actions

Author: ablack3

.github/workflows/build-test-sign-image.yaml

@@ -41,6 +41,7 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+          logout: false
 
       # Log in to Azure CR with token that can pull the base image (ARACHNE_DOCKER_REGISTRY_TOKEN).
       - name: Log in to Azure CR (pull base image)
@@ -49,6 +50,7 @@ jobs:
           registry: executionengine.azurecr.io
           username: github-actions-push
           password: ${{ secrets.ARACHNE_DOCKER_REGISTRY_TOKEN }}
+          logout: false
 
       # Try to pull base image; only build if pull fails (e.g. first run or base not yet published).
       - name: Try pull base image
@@ -82,6 +84,7 @@ jobs:
           registry: executionengine.azurecr.io
           username: github-actions-push
           password: ${{ secrets.CONTAINER_REGISTRY_TOKEN }}
+          logout: false
 
       # When we built the base locally, push it so future runs can pull it.
       - name: Push base image to Azure CR
@@ -198,12 +201,3 @@ jobs:
           # This signs the attached attestations (provenance/SBOM) for that digest.
           cosign sign-attestation --yes "${IMAGE}@${DIGEST}"
 
-      # Log out from Azure CR (login-action requires password even for logout)
-      - name: Log out from Azure Container Registry
-        if: always()
-        uses: docker/login-action@v3
-        with:
-          registry: executionengine.azurecr.io
-          username: github-actions-push
-          password: ${{ secrets.CONTAINER_REGISTRY_TOKEN }}
-          logout: true