chore(deps): bump docker/setup-buildx-action from 3 to 4

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
fix(ci): use docker login --password-stdin (bypass login-action@v3)
2026-06-13 10:53:20 +00:00 · 2026-05-25 19:45:13 +00:00 · 2026-05-25 15:42:40 -04:00
4 changed files with 14 additions and 9 deletions
@@ -277,7 +277,7 @@ jobs:

    - name: Set up Docker Buildx
      continue-on-error: true
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4

    - name: Log in to Container Registry
      continue-on-error: true
@@ -27,7 +27,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4

-      - uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-buildx-action@v4

      - uses: docker/login-action@v3
        with:
@@ -166,7 +166,7 @@ jobs:

    - name: Set up Docker Buildx
      continue-on-error: true
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4

    - name: Build Docker image for scanning
      continue-on-error: true
@@ -58,14 +58,19 @@ jobs:
      # by the runner, not built on a separate arm64 host).
      - uses: docker/setup-qemu-action@v3

-      - uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-buildx-action@v4

      - name: Log in to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          registry: docker.io
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        # Bypassing docker/login-action@v3: the action kept emitting
+        # "malformed HTTP Authorization header" against a known-good
+        # dckr_pat_* token (verified by direct curl against the Hub API).
+        # `docker login --password-stdin` is the documented credential
+        # path and avoids whatever encoding step the action injects.
+        env:
+          DH_USER: ${{ secrets.DOCKERHUB_USERNAME }}
+          DH_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+        run: |
+          printf '%s' "$DH_TOKEN" | docker login docker.io -u "$DH_USER" --password-stdin

      - name: Log in to ghcr.io
        uses: docker/login-action@v3