Support Docker credential helpers (#1075)

* support docker credential and add docker-credential-ecr-login into alpine image

* Remove ecr from docker and add docs

* Update docs/docs/30-administration/22-backends/10-docker.md

Co-authored-by: WeStone <xuecanlong@qq.com>
Co-authored-by: Anbraten <anton@ju60.de>

docs/docs/30-administration/22-backends/10-docker.md

@@ -14,6 +14,18 @@ Set to the name of an existing network which will be attached to all your pipeli
 
 Enable IPv6 for the networks used by pipeline containers (steps). Make sure you configured your docker daemon to support IPv6.
 
+## Docker credentials
+
+Woodpecker supports [Docker credentials](https://github.com/docker/docker-credential-helpers) to securely store registry credentials. Install your corresponding credential helper and configure it in your Docker config file passed via [`WOODPECKER_DOCKER_CONFIG`](/docs/administration/server-config#woodpecker_docker_config).
+
+To add your credential helper to the Woodpecker server container you could use the following code to build a custom image:
+
+```dockerfile
+FROM woodpeckerci/woodpecker-server:latest-alpine
+
+RUN apk add -U --no-cache docker-credential-ecr-login
+```
+
 ## Podman support
 
 While the agent was developped with Docker/Moby, Podman can also be used by setting the environment variable `DOCKER_SOCK` to point to the podman socket. In order to work without workarounds, Podman 4.0 (or above) is required.

server/plugins/registry/filesystem.go

@@ -40,6 +40,13 @@ func parseDockerConfig(path string) ([]*model.Registry, error) {
 		return nil, err
 	}
 
+	for registryHostname := range configFile.CredentialHelpers {
+		newAuth, err := configFile.GetAuthConfig(registryHostname)
+		if err == nil {
+			configFile.AuthConfigs[registryHostname] = newAuth
+		}
+	}
+
 	for addr, ac := range configFile.AuthConfigs {
 		if ac.Auth != "" {
 			ac.Username, ac.Password, err = decodeAuth(ac.Auth)