fix: parse registry_info CLI output without shell expansion

The previous registry_info.sh ran `echo $REGISTRY_INFO > registry_info.env`
followed by `source registry_info.env`, both of which re-expand any `$` in
the value. Harbor robot usernames are `robot$<project>+push`, so
`$<project>` was being treated as an unset shell variable and dropped,
leaving `robot-<rest>+push` — which Harbor rejects with 401 at docker
login.

Read each KEY=VALUE pair via `read -r`, which preserves the literal `$`,
and set the env vars from the captured variables.

Also convert actions/utils/registry_info/action.yml from a docker action
to a composite action, so the fixed script in this branch is used at run
time instead of the version baked into the published image.

Author: sndagster

actions/utils/registry_info/action.yml

@@ -11,6 +11,25 @@ inputs:
     required: false
     description: "Alternative to providing organization ID. The URL of your Dagster Cloud organization."
 runs:
-  using: "docker"
-  image: "docker://ghcr.io/dagster-io/dagster-cloud-action:1.12.17"
-  entrypoint: "/registry_info.sh"
+  # Composite (not docker) so the fixed registry_info.sh from this branch is
+  # used directly, not the version baked into the published image. The script
+  # avoids `source` and unquoted `echo` so a `$` in the username (Harbor robot
+  # accounts: robot$<project>+push) survives shell expansion.
+  using: "composite"
+  steps:
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install dagster-cloud CLI
+      shell: bash
+      run: python -m pip install --quiet dagster-cloud-cli
+
+    - name: Fetch registry info
+      shell: bash
+      env:
+        INPUT_ORGANIZATION_ID: ${{ inputs.organization_id }}
+        INPUT_DEPLOYMENT: ${{ inputs.deployment }}
+        INPUT_DAGSTER_CLOUD_URL: ${{ inputs.dagster_cloud_url }}
+      run: bash ${{ github.action_path }}/../../../src/registry_info.sh

src/registry_info.sh

@@ -15,8 +15,23 @@ while (( !AWS_ECR_PASSWORD && count < 6 )); do
     REGISTRY_INFO=$(dagster-cloud serverless registry-info \
         --url "${DAGSTER_CLOUD_URL}/${INPUT_DEPLOYMENT}" \
         --api-token "$DAGSTER_CLOUD_API_TOKEN")
-    echo $REGISTRY_INFO > registry_info.env
-    source registry_info.env
+    # Parse KEY=VALUE pairs without `source` or unquoted `echo`, because
+    # either would re-expand any `$` in the value (e.g. Harbor robot
+    # usernames are `robot$<project>+push`) and mangle the credential.
+    AWS_ECR_USERNAME=""
+    AWS_ECR_PASSWORD=""
+    REGISTRY_URL=""
+    AWS_DEFAULT_REGION=""
+    CUSTOM_BASE_IMAGE_ALLOWED=""
+    while IFS='=' read -r _key _value; do
+        case "$_key" in
+            AWS_ECR_USERNAME) AWS_ECR_USERNAME="$_value" ;;
+            AWS_ECR_PASSWORD) AWS_ECR_PASSWORD="$_value" ;;
+            REGISTRY_URL) REGISTRY_URL="$_value" ;;
+            AWS_DEFAULT_REGION) AWS_DEFAULT_REGION="$_value" ;;
+            CUSTOM_BASE_IMAGE_ALLOWED) CUSTOM_BASE_IMAGE_ALLOWED="$_value" ;;
+        esac
+    done <<<"$REGISTRY_INFO"
     count=$(($count + 1))
     if [ ! -z "$AWS_ECR_PASSWORD" ]; then
         echo "Loaded registry information."