From 86856eb41231cee8fb44040fa432c2ec12870ed5 Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Tue, 22 Sep 2020 20:49:18 +0200
Subject: [PATCH 1/3] Expose Git secret token if default context used

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 README.md      | 258 +++++++++++++++++++++++--------------------------
 action.yml     |   4 +
 dist/index.js  |  25 ++++-
 src/context.ts |  18 +++-
 4 files changed, 158 insertions(+), 147 deletions(-)

diff --git a/README.md b/README.md
index 85b0f1b..5bcbd20 100644
--- a/README.md
+++ b/README.md
@@ -45,10 +45,7 @@ build-secrets, remote cache, etc. and different builder deployment/namespacing o
 
 The default behavior of this action is to use the [Git context invoked by your workflow](https://github.com/docker/build-push-action/blob/master/src/context.ts#L35).
 
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
+```yaml
 name: ci
 
 on:
@@ -81,11 +78,10 @@ jobs:
       -
         name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
-  ```
-</details>
+```
 
-If you use this action in a private repository, you have to pass the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
-as a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
+If you want to authenticate against a private repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able
+to authenticate against it with buildx:
 
 ```yaml
       -
@@ -96,7 +92,7 @@ as a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with bu
           push: true
           tags: user/app:latest
           secrets: |
-            GIT_AUTH_TOKEN=${{ github.token }}
+            GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}
 ```
 
 > :warning: Subdir for Git context is [not yet supported](https://github.com/docker/build-push-action/issues/120).
@@ -106,140 +102,128 @@ as a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with bu
 
 You can also use the `PATH` context alongside the [`actions/checkout`](https://github.com/actions/checkout/) action.
 
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
+```yaml
+name: ci
 
-  on:
-    push:
-      branches: master
+on:
+  push:
+    branches: master
 
-  jobs:
-    path-context:
-      runs-on: ubuntu-latest
-      steps:
-        -
-          name: Checkout
-          uses: actions/checkout@v2
-        -
-          name: Set up QEMU
-          uses: docker/setup-qemu-action@v1
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v1
-        -
-          name: Login to DockerHub
-          uses: docker/login-action@v1
-          with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
-        -
-          name: Build and push
-          uses: docker/build-push-action@v2
-          with:
-            context: .
-            file: ./Dockerfile
-            platforms: linux/amd64,linux/arm64,linux/386
-            push: true
-            tags: user/app:latest
-  ```
-</details>
+jobs:
+  path-context:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64,linux/386
+          push: true
+          tags: user/app:latest
+```
 
 ### Isolated builders
 
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
+```yaml
+name: ci
 
-  on:
-    push:
-      branches: master
+on:
+  push:
+    branches: master
 
-  jobs:
-    multi-builders:
-      runs-on: ubuntu-latest
-      steps:
-        -
-          uses: docker/setup-buildx-action@v1
-          id: builder1
-        -
-          uses: docker/setup-buildx-action@v1
-          id: builder2
-        -
-          name: Builder 1 name
-          run: echo ${{ steps.builder1.outputs.name }}
-        -
-          name: Builder 2 name
-          run: echo ${{ steps.builder2.outputs.name }}
-        -
-          name: Build against builder1
-          uses: docker/build-push-action@v2
-          with:
-            builder: ${{ steps.builder1.outputs.name }}
-            target: mytarget1
-        -
-          name: Build against builder2
-          uses: docker/build-push-action@v2
-          with:
-            builder: ${{ steps.builder2.outputs.name }}
-            target: mytarget2
-  ```
-</details>
+jobs:
+  multi-builders:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        uses: docker/setup-buildx-action@v1
+        id: builder1
+      -
+        uses: docker/setup-buildx-action@v1
+        id: builder2
+      -
+        name: Builder 1 name
+        run: echo ${{ steps.builder1.outputs.name }}
+      -
+        name: Builder 2 name
+        run: echo ${{ steps.builder2.outputs.name }}
+      -
+        name: Build against builder1
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.builder1.outputs.name }}
+          target: mytarget1
+      -
+        name: Build against builder2
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.builder2.outputs.name }}
+          target: mytarget2
+```
 
 ### Multi-platform image
 
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
+```yaml
+name: ci
 
-  on:
-    push:
-      branches: master
+on:
+  push:
+    branches: master
 
-  jobs:
-    multi:
-      runs-on: ubuntu-latest
-      steps:
-        -
-          name: Checkout
-          uses: actions/checkout@v2
-        -
-          name: Set up QEMU
-          uses: docker/setup-qemu-action@v1
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v1
-        -
-          name: Login to DockerHub
-          uses: docker/login-action@v1 
-          with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
-        -
-          name: Build and push
-          uses: docker/build-push-action@v2
-          with:
-            context: .
-            file: ./Dockerfile
-            platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
-            push: true
-            tags: |
-              user/app:latest
-              user/app:1.0.0
-  ```
-</details>
+jobs:
+  multi:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+          push: true
+          tags: |
+            user/app:latest
+            user/app:1.0.0
+```
 
 ## Advanced usage
 
 ### Local registry
 
-For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into.
+For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
 
 <details>
   <summary><b>Show workflow</b></summary>
@@ -284,7 +268,7 @@ For testing purposes you may need to create a [local registry](https://hub.docke
 ### Leverage GitHub cache
 
 You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
-using [actions/cache](https://github.com/actions/cache) with this action.
+using [actions/cache](https://github.com/actions/cache) with this action:
 
 <details>
   <summary><b>Show workflow</b></summary>
@@ -338,15 +322,6 @@ The following workflow with the `Prepare` step will generate some [outputs](http
 to handle tags and labels based on GitHub actions events. This is just an example to show many cases that you
 might want to use:
 
-| Event           | Ref                           | Commit SHA | Docker Tag                         | Pushed |
-|-----------------|-------------------------------|------------|------------------------------------|--------|
-| `schedule`      |                               |            | `nightly`                          | Yes    |
-| `pull_request`  | `refs/pull/2/merge`           | `a123b57`  | `pr-2`                             | No     |
-| `push`          | `refs/heads/<default_branch>` | `676cae2`  | `sha-676cae2`, `edge`              | Yes    |
-| `push`          | `refs/heads/dev`              | `cf20257`  | `sha-cf20257`, `dev`               | Yes    |
-| `push`          | `refs/heads/my/branch`        | `a5df687`  | `sha-a5df687`, `my-branch`         | Yes    |
-| `push tag`      | `refs/tags/v1.2.3`            |            | `v1.2.3`, `v1.2`, `v1`, `latest`   | Yes    |
-
 <details>
   <summary><b>Show workflow</b></summary>
   
@@ -434,11 +409,20 @@ might want to use:
   ```
 </details>
 
+| Event           | Ref                           | Commit SHA | Docker Tag                         | Pushed |
+|-----------------|-------------------------------|------------|------------------------------------|--------|
+| `schedule`      |                               |            | `nightly`                          | Yes    |
+| `pull_request`  | `refs/pull/2/merge`           | `a123b57`  | `pr-2`                             | No     |
+| `push`          | `refs/heads/<default_branch>` | `676cae2`  | `sha-676cae2`, `edge`              | Yes    |
+| `push`          | `refs/heads/dev`              | `cf20257`  | `sha-cf20257`, `dev`               | Yes    |
+| `push`          | `refs/heads/my/branch`        | `a5df687`  | `sha-a5df687`, `my-branch`         | Yes    |
+| `push tag`      | `refs/tags/v1.2.3`            |            | `v1.2.3`, `v1.2`, `v1`, `latest`   | Yes    |
+
 ### Update DockerHub repo description
 
 You can update the [Docker Hub repository description](https://docs.docker.com/docker-hub/repos/) using
 a third-party action called [Docker Hub Description](https://github.com/peter-evans/dockerhub-description)
-with this action.
+with this action:
 
 <details>
   <summary><b>Show workflow</b></summary>
diff --git a/action.yml b/action.yml
index 5734fe3..ec7feb8 100644
--- a/action.yml
+++ b/action.yml
@@ -64,6 +64,10 @@ inputs:
   secrets:
     description: "List of secrets to expose to the build (eg. key=value, GIT_AUTH_TOKEN=mytoken)"
     required: false
+  github-token:
+    description: "GitHub Token used to authenticate against a repository for Git context"
+    default: ${{ github.token }}
+    required: false
 
 outputs:
   digest:
diff --git a/dist/index.js b/dist/index.js
index 063f93f..3c0c05e 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -7955,6 +7955,12 @@ function convertBody(buffer, headers) {
 	// html4
 	if (!res && str) {
 		res = /<meta[\s]+?http-equiv=(['"])content-type\1[\s]+?content=(['"])(.+?)\2/i.exec(str);
+		if (!res) {
+			res = /<meta[\s]+?content=(['"])(.+?)\1[\s]+?http-equiv=(['"])content-type\3/i.exec(str);
+			if (res) {
+				res.pop(); // drop last quote
+			}
+		}
 
 		if (res) {
 			res = /charset=(.*)/i.exec(res.pop());
@@ -8962,7 +8968,7 @@ function fetch(url, opts) {
 				// HTTP fetch step 5.5
 				switch (request.redirect) {
 					case 'error':
-						reject(new FetchError(`redirect mode is set to error: ${request.url}`, 'no-redirect'));
+						reject(new FetchError(`uri requested responds with a redirect, redirect mode is set to error: ${request.url}`, 'no-redirect'));
 						finalize();
 						return;
 					case 'manual':
@@ -9001,7 +9007,8 @@ function fetch(url, opts) {
 							method: request.method,
 							body: request.body,
 							signal: request.signal,
-							timeout: request.timeout
+							timeout: request.timeout,
+							size: request.size
 						};
 
 						// HTTP-redirect fetch step 9
@@ -13640,11 +13647,11 @@ const buildx = __importStar(__webpack_require__(295));
 const core = __importStar(__webpack_require__(186));
 const github = __importStar(__webpack_require__(438));
 exports.tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-'));
+const defaultContext = `https://github.com/${github.context.repo.owner}/${github.context.repo.repo}#${github.context.ref}`;
 function getInputs() {
     return __awaiter(this, void 0, void 0, function* () {
         return {
-            context: core.getInput('context') ||
-                `https://github.com/${github.context.repo.owner}/${github.context.repo.repo}#${github.context.ref}`,
+            context: core.getInput('context') || defaultContext,
             file: core.getInput('file') || 'Dockerfile',
             buildArgs: yield getInputList('build-args'),
             labels: yield getInputList('labels'),
@@ -13660,7 +13667,8 @@ function getInputs() {
             outputs: yield getInputList('outputs', true),
             cacheFrom: yield getInputList('cache-from', true),
             cacheTo: yield getInputList('cache-to', true),
-            secrets: yield getInputList('secrets', true)
+            secrets: yield getInputList('secrets', true),
+            githubToken: core.getInput('github-token')
         };
     });
 }
@@ -13708,9 +13716,16 @@ function getBuildArgs(inputs, buildxVersion) {
         yield exports.asyncForEach(inputs.cacheTo, (cacheTo) => __awaiter(this, void 0, void 0, function* () {
             args.push('--cache-to', cacheTo);
         }));
+        let hasGitAuthToken = false;
         yield exports.asyncForEach(inputs.secrets, (secret) => __awaiter(this, void 0, void 0, function* () {
+            if (secret.startsWith('GIT_AUTH_TOKEN=')) {
+                hasGitAuthToken = true;
+            }
             args.push('--secret', yield buildx.getSecret(secret));
         }));
+        if (inputs.githubToken && !hasGitAuthToken && inputs.context == defaultContext) {
+            args.push('--secret', yield buildx.getSecret(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
+        }
         if (inputs.file) {
             args.push('--file', inputs.file);
         }
diff --git a/src/context.ts b/src/context.ts
index 6977e3f..98eef07 100644
--- a/src/context.ts
+++ b/src/context.ts
@@ -6,7 +6,8 @@ import * as buildx from './buildx';
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
-export const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-'));
+export const tmpDir: string = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-'));
+const defaultContext: string = `https://github.com/${github.context.repo.owner}/${github.context.repo.repo}#${github.context.ref}`;
 
 export interface Inputs {
   context: string;
@@ -26,13 +27,12 @@ export interface Inputs {
   cacheFrom: string[];
   cacheTo: string[];
   secrets: string[];
+  githubToken: string;
 }
 
 export async function getInputs(): Promise<Inputs> {
   return {
-    context:
-      core.getInput('context') ||
-      `https://github.com/${github.context.repo.owner}/${github.context.repo.repo}#${github.context.ref}`,
+    context: core.getInput('context') || defaultContext,
     file: core.getInput('file') || 'Dockerfile',
     buildArgs: await getInputList('build-args'),
     labels: await getInputList('labels'),
@@ -48,7 +48,8 @@ export async function getInputs(): Promise<Inputs> {
     outputs: await getInputList('outputs', true),
     cacheFrom: await getInputList('cache-from', true),
     cacheTo: await getInputList('cache-to', true),
-    secrets: await getInputList('secrets', true)
+    secrets: await getInputList('secrets', true),
+    githubToken: core.getInput('github-token')
   };
 }
 
@@ -92,9 +93,16 @@ async function getBuildArgs(inputs: Inputs, buildxVersion: string): Promise<Arra
   await asyncForEach(inputs.cacheTo, async cacheTo => {
     args.push('--cache-to', cacheTo);
   });
+  let hasGitAuthToken: boolean = false;
   await asyncForEach(inputs.secrets, async secret => {
+    if (secret.startsWith('GIT_AUTH_TOKEN=')) {
+      hasGitAuthToken = true;
+    }
     args.push('--secret', await buildx.getSecret(secret));
   });
+  if (inputs.githubToken && !hasGitAuthToken && inputs.context == defaultContext) {
+    args.push('--secret', await buildx.getSecret(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
+  }
   if (inputs.file) {
     args.push('--file', inputs.file);
   }

From 32351da9d7e807c843c344055923406763073ac0 Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Tue, 22 Sep 2020 20:53:40 +0200
Subject: [PATCH 2/3] Update CI workflow

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 .github/workflows/ci.yml | 54 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 48 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3452d5b..11618c4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,11 +11,53 @@ on:
 jobs:
   git-context:
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        buildx-version:
-          - latest
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2.3.2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+      -
+        name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: latest
+          driver-opts: network=host
+      -
+        name: Build and push
+        id: docker_build
+        uses: ./
+        with:
+          file: ./test/Dockerfile
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            localhost:5000/name/app:latest
+            localhost:5000/name/app:1.0.0
+      -
+        name: Inspect
+        run: |
+          docker buildx imagetools inspect localhost:5000/name/app:1.0.0
+      -
+        name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
+      -
+        name: Dump context
+        if: always()
+        uses: crazy-max/ghaction-dump-context@v1
+
+  git-context-secret:
+    runs-on: ubuntu-latest
     services:
       registry:
         image: registry:2
@@ -50,7 +92,7 @@ jobs:
             localhost:5000/name/app:latest
             localhost:5000/name/app:1.0.0
           secrets: |
-            GIT_AUTH_TOKEN=${{ github.token }}
+            GIT_AUTH_TOKEN=01234567890abcdefgh
       -
         name: Inspect
         run: |

From e952699f4d013b228ee24a72da01faae20ece9d1 Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Wed, 23 Sep 2020 11:04:40 +0200
Subject: [PATCH 3/3] Fix CI workflow and README

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 .github/workflows/ci.yml | 2 +-
 README.md                | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 11618c4..ed78c32 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -92,7 +92,7 @@ jobs:
             localhost:5000/name/app:latest
             localhost:5000/name/app:1.0.0
           secrets: |
-            GIT_AUTH_TOKEN=01234567890abcdefgh
+            GIT_AUTH_TOKEN=${{ github.token }}
       -
         name: Inspect
         run: |
diff --git a/README.md b/README.md
index 5bcbd20..b7a683f 100644
--- a/README.md
+++ b/README.md
@@ -80,8 +80,9 @@ jobs:
         run: echo ${{ steps.docker_build.outputs.digest }}
 ```
 
-If you want to authenticate against a private repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able
-to authenticate against it with buildx:
+Building from current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
+as provided by `secrets` so it does not need to be passed. But if you want to authenticate against another private
+repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
 
 ```yaml
       -