build(deps): bump github/codeql-action from 4.36.0 to 4.36.2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.0 to 4.36.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #1008 from crazy-max/ci-ghcr-dind-test-image
2026-06-08 17:42:53 +03:00 · 2026-06-08 05:53:38 +00:00 · 2026-06-04 16:12:23 +02:00 · 2026-06-02 14:16:24 +02:00
7 changed files with 207 additions and 185 deletions
@@ -7,6 +7,9 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+env:
+  GHCR_TEST_IMAGE: ghcr.io/docker/login-action-test:ci-${{ github.sha }}
+
 on:
  workflow_dispatch:
  schedule:
@@ -56,8 +59,39 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}
          logout: ${{ matrix.logout }}

+  push-ghcr:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      -
+        name: Login to GitHub Container Registry
+        uses: ./
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push test image
+        run: |
+          docker buildx build --push -t "${GHCR_TEST_IMAGE}" - <<EOF
+          FROM scratch
+          LABEL org.opencontainers.image.title="docker/login-action CI test image"
+          LABEL org.opencontainers.image.description="Empty image used by CI to verify GHCR authentication."
+          LABEL org.opencontainers.image.source="https://github.com/${GITHUB_REPOSITORY}"
+          EOF
+
  dind:
    runs-on: ubuntu-latest
+    needs:
+      - push-ghcr
+    permissions:
+      contents: read
+      packages: read
    env:
      DOCKER_CONFIG: $HOME/.docker
    steps:
@@ -69,19 +103,19 @@ jobs:
        uses: ./
        with:
          registry: ghcr.io
-          username: ${{ secrets.GHCR_USERNAME }}
-          password: ${{ secrets.GHCR_PAT }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: DinD
        uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
        with:
          entrypoint: docker
-          args: pull ghcr.io/docker-ghactiontest/test
+          args: pull ${{ env.GHCR_TEST_IMAGE }}
      -
-        name: Pull private image
+        name: Pull test image
        run: |
          docker image prune -a -f >/dev/null 2>&1
-          docker pull ghcr.io/docker-ghactiontest/test
+          docker pull "${GHCR_TEST_IMAGE}"

  acr:
    runs-on: ubuntu-latest
@@ -35,12 +35,12 @@ jobs:
          node-version: ${{ env.NODE_VERSION }}
      -
        name: Initialize CodeQL
-        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
        with:
          languages: javascript-typescript
          build-mode: none
      -
        name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
        with:
          category: "/language:javascript-typescript"
@@ -2821,12 +2821,11 @@ SOFTWARE.

 -----------

-The following npm packages may be included in this product:
+The following npm package may be included in this product:

 - js-yaml@4.1.1
- - js-yaml@4.2.0

-These packages each contain the following license:
+This package contains the following license:

 (The MIT License)

@@ -29,7 +29,7 @@
    "@docker/actions-toolkit": "^0.91.0",
    "http-proxy-agent": "^9.0.0",
    "https-proxy-agent": "^9.0.0",
-    "js-yaml": "^4.2.0"
+    "js-yaml": "^4.1.1"
  },
  "devDependencies": {
    "@eslint/js": "^9.39.3",
@@ -3276,7 +3276,7 @@ __metadata:
    globals: "npm:^17.3.0"
    http-proxy-agent: "npm:^9.0.0"
    https-proxy-agent: "npm:^9.0.0"
-    js-yaml: "npm:^4.2.0"
+    js-yaml: "npm:^4.1.1"
    prettier: "npm:^3.8.1"
    typescript: "npm:^5.9.3"
    vitest: "npm:^4.0.18"
@@ -4459,17 +4459,6 @@ __metadata:
  languageName: node
  linkType: hard

-"js-yaml@npm:^4.2.0":
-  version: 4.2.0
-  resolution: "js-yaml@npm:4.2.0"
-  dependencies:
-    argparse: "npm:^2.0.1"
-  bin:
-    js-yaml: bin/js-yaml.js
-  checksum: 10/51de2067a2b44b07ba5206132e56005f8b568ff279bb4d2f645068958c56fa4827d40a6841c983234671fa0a134bf094d0b0717873c2a3d319185297af145a6d
-  languageName: node
-  linkType: hard
-
 "jsbn@npm:1.1.0":
  version: 1.1.0
  resolution: "jsbn@npm:1.1.0"