Enhance documentation
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
af867d4937
commit
a63b18dea2
551
README.md
551
README.md
|
@ -6,18 +6,18 @@
|
||||||
|
|
||||||
## Upgrade from v1
|
## Upgrade from v1
|
||||||
|
|
||||||
`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It
|
`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It's
|
||||||
works with 3 new actions ([login](https://github.com/docker/login-action), [setup-buildx](https://github.com/docker/setup-buildx-action)
|
also rewritten as a [typescript-action](https://github.com/actions/typescript-action/) to be as close as possible
|
||||||
and [setup-qemu](https://github.com/docker/setup-qemu-action)) that we have created. It's also rewritten as a
|
of the [GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
|
||||||
[typescript-action](https://github.com/actions/typescript-action/) to be as close as possible of the
|
|
||||||
[GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
|
|
||||||
|
|
||||||
[Upgrade notes](UPGRADE.md) and many [usage examples](#usage) have been added to handle most use cases but `v1` is
|
[Upgrade notes](UPGRADE.md) with many [usage examples](#advanced-usage) have been added to handle most use cases but
|
||||||
still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
|
`v1` is still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
|
||||||
|
|
||||||
## About
|
## About
|
||||||
|
|
||||||
GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx).
|
GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx) with full support of the
|
||||||
|
features provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-platform
|
||||||
|
build, secrets, remote cache, etc. and different builder deployment/namespacing options.
|
||||||
|
|
||||||
> :bulb: See also:
|
> :bulb: See also:
|
||||||
> * [login](https://github.com/docker/login-action) action
|
> * [login](https://github.com/docker/login-action) action
|
||||||
|
@ -31,46 +31,58 @@ ___
|
||||||
* [Usage](#usage)
|
* [Usage](#usage)
|
||||||
* [Git context](#git-context)
|
* [Git context](#git-context)
|
||||||
* [Path context](#path-context)
|
* [Path context](#path-context)
|
||||||
* [Isolated builders](#isolated-builders)
|
|
||||||
* [Multi-platform image](#multi-platform-image)
|
|
||||||
* [Advanced usage](#advanced-usage)
|
* [Advanced usage](#advanced-usage)
|
||||||
* [Push to multi-registries](#push-to-multi-registries)
|
* [Multi-platform image](docs/advanced/multi-platform.md)
|
||||||
* [Cache to registry](#cache-to-registry)
|
* [Secrets](docs/advanced/secrets.md)
|
||||||
* [Local registry](#local-registry)
|
* [Isolated builders](docs/advanced/isolated-builders.md)
|
||||||
* [Export image to Docker](#export-image-to-docker)
|
* [Push to multi-registries](docs/advanced/push-multi-registries.md)
|
||||||
* [Leverage GitHub cache](#leverage-github-cache)
|
* [Cache](docs/advanced/cache.md)
|
||||||
* [Handle tags and labels](#handle-tags-and-labels)
|
* [Registry cache](docs/advanced/cache.md#registry-cache)
|
||||||
* [Update DockerHub repo description](#update-dockerhub-repo-description)
|
* [GitHub cache](docs/advanced/cache.md#github-cache)
|
||||||
|
* [Local registry](docs/advanced/local-registry.md)
|
||||||
|
* [Export image to Docker](docs/advanced/export-docker.md)
|
||||||
|
* [Handle tags and labels](docs/advanced/tags-labels.md)
|
||||||
|
* [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
|
||||||
* [Customizing](#customizing)
|
* [Customizing](#customizing)
|
||||||
* [inputs](#inputs)
|
* [inputs](#inputs)
|
||||||
* [outputs](#outputs)
|
* [outputs](#outputs)
|
||||||
* [Notes](#notes)
|
|
||||||
* [Multi-line secret value](#multi-line-secret-value)
|
|
||||||
* [Troubleshooting](#troubleshooting)
|
* [Troubleshooting](#troubleshooting)
|
||||||
* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
|
* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
|
||||||
* [Limitation](#limitation)
|
* [Limitation](#limitation)
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
This action uses our [setup-buildx](https://github.com/docker/setup-buildx-action) action that extends the
|
By default, this action uses the [Git context](#git-context) so you don't need to use the
|
||||||
`docker build` command named [buildx](https://github.com/docker/buildx) with the full support of the features
|
[`actions/checkout`](https://github.com/actions/checkout/) action to checkout the repository because this will be
|
||||||
provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-arch build,
|
done directly by buildkit. The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
|
||||||
build-secrets, remote cache, etc. and different builder deployment/namespacing options.
|
and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
|
||||||
|
|
||||||
|
Be careful because **any file mutation in the steps that precede the build step will be ignored** since
|
||||||
|
the context is based on the git reference. However, you can use the [Path context](#path-context) using the
|
||||||
|
[`context` input](#inputs) alongside the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
|
||||||
|
this restriction.
|
||||||
|
|
||||||
|
In the examples below we are using 3 other actions:
|
||||||
|
|
||||||
|
* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will create and boot a builder using by
|
||||||
|
default the `docker-container` [builder driver](https://github.com/docker/buildx#--driver-driver). This is
|
||||||
|
**not required but recommended** using it to be able to build multi-platform images, export cache, etc.
|
||||||
|
* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be useful if you want
|
||||||
|
to add emulation support with QEMU to be able to build against more platforms.
|
||||||
|
* [`login`](https://github.com/docker/setup-qemu-action) action will take care to log in against a Docker registry.
|
||||||
|
|
||||||
### Git context
|
### Git context
|
||||||
|
|
||||||
The default behavior of this action is to use the Git context invoked by your workflow.
|
|
||||||
(eg. `https://github.com/<owner>/<repo>.git#<ref>`)
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
name: ci
|
name: ci
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches: master
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
main:
|
docker:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
|
@ -92,17 +104,14 @@ jobs:
|
||||||
with:
|
with:
|
||||||
push: true
|
push: true
|
||||||
tags: user/app:latest
|
tags: user/app:latest
|
||||||
build-args: |
|
|
||||||
arg1=value1
|
|
||||||
arg2=value2
|
|
||||||
-
|
-
|
||||||
name: Image digest
|
name: Image digest
|
||||||
run: echo ${{ steps.docker_build.outputs.digest }}
|
run: echo ${{ steps.docker_build.outputs.digest }}
|
||||||
```
|
```
|
||||||
|
|
||||||
Building from current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
|
Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
|
||||||
as provided by `secrets` so it does not need to be passed. But if you want to authenticate against another private
|
so it does not need to be passed. If you want to authenticate against another private repository, you have to use
|
||||||
repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
|
a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
-
|
-
|
||||||
|
@ -117,23 +126,20 @@ repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authen
|
||||||
```
|
```
|
||||||
|
|
||||||
> :warning: Subdir for Git context is not yet supported ([moby/buildkit#1684](https://github.com/moby/buildkit/issues/1684))
|
> :warning: Subdir for Git context is not yet supported ([moby/buildkit#1684](https://github.com/moby/buildkit/issues/1684))
|
||||||
> but you can use the [path context](#path-context) in the meantime.
|
> but you can use the [path context](#path-context) in the meantime. More info on [Docker docs website](https://docs.docker.com/engine/reference/commandline/build/#git-repositories).
|
||||||
|
|
||||||
> More info: https://docs.docker.com/engine/reference/commandline/build/#git-repositories
|
|
||||||
|
|
||||||
### Path context
|
### Path context
|
||||||
|
|
||||||
You can also use the `PATH` context alongside the [`actions/checkout`](https://github.com/actions/checkout/) action.
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
name: ci
|
name: ci
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches: master
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
path-context:
|
docker:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
|
@ -156,432 +162,23 @@ jobs:
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v2
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
file: ./Dockerfile
|
|
||||||
platforms: linux/amd64,linux/arm64,linux/386
|
|
||||||
push: true
|
push: true
|
||||||
tags: user/app:latest
|
tags: user/app:latest
|
||||||
```
|
```
|
||||||
|
|
||||||
### Isolated builders
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
name: ci
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: master
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
multi-builders:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
id: builder1
|
|
||||||
-
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
id: builder2
|
|
||||||
-
|
|
||||||
name: Builder 1 name
|
|
||||||
run: echo ${{ steps.builder1.outputs.name }}
|
|
||||||
-
|
|
||||||
name: Builder 2 name
|
|
||||||
run: echo ${{ steps.builder2.outputs.name }}
|
|
||||||
-
|
|
||||||
name: Build against builder1
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
builder: ${{ steps.builder1.outputs.name }}
|
|
||||||
target: mytarget1
|
|
||||||
-
|
|
||||||
name: Build against builder2
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
builder: ${{ steps.builder2.outputs.name }}
|
|
||||||
target: mytarget2
|
|
||||||
```
|
|
||||||
|
|
||||||
### Multi-platform image
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
name: ci
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: master
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
multi:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
-
|
|
||||||
name: Set up QEMU
|
|
||||||
uses: docker/setup-qemu-action@v1
|
|
||||||
-
|
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
-
|
|
||||||
name: Login to DockerHub
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
-
|
|
||||||
name: Build and push
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
context: .
|
|
||||||
file: ./Dockerfile
|
|
||||||
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
|
|
||||||
push: true
|
|
||||||
tags: |
|
|
||||||
user/app:latest
|
|
||||||
user/app:1.0.0
|
|
||||||
```
|
|
||||||
|
|
||||||
## Advanced usage
|
## Advanced usage
|
||||||
|
|
||||||
### Push to multi-registries
|
* [Multi-platform image](docs/advanced/multi-platform.md)
|
||||||
|
* [Secrets](docs/advanced/secrets.md)
|
||||||
The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub)
|
* [Isolated builders](docs/advanced/isolated-builders.md)
|
||||||
and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the
|
* [Push to multi-registries](docs/advanced/push-multi-registries.md)
|
||||||
image to these registries.
|
* [Cache](docs/advanced/cache.md)
|
||||||
|
* [Registry cache](docs/advanced/cache.md#registry-cache)
|
||||||
<details>
|
* [GitHub cache](docs/advanced/cache.md#github-cache)
|
||||||
<summary><b>Show workflow</b></summary>
|
* [Local registry](docs/advanced/local-registry.md)
|
||||||
|
* [Export image to Docker](docs/advanced/export-docker.md)
|
||||||
```yaml
|
* [Handle tags and labels](docs/advanced/tags-labels.md)
|
||||||
name: ci
|
* [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: master
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
multi-registries:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
-
|
|
||||||
name: Set up QEMU
|
|
||||||
uses: docker/setup-qemu-action@v1
|
|
||||||
-
|
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
-
|
|
||||||
name: Login to DockerHub
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
-
|
|
||||||
name: Login to GitHub Container Registry
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
registry: ghcr.io
|
|
||||||
username: ${{ github.repository_owner }}
|
|
||||||
password: ${{ secrets.CR_PAT }}
|
|
||||||
-
|
|
||||||
name: Build and push
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
context: .
|
|
||||||
file: ./Dockerfile
|
|
||||||
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
|
|
||||||
push: true
|
|
||||||
tags: |
|
|
||||||
user/app:latest
|
|
||||||
user/app:1.0.0
|
|
||||||
ghcr.io/user/app:latest
|
|
||||||
ghcr.io/user/app:1.0.0
|
|
||||||
```
|
|
||||||
</details>
|
|
||||||
|
|
||||||
### Cache to registry
|
|
||||||
|
|
||||||
You can import/export cache from a cache manifest or (special) image configuration on the registry.
|
|
||||||
|
|
||||||
<details>
|
|
||||||
<summary><b>Show workflow</b></summary>
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
name: ci
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: master
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
registry-cache:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
-
|
|
||||||
name: Login to DockerHub
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
-
|
|
||||||
name: Build and push
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
push: true
|
|
||||||
tags: user/app:latest
|
|
||||||
cache-from: type=registry,ref=user/app:latest
|
|
||||||
cache-to: type=inline
|
|
||||||
```
|
|
||||||
</details>
|
|
||||||
|
|
||||||
### Local registry
|
|
||||||
|
|
||||||
For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
|
|
||||||
|
|
||||||
<details>
|
|
||||||
<summary><b>Show workflow</b></summary>
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
name: ci
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: master
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
local-registry:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
services:
|
|
||||||
registry:
|
|
||||||
image: registry:2
|
|
||||||
ports:
|
|
||||||
- 5000:5000
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Set up QEMU
|
|
||||||
uses: docker/setup-qemu-action@v1
|
|
||||||
-
|
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
with:
|
|
||||||
driver-opts: network=host
|
|
||||||
-
|
|
||||||
name: Build and push to local registry
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
push: true
|
|
||||||
tags: localhost:5000/name/app:latest
|
|
||||||
-
|
|
||||||
name: Inspect
|
|
||||||
run: |
|
|
||||||
docker buildx imagetools inspect localhost:5000/name/app:latest
|
|
||||||
```
|
|
||||||
</details>
|
|
||||||
|
|
||||||
### Export image to Docker
|
|
||||||
|
|
||||||
You may want your build result to be available in the Docker client through `docker images` to be able to use it
|
|
||||||
in another step of your workflow:
|
|
||||||
|
|
||||||
<details>
|
|
||||||
<summary><b>Show workflow</b></summary>
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
name: ci
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: master
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
export-docker:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
-
|
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
-
|
|
||||||
name: Build
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
context: .
|
|
||||||
file: ./Dockerfile
|
|
||||||
load: true
|
|
||||||
tags: myimage:latest
|
|
||||||
-
|
|
||||||
name: Inspect
|
|
||||||
run: |
|
|
||||||
docker image inspect myimage:latest
|
|
||||||
```
|
|
||||||
</details>
|
|
||||||
|
|
||||||
### Leverage GitHub cache
|
|
||||||
|
|
||||||
You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
|
|
||||||
using [actions/cache](https://github.com/actions/cache) with this action:
|
|
||||||
|
|
||||||
<details>
|
|
||||||
<summary><b>Show workflow</b></summary>
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
name: ci
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: master
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
github-cache:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
-
|
|
||||||
name: Cache Docker layers
|
|
||||||
uses: actions/cache@v2
|
|
||||||
with:
|
|
||||||
path: /tmp/.buildx-cache
|
|
||||||
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
|
||||||
restore-keys: |
|
|
||||||
${{ runner.os }}-buildx-
|
|
||||||
-
|
|
||||||
name: Login to DockerHub
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
-
|
|
||||||
name: Build and push
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
push: true
|
|
||||||
tags: user/app:latest
|
|
||||||
cache-from: type=local,src=/tmp/.buildx-cache
|
|
||||||
cache-to: type=local,dest=/tmp/.buildx-cache
|
|
||||||
```
|
|
||||||
</details>
|
|
||||||
|
|
||||||
### Handle tags and labels
|
|
||||||
|
|
||||||
If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
|
|
||||||
"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
|
|
||||||
for labels, you can do it in a dedicated step. The following workflow will use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta)
|
|
||||||
to handle tags and labels based on GitHub actions events and Git metadata.
|
|
||||||
|
|
||||||
<details>
|
|
||||||
<summary><b>Show workflow</b></summary>
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
name: ci
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: '0 10 * * *' # everyday at 10am
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- '**'
|
|
||||||
tags:
|
|
||||||
- 'v*.*.*'
|
|
||||||
pull_request:
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
docker:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
-
|
|
||||||
name: Docker meta
|
|
||||||
id: docker_meta
|
|
||||||
uses: crazy-max/ghaction-docker-meta@v1
|
|
||||||
with:
|
|
||||||
images: name/app # list of Docker images to use as base name for tags
|
|
||||||
tag-sha: true # add git short SHA as Docker tag
|
|
||||||
-
|
|
||||||
name: Set up QEMU
|
|
||||||
uses: docker/setup-qemu-action@v1
|
|
||||||
-
|
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
-
|
|
||||||
name: Login to DockerHub
|
|
||||||
if: github.event_name != 'pull_request'
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
-
|
|
||||||
name: Build and push
|
|
||||||
id: docker_build
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
context: .
|
|
||||||
file: ./Dockerfile
|
|
||||||
platforms: linux/amd64,linux/arm64,linux/386
|
|
||||||
push: ${{ github.event_name != 'pull_request' }}
|
|
||||||
tags: ${{ steps.docker_meta.outputs.tags }}
|
|
||||||
labels: ${{ steps.docker_meta.outputs.labels }}
|
|
||||||
```
|
|
||||||
</details>
|
|
||||||
|
|
||||||
### Update DockerHub repo description
|
|
||||||
|
|
||||||
You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
|
|
||||||
a third-party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description)
|
|
||||||
with this action:
|
|
||||||
|
|
||||||
<details>
|
|
||||||
<summary><b>Show workflow</b></summary>
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
name: ci
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: master
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
main:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
-
|
|
||||||
name: Set up QEMU
|
|
||||||
uses: docker/setup-qemu-action@v1
|
|
||||||
-
|
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
-
|
|
||||||
name: Login to DockerHub
|
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
-
|
|
||||||
name: Build and push
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
push: true
|
|
||||||
tags: user/app:latest
|
|
||||||
-
|
|
||||||
name: Update repo description
|
|
||||||
uses: peter-evans/dockerhub-description@v2
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
|
||||||
repository: user/app
|
|
||||||
```
|
|
||||||
</details>
|
|
||||||
|
|
||||||
## Customizing
|
## Customizing
|
||||||
|
|
||||||
|
@ -631,38 +228,6 @@ Following outputs are available
|
||||||
|---------------|---------|---------------------------------------|
|
|---------------|---------|---------------------------------------|
|
||||||
| `digest` | String | Image content-addressable identifier also called a digest |
|
| `digest` | String | Image content-addressable identifier also called a digest |
|
||||||
|
|
||||||
## Notes
|
|
||||||
|
|
||||||
### Multi-line secret value
|
|
||||||
|
|
||||||
To handle multi-line value for a secret, you will need to place the key-value pair between quotes:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
secrets: |
|
|
||||||
"MYSECRET=${{ secrets.GPG_KEY }}"
|
|
||||||
GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
|
|
||||||
"MYSECRET=aaaaaaaa
|
|
||||||
bbbbbbb
|
|
||||||
ccccccccc"
|
|
||||||
FOO=bar
|
|
||||||
"EMPTYLINE=aaaa
|
|
||||||
|
|
||||||
bbbb
|
|
||||||
ccc"
|
|
||||||
"JSON_SECRET={""key1"":""value1"",""key2"":""value2""}"
|
|
||||||
```
|
|
||||||
|
|
||||||
| Key | Value |
|
|
||||||
|--------------------|--------------------------------------------------|
|
|
||||||
| `MYSECRET` | `***********************` |
|
|
||||||
| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789` |
|
|
||||||
| `MYSECRET` | `aaaaaaaa\nbbbbbbb\nccccccccc` |
|
|
||||||
| `FOO` | `bar` |
|
|
||||||
| `EMPTYLINE` | `aaaa\n\nbbbb\nccc` |
|
|
||||||
| `JSON_SECRET` | `{"key1":"value1","key2":"value2"}` |
|
|
||||||
|
|
||||||
> Note: all quote signs need to be doubled for escaping.
|
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)
|
See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)
|
||||||
|
|
|
@ -59,8 +59,7 @@ jobs:
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v2
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
file: ./Dockerfile
|
platforms: linux/amd64,linux/arm64
|
||||||
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
|
|
||||||
tags: docker.io/user/app:latest
|
tags: docker.io/user/app:latest
|
||||||
outputs: type=oci,dest=/tmp/image.tar
|
outputs: type=oci,dest=/tmp/image.tar
|
||||||
-
|
-
|
||||||
|
|
|
@ -63,7 +63,6 @@ steps:
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v2
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
file: ./Dockerfile
|
|
||||||
pull: true
|
pull: true
|
||||||
push: true
|
push: true
|
||||||
build-args: |
|
build-args: |
|
||||||
|
@ -136,7 +135,6 @@ steps:
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v2
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
file: ./Dockerfile
|
|
||||||
push: ${{ github.event_name != 'pull_request' }}
|
push: ${{ github.event_name != 'pull_request' }}
|
||||||
tags: ${{ steps.prep.outputs.tags }}
|
tags: ${{ steps.prep.outputs.tags }}
|
||||||
labels: |
|
labels: |
|
||||||
|
@ -145,5 +143,5 @@ steps:
|
||||||
org.opencontainers.image.revision=${{ github.sha }}
|
org.opencontainers.image.revision=${{ github.sha }}
|
||||||
```
|
```
|
||||||
|
|
||||||
> You can also use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta) to handle tags and
|
> You can also use the [Docker meta action to handle tags and labels](docs/advanced/tags-labels.md) based on GitHub
|
||||||
> labels based on GitHub actions events and Git metadata. A workflow example is available in the [README](README.md#handle-tags-and-labels).
|
> actions events and Git metadata.
|
||||||
|
|
|
@ -0,0 +1,107 @@
|
||||||
|
# Cache
|
||||||
|
|
||||||
|
* [Registry cache](#registry-cache)
|
||||||
|
* [GitHub cache](#github-cache)
|
||||||
|
|
||||||
|
> More info about buildx cache: https://github.com/docker/buildx#--cache-fromnametypetypekeyvalue
|
||||||
|
|
||||||
|
## Registry cache
|
||||||
|
|
||||||
|
You can import/export cache from a cache manifest or (special) image configuration on the registry.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
-
|
||||||
|
name: Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
-
|
||||||
|
name: Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
push: true
|
||||||
|
tags: user/app:latest
|
||||||
|
cache-from: type=registry,ref=user/app:latest
|
||||||
|
cache-to: type=inline
|
||||||
|
```
|
||||||
|
|
||||||
|
## GitHub cache
|
||||||
|
|
||||||
|
> :warning: At the moment caches are copied over the existing cache so it [keeps growing](https://github.com/docker/build-push-action/issues/252).
|
||||||
|
> The `Move cache` step is used as a temporary fix (see https://github.com/moby/buildkit/issues/1896).
|
||||||
|
|
||||||
|
> :rocket: There is a new cache backend using GitHub cache being developed that will lighten your workflow.
|
||||||
|
> More info: https://github.com/docker/buildx/pull/535
|
||||||
|
|
||||||
|
You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
|
||||||
|
using [actions/cache](https://github.com/actions/cache) with this action:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
-
|
||||||
|
name: Cache Docker layers
|
||||||
|
uses: actions/cache@v2
|
||||||
|
with:
|
||||||
|
path: /tmp/.buildx-cache
|
||||||
|
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-buildx-
|
||||||
|
-
|
||||||
|
name: Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
-
|
||||||
|
name: Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
push: true
|
||||||
|
tags: user/app:latest
|
||||||
|
cache-from: type=local,src=/tmp/.buildx-cache
|
||||||
|
cache-to: type=local,dest=/tmp/.buildx-cache-new
|
||||||
|
-
|
||||||
|
# Temp fix
|
||||||
|
# https://github.com/docker/build-push-action/issues/252
|
||||||
|
# https://github.com/moby/buildkit/issues/1896
|
||||||
|
name: Move cache
|
||||||
|
run: |
|
||||||
|
rm -rf /tmp/.buildx-cache
|
||||||
|
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
|
||||||
|
```
|
|
@ -0,0 +1,48 @@
|
||||||
|
# Update DockerHub repo description
|
||||||
|
|
||||||
|
You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
|
||||||
|
a third party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description)
|
||||||
|
with this action:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v1
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
-
|
||||||
|
name: Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
-
|
||||||
|
name: Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
push: true
|
||||||
|
tags: user/app:latest
|
||||||
|
-
|
||||||
|
name: Update repo description
|
||||||
|
uses: peter-evans/dockerhub-description@v2
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||||
|
repository: user/app
|
||||||
|
```
|
|
@ -0,0 +1,35 @@
|
||||||
|
# Export image to Docker
|
||||||
|
|
||||||
|
You may want your build result to be available in the Docker client through `docker images` to be able to use it
|
||||||
|
in another step of your workflow:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
-
|
||||||
|
name: Build
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
load: true
|
||||||
|
tags: myimage:latest
|
||||||
|
-
|
||||||
|
name: Inspect
|
||||||
|
run: |
|
||||||
|
docker image inspect myimage:latest
|
||||||
|
```
|
|
@ -0,0 +1,44 @@
|
||||||
|
# Isolated builders
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
id: builder1
|
||||||
|
-
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
id: builder2
|
||||||
|
-
|
||||||
|
name: Builder 1 name
|
||||||
|
run: echo ${{ steps.builder1.outputs.name }}
|
||||||
|
-
|
||||||
|
name: Builder 2 name
|
||||||
|
run: echo ${{ steps.builder2.outputs.name }}
|
||||||
|
-
|
||||||
|
name: Build against builder1
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
builder: ${{ steps.builder1.outputs.name }}
|
||||||
|
context: .
|
||||||
|
target: mytarget1
|
||||||
|
-
|
||||||
|
name: Build against builder2
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
builder: ${{ steps.builder2.outputs.name }}
|
||||||
|
context: .
|
||||||
|
target: mytarget2
|
||||||
|
```
|
|
@ -0,0 +1,44 @@
|
||||||
|
# Local registry
|
||||||
|
|
||||||
|
For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
services:
|
||||||
|
registry:
|
||||||
|
image: registry:2
|
||||||
|
ports:
|
||||||
|
- 5000:5000
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v1
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
with:
|
||||||
|
driver-opts: network=host
|
||||||
|
-
|
||||||
|
name: Build and push to local registry
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
push: true
|
||||||
|
tags: localhost:5000/name/app:latest
|
||||||
|
-
|
||||||
|
name: Inspect
|
||||||
|
run: |
|
||||||
|
docker buildx imagetools inspect localhost:5000/name/app:latest
|
||||||
|
```
|
|
@ -0,0 +1,44 @@
|
||||||
|
# Multi-platform image
|
||||||
|
|
||||||
|
You can build multi-platform images using the [`platforms` input](../../README.md#inputs) as described below.
|
||||||
|
|
||||||
|
> :bulb: List of available platforms will be displayed and available through our [setup-buildx](https://github.com/docker/setup-buildx-action#about) action.
|
||||||
|
|
||||||
|
> :bulb: If you want support for more platforms, you can use QEMU with our [setup-qemu](https://github.com/docker/setup-qemu-action) action.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v1
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
-
|
||||||
|
name: Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
-
|
||||||
|
name: Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
platforms: linux/amd64,linux/arm64
|
||||||
|
push: true
|
||||||
|
tags: user/app:latest
|
||||||
|
```
|
|
@ -0,0 +1,57 @@
|
||||||
|
# Push to multi-registries
|
||||||
|
|
||||||
|
* [Docker Hub and GHCR](#docker-hub-and-ghcr)
|
||||||
|
|
||||||
|
## Docker Hub and GHCR
|
||||||
|
|
||||||
|
The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub)
|
||||||
|
and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the
|
||||||
|
image to these registries.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v1
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
-
|
||||||
|
name: Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
-
|
||||||
|
name: Login to GitHub Container Registry
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ github.repository_owner }}
|
||||||
|
password: ${{ secrets.CR_PAT }}
|
||||||
|
-
|
||||||
|
name: Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
platforms: linux/amd64,linux/arm64
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
user/app:latest
|
||||||
|
user/app:1.0.0
|
||||||
|
ghcr.io/user/app:latest
|
||||||
|
ghcr.io/user/app:1.0.0
|
||||||
|
```
|
|
@ -0,0 +1,84 @@
|
||||||
|
# Secrets
|
||||||
|
|
||||||
|
In the following example we will expose and use the [GITHUB_TOKEN secret](https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret)
|
||||||
|
as provided by GitHub in your workflow.
|
||||||
|
|
||||||
|
First let's create our `Dockerfile` to use our secret:
|
||||||
|
|
||||||
|
```Dockerfile
|
||||||
|
#syntax=docker/dockerfile:1.2
|
||||||
|
|
||||||
|
FROM alpine
|
||||||
|
RUN --mount=type=secret,id=github_token \
|
||||||
|
cat /run/secrets/github_token
|
||||||
|
```
|
||||||
|
|
||||||
|
As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
|
||||||
|
the [`secrets` input](../../README.md#inputs):
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v1
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
-
|
||||||
|
name: Build
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
platforms: linux/amd64,linux/arm64
|
||||||
|
tags: user/app:latest
|
||||||
|
secrets: |
|
||||||
|
"github_token=${{ secrets.GITHUB_TOKEN }}"
|
||||||
|
```
|
||||||
|
|
||||||
|
> :bulb: You can also expose a secret file to the build with [`secret-files`](../../README.md#inputs) input:
|
||||||
|
> ```yaml
|
||||||
|
> secret-files: |
|
||||||
|
> "MY_SECRET=./secret.txt"
|
||||||
|
> ```
|
||||||
|
|
||||||
|
If you're using [GitHub secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) and need to handle
|
||||||
|
multi-line value, you will need to place the key-value pair between quotes:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
secrets: |
|
||||||
|
"MYSECRET=${{ secrets.GPG_KEY }}"
|
||||||
|
GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
|
||||||
|
"MYSECRET=aaaaaaaa
|
||||||
|
bbbbbbb
|
||||||
|
ccccccccc"
|
||||||
|
FOO=bar
|
||||||
|
"EMPTYLINE=aaaa
|
||||||
|
|
||||||
|
bbbb
|
||||||
|
ccc"
|
||||||
|
"JSON_SECRET={""key1"":""value1"",""key2"":""value2""}"
|
||||||
|
```
|
||||||
|
|
||||||
|
| Key | Value |
|
||||||
|
|--------------------|--------------------------------------------------|
|
||||||
|
| `MYSECRET` | `***********************` |
|
||||||
|
| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789` |
|
||||||
|
| `MYSECRET` | `aaaaaaaa\nbbbbbbb\nccccccccc` |
|
||||||
|
| `FOO` | `bar` |
|
||||||
|
| `EMPTYLINE` | `aaaa\n\nbbbb\nccc` |
|
||||||
|
| `JSON_SECRET` | `{"key1":"value1","key2":"value2"}` |
|
||||||
|
|
||||||
|
> :bulb: All quote signs need to be doubled for escaping.
|
|
@ -0,0 +1,70 @@
|
||||||
|
# Handle tags and labels
|
||||||
|
|
||||||
|
If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
|
||||||
|
"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
|
||||||
|
for labels, you can do it in a dedicated step. The following workflow will use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta)
|
||||||
|
to handle tags and labels based on GitHub actions events and Git metadata.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: ci
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '0 10 * * *' # everyday at 10am
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '**'
|
||||||
|
tags:
|
||||||
|
- 'v*.*.*'
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- 'master'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: Docker meta
|
||||||
|
id: docker_meta
|
||||||
|
uses: crazy-max/ghaction-docker-meta@v1
|
||||||
|
with:
|
||||||
|
# list of Docker images to use as base name for tags
|
||||||
|
images: |
|
||||||
|
name/app
|
||||||
|
ghcr.io/username/app
|
||||||
|
# add git short SHA as Docker tag
|
||||||
|
tag-sha: true
|
||||||
|
-
|
||||||
|
name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v1
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
-
|
||||||
|
name: Login to DockerHub
|
||||||
|
if: github.event_name != 'pull_request'
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
-
|
||||||
|
name: Login to GHCR
|
||||||
|
if: github.event_name != 'pull_request'
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ secrets.GHCR_USERNAME }}
|
||||||
|
password: ${{ secrets.GHCR_TOKEN }}
|
||||||
|
-
|
||||||
|
name: Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
push: ${{ github.event_name != 'pull_request' }}
|
||||||
|
tags: ${{ steps.docker_meta.outputs.tags }}
|
||||||
|
labels: ${{ steps.docker_meta.outputs.labels }}
|
||||||
|
```
|
Loading…
Reference in New Issue