], {
+  expect(execSpy).toHaveBeenCalledTimes(1);
-    silent: false,
+  const callfunc = execSpy.mock.calls[0];
-    ignoreReturnCode: true,
+  if (callfunc && callfunc[1]) {
-    input: Buffer.from(''),
+    // we don't want to check env opt
-    listeners: expect.objectContaining({
+    callfunc[1].env = undefined;
-      stdout: expect.any(Function),
+  }
-      stderr: expect.any(Function)
+  expect(execSpy).toHaveBeenCalledWith(['logout', registry], {
-    })
+    ignoreReturnCode: true
  });
 });
--- a/tests/main.test.ts
+++ b/tests/main.test.ts
@ -1,79 +0,0 @@
 import osm = require('os');
 import {run} from '../src/main';
 import * as docker from '../src/docker';
 import * as stateHelper from '../src/state-helper';
 import * as core from '@actions/core';
 test('errors when not run on linux platform', async () => {
  const platSpy = jest.spyOn(osm, 'platform');
  platSpy.mockImplementation(() => 'netbsd');
  const coreSpy: jest.SpyInstance = jest.spyOn(core, 'setFailed');
  await run();
  expect(coreSpy).toHaveBeenCalledWith('Only supported on linux platform');
 });
 test('errors without username and password', async () => {
  const platSpy = jest.spyOn(osm, 'platform');
  platSpy.mockImplementation(() => 'linux');
  const coreSpy: jest.SpyInstance = jest.spyOn(core, 'setFailed');
  await run();
  expect(coreSpy).toHaveBeenCalledWith('Username and password required');
 });
 test('successful with username and password', async () => {
  const platSpy = jest.spyOn(osm, 'platform');
  platSpy.mockImplementation(() => 'linux');
  const setRegistrySpy: jest.SpyInstance = jest.spyOn(stateHelper, 'setRegistry');
  const setLogoutSpy: jest.SpyInstance = jest.spyOn(stateHelper, 'setLogout');
  const dockerSpy: jest.SpyInstance = jest.spyOn(docker, 'login');
  dockerSpy.mockImplementation(() => {});
  const username: string = 'dbowie';
  process.env[`INPUT_USERNAME`] = username;
  const password: string = 'groundcontrol';
  process.env[`INPUT_PASSWORD`] = password;
  await run();
  expect(setRegistrySpy).toHaveBeenCalledWith('');
  expect(setLogoutSpy).toHaveBeenCalledWith('');
  expect(dockerSpy).toHaveBeenCalledWith('', username, password);
 });
 test('calls docker login', async () => {
  const platSpy = jest.spyOn(osm, 'platform');
  platSpy.mockImplementation(() => 'linux');
  const setRegistrySpy: jest.SpyInstance = jest.spyOn(stateHelper, 'setRegistry');
  const setLogoutSpy: jest.SpyInstance = jest.spyOn(stateHelper, 'setLogout');
  const dockerSpy: jest.SpyInstance = jest.spyOn(docker, 'login');
  dockerSpy.mockImplementation(() => {});
  const username: string = 'dbowie';
  process.env[`INPUT_USERNAME`] = username;
  const password: string = 'groundcontrol';
  process.env[`INPUT_PASSWORD`] = password;
  const registry: string = 'ghcr.io';
  process.env[`INPUT_REGISTRY`] = registry;
  const logout: string = 'true';
  process.env['INPUT_LOGOUT'] = logout;
  await run();
  expect(setRegistrySpy).toHaveBeenCalledWith(registry);
  expect(setLogoutSpy).toHaveBeenCalledWith(logout);
  expect(dockerSpy).toHaveBeenCalledWith(registry, username, password);
 });
--- a/action.yml
+++ b/action.yml
@ -16,12 +16,18 @@ inputs:
  password:
    description: 'Password or personal access token used to log against the Docker registry'
    required: false
  ecr:
    description: 'Specifies whether the given registry is ECR (auto, true or false)'
    required: false
  logout:
    description: 'Log out from the Docker registry at the end of a job'
    default: 'true'
    required: false
  registry-auth:
    description: 'Raw authentication to registries, defined as YAML objects'
    required: false
 runs:
-  using: 'node12'
+  using: 'node20'
  main: 'dist/index.js'
  post: 'dist/index.js'
--- a/codecov.yml
+++ b/codecov.yml
@ -0,0 +1,3 @@
 comment: false
 github_checks:
  annotations: false
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@ -0,0 +1,82 @@
 # syntax=docker/dockerfile:1
 ARG NODE_VERSION=20
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
 WORKDIR /src
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache <<EOT
  corepack enable
  yarn --version
  yarn config set --home enableTelemetry 0
 EOT
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn install && mkdir /vendor && cp yarn.lock /vendor
 FROM scratch AS vendor-update
 COPY --from=deps /vendor /
 FROM deps AS vendor-validate
 RUN --mount=type=bind,target=.,rw <<EOT
  set -e
  git add -A
  cp -rf /vendor/* .
  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor"'
    git status --porcelain -- yarn.lock
    exit 1
  fi
 EOT
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run build && mkdir /out && cp -Rf dist /out/
 FROM scratch AS build-update
 COPY --from=build /out /
 FROM build AS build-validate
 RUN --mount=type=bind,target=.,rw <<EOT
  set -e
  git add -A
  cp -rf /out/* .
  if [ -n "$(git status --porcelain -- dist)" ]; then
    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
    git status --porcelain -- dist
    exit 1
  fi
 EOT
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run format \
  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
 FROM scratch AS format-update
 COPY --from=format /out /
 FROM deps AS lint
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run lint
 FROM deps AS test
 ENV RUNNER_TEMP=/tmp/github_runner
 ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run test --coverage --coverageDirectory=/tmp/coverage
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
--- a/dist/sourcemap-register.js
+++ b/dist/sourcemap-register.js
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -0,0 +1,66 @@
 target "_common" {
  args = {
    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
  }
 }
 group "default" {
  targets = ["build"]
 }
 group "pre-checkin" {
  targets = ["vendor", "format", "build"]
 }
 group "validate" {
  targets = ["lint", "build-validate", "vendor-validate"]
 }
 target "build" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "build-update"
  output = ["."]
 }
 target "build-validate" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "build-validate"
  output = ["type=cacheonly"]
 }
 target "format" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "format-update"
  output = ["."]
 }
 target "lint" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "lint"
  output = ["type=cacheonly"]
 }
 target "vendor" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "vendor-update"
  output = ["."]
 }
 target "vendor-validate" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "vendor-validate"
  output = ["type=cacheonly"]
 }
 target "test" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "test-coverage"
  output = ["./coverage"]
 }
--- a/jest.config.js
+++ b/jest.config.js
@ -1,12 +0,0 @@
 module.exports = {
  clearMocks: true,
  moduleFileExtensions: ['js', 'ts'],
  setupFiles: ["dotenv/config"],
  testEnvironment: 'node',
  testMatch: ['**/*.test.ts'],
  testRunner: 'jest-circus/runner',
  transform: {
    '^.+\\.ts$': 'ts-jest'
  },
  verbose: false
 }
--- a/jest.config.ts
+++ b/jest.config.ts
@ -0,0 +1,30 @@
 import fs from 'fs';
 import os from 'os';
 import path from 'path';
 const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-login-action-')).split(path.sep).join(path.posix.sep);
 process.env = Object.assign({}, process.env, {
  TEMP: tmpDir,
  GITHUB_REPOSITORY: 'docker/login-action',
  RUNNER_TEMP: path.join(tmpDir, 'runner-temp').split(path.sep).join(path.posix.sep),
  RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache').split(path.sep).join(path.posix.sep)
 }) as {
  [key: string]: string;
 };
 module.exports = {
  clearMocks: true,
  testEnvironment: 'node',
  moduleFileExtensions: ['js', 'ts'],
  testMatch: ['**/*.test.ts'],
  transform: {
    '^.+\\.ts$': 'ts-jest'
  },
  moduleNameMapper: {
    '^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
  },
  collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
  coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__tests__/'],
  verbose: true
 };
--- a/package.json
+++ b/package.json
@ -1,13 +1,16 @@
 {
  "name": "docker-login",
  "description": "GitHub Action to login against a Docker registry",
-  "main": "lib/main.js",
+  "main": "src/main.ts",
  "scripts": {
-    "build": "tsc && ncc build",
+    "build": "ncc build --source-map --minify --license licenses.txt",
-    "format": "prettier --write **/*.ts",
+    "lint": "yarn run prettier && yarn run eslint",
-    "format-check": "prettier --check **/*.ts",
+    "format": "yarn run prettier:fix && yarn run eslint:fix",
-    "test": "jest --coverage",
+    "eslint": "eslint --max-warnings=0 .",
-    "pre-checkin": "yarn run format && yarn run build"
+    "eslint:fix": "eslint --fix .",
    "prettier": "prettier --check \"./**/*.ts\"",
    "prettier:fix": "prettier --write \"./**/*.ts\"",
    "test": "jest"
  },
  "repository": {
    "type": "git",
@ -18,31 +21,32 @@
    "docker",
    "login"
  ],
-  "author": "Docker",
+  "author": "Docker Inc.",
-  "contributors": [
+  "license": "Apache-2.0",
-    {
+  "packageManager": "yarn@4.9.2",
      "name": "CrazyMax",
      "url": "https://crazymax.dev"
    }
  ],
  "license": "MIT",
  "dependencies": {
-    "@actions/core": "^1.2.6",
+    "@actions/core": "^1.11.1",
-    "@actions/exec": "^1.0.4",
+    "@aws-sdk/client-ecr": "^3.890.0",
-    "@actions/io": "^1.0.2",
+    "@aws-sdk/client-ecr-public": "^3.890.0",
-    "semver": "^7.3.2"
+    "@docker/actions-toolkit": "^0.63.0",
    "http-proxy-agent": "^7.0.2",
    "https-proxy-agent": "^7.0.6",
    "js-yaml": "^4.1.0"
  },
  "devDependencies": {
-    "@types/jest": "^26.0.3",
+    "@types/js-yaml": "^4.0.9",
-    "@types/node": "^14.0.14",
+    "@types/node": "^20.19.9",
-    "@vercel/ncc": "^0.23.0",
+    "@typescript-eslint/eslint-plugin": "^7.18.0",
-    "dotenv": "^8.2.0",
+    "@typescript-eslint/parser": "^7.18.0",
-    "jest": "^26.1.0",
+    "@vercel/ncc": "^0.38.3",
-    "jest-circus": "^26.1.0",
+    "eslint": "^8.57.1",
-    "jest-runtime": "^26.1.0",
+    "eslint-config-prettier": "^9.1.2",
-    "prettier": "^2.0.5",
+    "eslint-plugin-jest": "^28.14.0",
-    "ts-jest": "^26.1.1",
+    "eslint-plugin-prettier": "^5.5.4",
-    "typescript": "^3.9.5",
+    "jest": "^29.7.0",
-    "typescript-formatter": "^7.2.2"
+    "prettier": "^3.6.2",
    "ts-jest": "^29.4.1",
    "ts-node": "^10.9.2",
    "typescript": "^5.9.2"
  }
 }
--- a/src/aws.ts
+++ b/src/aws.ts
@ -1,51 +1,138 @@
-import * as semver from 'semver';
+import * as core from '@actions/core';
-import * as io from '@actions/io';
+import {ECR} from '@aws-sdk/client-ecr';
-import * as execm from './exec';
+import {ECRPUBLIC} from '@aws-sdk/client-ecr-public';
 import {NodeHttpHandler} from '@smithy/node-http-handler';
 import {HttpProxyAgent} from 'http-proxy-agent';
 import {HttpsProxyAgent} from 'https-proxy-agent';
-export const isECR = async (registry: string): Promise<boolean> => {
+const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.com(.cn)?))(\/([^:]+)(:.+)?)?$/;
-  return registry.includes('amazonaws');
+const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/;
 export const isECR = (registry: string): boolean => {
  return ecrRegistryRegex.test(registry) || isPubECR(registry);
 };
-export const getRegion = async (registry: string): Promise<string> => {
+export const isPubECR = (registry: string): boolean => {
-  return registry.substring(registry.indexOf('ecr.') + 4, registry.indexOf('.amazonaws'));
+  return ecrPublicRegistryRegex.test(registry);
 };
-export const getCLI = async (): Promise<string> => {
+export const getRegion = (registry: string): string => {
-  return io.which('aws', true);
+  if (isPubECR(registry)) {
-};
+    return process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION || 'us-east-1';
 export const execCLI = async (args: string[]): Promise<string> => {
  return execm.exec(await getCLI(), args, true).then(res => {
    if (res.stderr != '' && !res.success) {
      throw new Error(res.stderr);
    } else if (res.stderr != '') {
      return res.stderr.trim();
    } else {
      return res.stdout.trim();
  }
-  });
+  const matches = registry.match(ecrRegistryRegex);
 };
 export const getCLIVersion = async (): Promise<string> => {
  return parseCLIVersion(await execCLI(['--version']));
 };
 export const parseCLIVersion = async (stdout: string): Promise<string> => {
  const matches = /aws-cli\/([0-9.]+)/.exec(stdout);
  if (!matches) {
-    throw new Error(`Cannot parse AWS CLI version`);
+    return '';
  }
-  return semver.clean(matches[1]);
+  return matches[4];
 };
-export const getDockerLoginCmd = async (cliVersion: string, registry: string, region: string): Promise<string> => {
+export const getAccountIDs = (registry: string): string[] => {
-  if (semver.satisfies(cliVersion, '>=2.0.0')) {
+  if (isPubECR(registry)) {
-    return execCLI(['ecr', 'get-login-password', '--region', region]).then(pwd => {
+    return [];
-      return `docker login --username AWS --password ${pwd} ${registry}`;
+  }
  const matches = registry.match(ecrRegistryRegex);
  if (!matches) {
    return [];
  }
  const accountIDs: Array<string> = [matches[2]];
  if (process.env.AWS_ACCOUNT_IDS) {
    accountIDs.push(...process.env.AWS_ACCOUNT_IDS.split(','));
  }
  return accountIDs.filter((item, index) => accountIDs.indexOf(item) === index);
 };
 export interface RegistryData {
  registry: string;
  username: string;
  password: string;
 }
 export const getRegistriesData = async (registry: string, username?: string, password?: string): Promise<RegistryData[]> => {
  const region = getRegion(registry);
  const accountIDs = getAccountIDs(registry);
  const authTokenRequest = {};
  if (accountIDs.length > 0) {
    core.debug(`Requesting AWS ECR auth token for ${accountIDs.join(', ')}`);
    authTokenRequest['registryIds'] = accountIDs;
  }
  let httpProxyAgent;
  const httpProxy = process.env.http_proxy || process.env.HTTP_PROXY || '';
  if (httpProxy) {
    core.debug(`Using http proxy ${httpProxy}`);
    httpProxyAgent = new HttpProxyAgent(httpProxy);
  }
  let httpsProxyAgent;
  const httpsProxy = process.env.https_proxy || process.env.HTTPS_PROXY || '';
  if (httpsProxy) {
    core.debug(`Using https proxy ${httpsProxy}`);
    httpsProxyAgent = new HttpsProxyAgent(httpsProxy);
  }
  const credentials =
    username && password
      ? {
          accessKeyId: username,
          secretAccessKey: password
        }
      : undefined;
  if (isPubECR(registry)) {
    core.info(`AWS Public ECR detected with ${region} region`);
    const ecrPublic = new ECRPUBLIC({
      customUserAgent: 'docker-login-action',
      credentials,
      region: region,
      requestHandler: new NodeHttpHandler({
        httpAgent: httpProxyAgent,
        httpsAgent: httpsProxyAgent
      })
    });
    const authTokenResponse = await ecrPublic.getAuthorizationToken(authTokenRequest);
    if (!authTokenResponse.authorizationData || !authTokenResponse.authorizationData.authorizationToken) {
      throw new Error('Could not retrieve an authorization token from AWS Public ECR');
    }
    const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
    const creds = authToken.split(':', 2);
    core.setSecret(creds[0]); // redacted in workflow logs
    core.setSecret(creds[1]); // redacted in workflow logs
    return [
      {
        registry: 'public.ecr.aws',
        username: creds[0],
        password: creds[1]
      }
    ];
  } else {
-    return execCLI(['ecr', 'get-login', '--region', region, '--no-include-email']).then(dockerLoginCmd => {
+    core.info(`AWS ECR detected with ${region} region`);
-      return dockerLoginCmd;
+    const ecr = new ECR({
      customUserAgent: 'docker-login-action',
      credentials,
      region: region,
      requestHandler: new NodeHttpHandler({
        httpAgent: httpProxyAgent,
        httpsAgent: httpsProxyAgent
      })
    });
    const authTokenResponse = await ecr.getAuthorizationToken(authTokenRequest);
    if (!Array.isArray(authTokenResponse.authorizationData) || !authTokenResponse.authorizationData.length) {
      throw new Error('Could not retrieve an authorization token from AWS ECR');
    }
    const regDatas: RegistryData[] = [];
    for (const authData of authTokenResponse.authorizationData) {
      const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
      const creds = authToken.split(':', 2);
      core.setSecret(creds[0]); // redacted in workflow logs
      core.setSecret(creds[1]); // redacted in workflow logs
      regDatas.push({
        registry: authData.proxyEndpoint || '',
        username: creds[0],
        password: creds[1]
      });
    }
    return regDatas;
  }
 };
--- a/src/context.ts
+++ b/src/context.ts
@ -4,7 +4,9 @@ export interface Inputs {
  registry: string;
  username: string;
  password: string;
-  logout: string;
+  ecr: string;
  logout: boolean;
  registryAuth: string;
 }
 export function getInputs(): Inputs {
@ -12,6 +14,8 @@ export function getInputs(): Inputs {
    registry: core.getInput('registry'),
    username: core.getInput('username'),
    password: core.getInput('password'),
-    logout: core.getInput('logout')
+    ecr: core.getInput('ecr'),
    logout: core.getBooleanInput('logout'),
    registryAuth: core.getInput('registry-auth')
  };
 }
--- a/src/docker.ts
+++ b/src/docker.ts
@ -1,9 +1,10 @@
 import * as core from '@actions/core';
 import * as aws from './aws';
-import * as execm from './exec';
+import * as core from '@actions/core';
-export async function login(registry: string, username: string, password: string): Promise<void> {
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
-  if (await aws.isECR(registry)) {
+
 export async function login(registry: string, username: string, password: string, ecr: string): Promise<void> {
  if (/true/i.test(ecr) || (ecr == 'auto' && aws.isECR(registry))) {
    await loginECR(registry, username, password);
  } else {
    await loginStandard(registry, username, password);
@ -11,52 +12,57 @@ export async function login(registry: string, username: string, password: string
 }
 export async function logout(registry: string): Promise<void> {
-  await execm.exec('docker', ['logout', registry], false).then(res => {
+  await Docker.getExecOutput(['logout', registry], {
-    if (res.stderr != '' && !res.success) {
+    ignoreReturnCode: true
-      core.warning(res.stderr);
+  }).then(res => {
    if (res.stderr.length > 0 && res.exitCode != 0) {
      core.warning(res.stderr.trim());
    }
  });
 }
 export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
-  if (!username || !password) {
+  if (!username && !password) {
    throw new Error('Username and password required');
  }
  if (!username) {
    throw new Error('Username required');
  }
  if (!password) {
    throw new Error('Password required');
  }
-  let loginArgs: Array<string> = ['login', '--password-stdin'];
+  const loginArgs: Array<string> = ['login', '--password-stdin'];
  loginArgs.push('--username', username);
  loginArgs.push(registry);
-  if (registry) {
+  core.info(`Logging into ${registry}...`);
-    core.info(`🔑 Logging into ${registry}...`);
+  await Docker.getExecOutput(loginArgs, {
-  } else {
+    ignoreReturnCode: true,
-    core.info(`🔑 Logging into DockerHub...`);
+    silent: true,
    input: Buffer.from(password)
  }).then(res => {
    if (res.stderr.length > 0 && res.exitCode != 0) {
      throw new Error(res.stderr.trim());
    }
-  await execm.exec('docker', loginArgs, true, password).then(res => {
+    core.info(`Login Succeeded!`);
    if (res.stderr != '' && !res.success) {
      throw new Error(res.stderr);
    }
    core.info('🎉 Login Succeeded!');
  });
 }
 export async function loginECR(registry: string, username: string, password: string): Promise<void> {
-  const cliPath = await aws.getCLI();
+  core.info(`Retrieving registries data through AWS SDK...`);
-  const cliVersion = await aws.getCLIVersion();
+  const regDatas = await aws.getRegistriesData(registry, username, password);
-  const region = await aws.getRegion(registry);
+  for (const regData of regDatas) {
-  core.info(`💡 AWS ECR detected with ${region} region`);
+    core.info(`Logging into ${regData.registry}...`);
-
+    await Docker.getExecOutput(['login', '--password-stdin', '--username', regData.username, regData.registry], {
-  process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
+      ignoreReturnCode: true,
-  process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
+      silent: true,
-
+      input: Buffer.from(regData.password)
-  core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
+    }).then(res => {
-  const loginCmd = await aws.getDockerLoginCmd(cliVersion, registry, region);
+      if (res.stderr.length > 0 && res.exitCode != 0) {
-
+        throw new Error(res.stderr.trim());
  core.info(`🔑 Logging into ${registry}...`);
  execm.exec(loginCmd, [], true).then(res => {
    if (res.stderr != '' && !res.success) {
      throw new Error(res.stderr);
      }
-    core.info('🎉 Login Succeeded!');
+      core.info('Login Succeeded!');
    });
  }
 }
--- a/src/exec.ts
+++ b/src/exec.ts
@ -1,40 +0,0 @@
 import * as actionsExec from '@actions/exec';
 import {ExecOptions} from '@actions/exec';
 export interface ExecResult {
  success: boolean;
  stdout: string;
  stderr: string;
 }
 export const exec = async (
  command: string,
  args: string[] = [],
  silent: boolean,
  stdin?: string
 ): Promise<ExecResult> => {
  let stdout: string = '';
  let stderr: string = '';
  const options: ExecOptions = {
    silent: silent,
    ignoreReturnCode: true,
    input: Buffer.from(stdin || '')
  };
  options.listeners = {
    stdout: (data: Buffer) => {
      stdout += data.toString();
    },
    stderr: (data: Buffer) => {
      stderr += data.toString();
    }
  };
  const returnCode: number = await actionsExec.exec(command, args, options);
  return {
    success: returnCode === 0,
    stdout: stdout.trim(),
    stderr: stderr.trim()
  };
 };
--- a/src/main.ts
+++ b/src/main.ts
@ -1,33 +1,61 @@
-import * as os from 'os';
+import * as yaml from 'js-yaml';
 import * as core from '@actions/core';
-import {getInputs, Inputs} from './context';
+import * as actionsToolkit from '@docker/actions-toolkit';
 import * as context from './context';
 import * as docker from './docker';
 import * as stateHelper from './state-helper';
-export async function run(): Promise<void> {
+interface Auth {
-  try {
+  registry: string;
-    if (os.platform() !== 'linux') {
+  username: string;
-      throw new Error('Only supported on linux platform');
+  password: string;
  ecr: string;
 }
-    const {registry, username, password, logout} = getInputs();
+export async function main(): Promise<void> {
-    stateHelper.setRegistry(registry);
+  const inputs: context.Inputs = context.getInputs();
-    stateHelper.setLogout(logout);
+  stateHelper.setLogout(inputs.logout);
-    await docker.login(registry, username, password);
+
-  } catch (error) {
+  if (inputs.registryAuth && (inputs.registry || inputs.username || inputs.password || inputs.ecr)) {
-    core.setFailed(error.message);
+    throw new Error('Cannot use registry-auth with other inputs');
  }
  if (!inputs.registryAuth) {
    stateHelper.setRegistries([inputs.registry || 'docker.io']);
    await docker.login(inputs.registry || 'docker.io', inputs.username, inputs.password, inputs.ecr || 'auto');
    return;
  }
  const auths = yaml.load(inputs.registryAuth) as Auth[];
  if (auths.length == 0) {
    throw new Error('No registry to login');
  }
  const registries: string[] = [];
  for (const auth of auths) {
    if (!auth.registry) {
      registries.push('docker.io');
    } else {
      registries.push(auth.registry);
    }
  }
  stateHelper.setRegistries(registries.filter((value, index, self) => self.indexOf(value) === index));
  for (const auth of auths) {
    await core.group(`Login to ${auth.registry || 'docker.io'}`, async () => {
      await docker.login(auth.registry || 'docker.io', auth.username, auth.password, auth.ecr || 'auto');
    });
  }
 }
-async function logout(): Promise<void> {
+async function post(): Promise<void> {
  if (!stateHelper.logout) {
    return;
  }
-  await docker.logout(stateHelper.registry);
+  for (const registry of stateHelper.registries.split(',')) {
    await docker.logout(registry);
  }
 }
-if (!stateHelper.IsPost) {
+actionsToolkit.run(main, post);
  run();
 } else {
  logout();
 }
--- a/src/state-helper.ts
+++ b/src/state-helper.ts
@ -1,17 +1,12 @@
 import * as core from '@actions/core';
-export const IsPost = !!process.env['STATE_isPost'];
+export const registries = process.env['STATE_registries'] || '';
 export const registry = process.env['STATE_registry'] || '';
 export const logout = /true/i.test(process.env['STATE_logout'] || '');
-export function setRegistry(registry: string) {
+export function setRegistries(registries: string[]) {
-  core.saveState('registry', registry);
+  core.saveState('registries', registries.join(','));
 }
-export function setLogout(logout: string) {
+export function setLogout(logout: boolean) {
  core.saveState('logout', logout);
 }
 if (!IsPost) {
  core.saveState('isPost', 'true');
 }
--- a/tsconfig.json
+++ b/tsconfig.json
@ -1,18 +1,21 @@
 {
  "compilerOptions": {
    "esModuleInterop": true,
    "target": "es6",
    "module": "commonjs",
-    "lib": [
+    "strict": true,
      "es6",
      "dom"
    ],
    "newLine": "lf",
    "outDir": "./lib",
    "rootDir": "./src",
-    "strict": true,
+    "forceConsistentCasingInFileNames": true,
    "noImplicitAny": false,
-    "esModuleInterop": true,
+    "resolveJsonModule": true,
-    "sourceMap": true
+    "useUnknownInCatchVariables": false,
  },
-  "exclude": ["node_modules", "**/*.test.ts"]
+  "exclude": [
    "./__tests__/**/*",
    "./lib/**/*",
    "node_modules",
    "jest.config.ts"
  ]
 }
--- a/yarn.lock
+++ b/yarn.lock
		`@ -0,0 +1,3 @@`
							`# Code of conduct`

							`- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)`