docker auth: improve missing user/pwd

[Frankkkkk]

Specify the "missing username and password" error message. This makes debugging the action easier when for example mistyping the username or the password.

Thanks and cheers!

[crazy-max]

Thanks for this PR but I think the error message to users should remain generic. You can still check what value is empty in the login step (expand Run docker/login-action@v3):

[Frankkkkk]

Hi @crazy-max , thanks for your message. Any reason why you want the error message to be generic? I genuinely can't see why?

These actions are also used outside Github (for example on Gitea or Forgejo. Basically on any act runner). On those, the details are not shown: Thus why it adds more info Thanks

[Frankkkkk]

Done, thanks. Curious question: the dist file are so large; how do you make sure that a malicious user didn't embed some nefarious content in it ? Subsidiary one: how do you deal with conflicts on MRs ? Do all contributors always have to rebase on every change on main? Thanks!

[crazy-max]

Curious question: the dist file are so large; how do you make sure that a malicious user didn't embed some nefarious content in it ?

We have a scanner and CodeQL running as well to avoid that. Also considering our dependencies tree we are quite confident we consume vetted packages: https://github.com/docker/login-action/blob/70fccc794acd729b2b22dd6a326895f286447728/package.json#L27-L34

Subsidiary one: how do you deal with conflicts on MRs ? Do all contributors always have to rebase on every change on main?

Yes indeed this is currently painful but no other choice atm. GitHub plans to change that in the future to use GitHub Packages to ship actions instead (was told about this two years ago though).