GitHub Action to build and push Docker images with Buildx
Go to file
CrazyMax 1c21811610
Move zeit/ncc to vercel/ncc
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2020-08-21 13:39:42 +02:00
__tests__ Add digest output 2020-08-17 22:18:37 +02:00
.github Bug report template 2020-08-19 21:52:47 +02:00
dist Move zeit/ncc to vercel/ncc 2020-08-21 13:39:42 +02:00
setup-buildx Fix package name 2020-08-17 02:28:28 +02:00
setup-qemu Fix and cleanup of v2 setup actions 2020-08-16 04:14:43 +02:00
src Add digest output 2020-08-17 22:18:37 +02:00
test Remove bake support for now (future release or subaction) 2020-08-17 18:26:46 +02:00
.editorconfig Move editorconfig 2020-08-11 21:05:57 +02:00
.gitattributes Build push action v2 2020-08-16 00:36:41 +02:00
.gitignore Build push action v2 2020-08-16 00:36:41 +02:00
.prettierrc.json Build push action v2 2020-08-16 00:36:41 +02:00
action.yml Fix name 2020-08-20 15:09:19 +02:00
CHANGELOG.md Add CHANGELOG 2020-08-19 18:33:47 +02:00
jest.config.js Ignore subactions 2020-08-17 02:47:12 +02:00
LICENSE Rename LICENCE to LICENSE 2020-03-17 18:43:10 -07:00
package.json Move zeit/ncc to vercel/ncc 2020-08-21 13:39:42 +02:00
README.md Fix TOC 2020-08-20 17:28:17 +02:00
tsconfig.json Build push action v2 2020-08-16 00:36:41 +02:00
yarn.lock Move zeit/ncc to vercel/ncc 2020-08-21 13:39:42 +02:00

GitHub release GitHub marketplace CI workflow Test workflow

About

GitHub Action to build and push Docker images.

💡 See also our setup-buildx and setup-qemu actions

Screenshot


Usage

This action uses our setup-buildx action that extends the docker build command named buildx with the full support of the features provided by Moby BuildKit builder toolkit. This includes multi-arch build, build-secrets, remote cache, etc. and different builder deployment/namespacing options.

Quick start

name: ci

on:
  push:
    branches: master

jobs:
  main:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
        with:
          platforms: all
      -
        name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: crazy-max/ghaction-docker-login@v1 
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      -
        name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          builder: ${{ steps.buildx.outputs.name }}
          push: true
          tags: user/app:latest
      -
        name: Image digest
        run: echo ${{ steps.docker_build.outputs.digest }}

Multi-platform image

name: ci

on:
  push:
    branches: master

jobs:
  multi:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
        with:
          platforms: all
      -
        name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: crazy-max/ghaction-docker-login@v1 
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./Dockerfile
          platforms: linux/amd64,linux/arm64,linux/386
          push: true
          tags: |
            user/app:latest
            user/app:1.0.0            

Git context

You can build from Git directly without actions/checkout action, even in private repositories if your context is a valid Git url:

name: ci

on:
  push:
    branches: master

jobs:
  git-context:
    runs-on: ubuntu-latest
    steps:
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
        with:
          platforms: all
      -
        name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1
        with:
          version: latest
      -
        name: Login to DockerHub
        uses: crazy-max/ghaction-docker-login@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: "${{ github.repositoryUrl }}#${{ github.ref }}"
          platforms: linux/amd64,linux/arm64,linux/386
          push: true
          tags: |
            name/app:latest
            name/app:1.0.0            
        env:
          GIT_AUTH_TOKEN: ${{ github.token }}

Complete workflow

  • On pull_request event, Docker image name/app:edge is built.
  • On push event, Docker image name/app:edge is built and pushed to DockerHub.
  • On schedule event, Docker image name/app:nightly is built and pushed to DockerHub.
  • On push tags event, Docker image name/app:<version> and name/app:latest is built and pushed to DockerHub.
name: ci

on:
  schedule:
    - cron: '0 10 * * *' # everyday at 10am
  push:
    branches: master
    tags:
      - 'v*.*.*'
  pull_request:
    branches: master

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Prepare
        id: prep
        run: |
          DOCKER_IMAGE=name/app
          VERSION=edge
          if [[ $GITHUB_REF == refs/tags/* ]]; then
            VERSION=${GITHUB_REF#refs/tags/v}
          fi
          if [ "${{ github.event_name }}" = "schedule" ]; then
            VERSION=nightly
          fi
          TAGS="${DOCKER_IMAGE}:${VERSION}"
          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
            TAGS="$TAGS,${DOCKER_IMAGE}:latest"
          fi
          echo ::set-output name=tags::${TAGS}          
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
        with:
          platforms: all
      -
        name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: crazy-max/ghaction-docker-login@v1 
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      -
        name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./Dockerfile
          platforms: linux/amd64,linux/arm64,linux/386
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.prep.outputs.tags }}

Customizing

inputs

Following inputs can be used as step.with keys

Name Type Default Description
builder String Builder instance (see setup-buildx action)
context String . Build's context is the set of files located in the specified PATH or URL
file String ./Dockerfile Path to the Dockerfile.
build-args List List of build-time variables
labels List List of metadata for an image
tags List List of tags
pull Bool false Always attempt to pull a newer version of the image
target String Sets the target stage to build
allow List List of extra privileged entitlement (eg. network.host,security.insecure)
no-cache Bool false Do not use cache when building the image
platforms List List of target platforms for build
load Bool false Load is a shorthand for --output=type=docker
push Bool false Push is a shorthand for --output=type=registry
outputs List List of output destinations (format: type=local,dest=path)
cache-from List List of external cache sources (eg. user/app:cache, type=local,src=path/to/dir)
cache-to List List of cache export destinations (eg. user/app:cache, type=local,dest=path/to/dir)

List type can be a comma or newline-delimited string

tags: name/app:latest,name/app:1.0.0
tags: |
  name/app:latest
  name/app:1.0.0  

outputs

Following outputs are available

Name Type Description
digest String Image content-addressable identifier also called a digest

environment variables

Following environment variables can be used as step.env keys

Name Description
GIT_AUTH_HEADER¹ Raw authorization header to authenticate against git repository
GIT_AUTH_TOKEN¹ x-access-token basic auth to authenticate against git repository

¹ Only used if input.context is a valid git uri.

Keep up-to-date with GitHub Dependabot

Since Dependabot has native GitHub Actions support, to enable it on your GitHub repo all you need to do is add the .github/dependabot.yml file:

version: 2
updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"

Limitation

This action is only available for Linux virtual environments.