mirror of
https://github.com/docker/build-push-action.git
synced 2024-11-22 00:01:01 -05:00
Enhance documentation
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
af867d4937
commit
a63b18dea2
12 changed files with 594 additions and 499 deletions
551
README.md
551
README.md
|
@ -6,18 +6,18 @@
|
|||
|
||||
## Upgrade from v1
|
||||
|
||||
`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It
|
||||
works with 3 new actions ([login](https://github.com/docker/login-action), [setup-buildx](https://github.com/docker/setup-buildx-action)
|
||||
and [setup-qemu](https://github.com/docker/setup-qemu-action)) that we have created. It's also rewritten as a
|
||||
[typescript-action](https://github.com/actions/typescript-action/) to be as close as possible of the
|
||||
[GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
|
||||
`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It's
|
||||
also rewritten as a [typescript-action](https://github.com/actions/typescript-action/) to be as close as possible
|
||||
of the [GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
|
||||
|
||||
[Upgrade notes](UPGRADE.md) and many [usage examples](#usage) have been added to handle most use cases but `v1` is
|
||||
still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
|
||||
[Upgrade notes](UPGRADE.md) with many [usage examples](#advanced-usage) have been added to handle most use cases but
|
||||
`v1` is still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
|
||||
|
||||
## About
|
||||
|
||||
GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx).
|
||||
GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx) with full support of the
|
||||
features provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-platform
|
||||
build, secrets, remote cache, etc. and different builder deployment/namespacing options.
|
||||
|
||||
> :bulb: See also:
|
||||
> * [login](https://github.com/docker/login-action) action
|
||||
|
@ -31,46 +31,58 @@ ___
|
|||
* [Usage](#usage)
|
||||
* [Git context](#git-context)
|
||||
* [Path context](#path-context)
|
||||
* [Isolated builders](#isolated-builders)
|
||||
* [Multi-platform image](#multi-platform-image)
|
||||
* [Advanced usage](#advanced-usage)
|
||||
* [Push to multi-registries](#push-to-multi-registries)
|
||||
* [Cache to registry](#cache-to-registry)
|
||||
* [Local registry](#local-registry)
|
||||
* [Export image to Docker](#export-image-to-docker)
|
||||
* [Leverage GitHub cache](#leverage-github-cache)
|
||||
* [Handle tags and labels](#handle-tags-and-labels)
|
||||
* [Update DockerHub repo description](#update-dockerhub-repo-description)
|
||||
* [Multi-platform image](docs/advanced/multi-platform.md)
|
||||
* [Secrets](docs/advanced/secrets.md)
|
||||
* [Isolated builders](docs/advanced/isolated-builders.md)
|
||||
* [Push to multi-registries](docs/advanced/push-multi-registries.md)
|
||||
* [Cache](docs/advanced/cache.md)
|
||||
* [Registry cache](docs/advanced/cache.md#registry-cache)
|
||||
* [GitHub cache](docs/advanced/cache.md#github-cache)
|
||||
* [Local registry](docs/advanced/local-registry.md)
|
||||
* [Export image to Docker](docs/advanced/export-docker.md)
|
||||
* [Handle tags and labels](docs/advanced/tags-labels.md)
|
||||
* [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
|
||||
* [Customizing](#customizing)
|
||||
* [inputs](#inputs)
|
||||
* [outputs](#outputs)
|
||||
* [Notes](#notes)
|
||||
* [Multi-line secret value](#multi-line-secret-value)
|
||||
* [Troubleshooting](#troubleshooting)
|
||||
* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
|
||||
* [Limitation](#limitation)
|
||||
|
||||
## Usage
|
||||
|
||||
This action uses our [setup-buildx](https://github.com/docker/setup-buildx-action) action that extends the
|
||||
`docker build` command named [buildx](https://github.com/docker/buildx) with the full support of the features
|
||||
provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-arch build,
|
||||
build-secrets, remote cache, etc. and different builder deployment/namespacing options.
|
||||
By default, this action uses the [Git context](#git-context) so you don't need to use the
|
||||
[`actions/checkout`](https://github.com/actions/checkout/) action to checkout the repository because this will be
|
||||
done directly by buildkit. The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
|
||||
and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
|
||||
|
||||
Be careful because **any file mutation in the steps that precede the build step will be ignored** since
|
||||
the context is based on the git reference. However, you can use the [Path context](#path-context) using the
|
||||
[`context` input](#inputs) alongside the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
|
||||
this restriction.
|
||||
|
||||
In the examples below we are using 3 other actions:
|
||||
|
||||
* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will create and boot a builder using by
|
||||
default the `docker-container` [builder driver](https://github.com/docker/buildx#--driver-driver). This is
|
||||
**not required but recommended** using it to be able to build multi-platform images, export cache, etc.
|
||||
* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be useful if you want
|
||||
to add emulation support with QEMU to be able to build against more platforms.
|
||||
* [`login`](https://github.com/docker/setup-qemu-action) action will take care to log in against a Docker registry.
|
||||
|
||||
### Git context
|
||||
|
||||
The default behavior of this action is to use the Git context invoked by your workflow.
|
||||
(eg. `https://github.com/<owner>/<repo>.git#<ref>`)
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
main:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
|
@ -92,17 +104,14 @@ jobs:
|
|||
with:
|
||||
push: true
|
||||
tags: user/app:latest
|
||||
build-args: |
|
||||
arg1=value1
|
||||
arg2=value2
|
||||
-
|
||||
name: Image digest
|
||||
run: echo ${{ steps.docker_build.outputs.digest }}
|
||||
```
|
||||
|
||||
Building from current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
|
||||
as provided by `secrets` so it does not need to be passed. But if you want to authenticate against another private
|
||||
repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
|
||||
Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
|
||||
so it does not need to be passed. If you want to authenticate against another private repository, you have to use
|
||||
a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
|
||||
|
||||
```yaml
|
||||
-
|
||||
|
@ -117,23 +126,20 @@ repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authen
|
|||
```
|
||||
|
||||
> :warning: Subdir for Git context is not yet supported ([moby/buildkit#1684](https://github.com/moby/buildkit/issues/1684))
|
||||
> but you can use the [path context](#path-context) in the meantime.
|
||||
|
||||
> More info: https://docs.docker.com/engine/reference/commandline/build/#git-repositories
|
||||
> but you can use the [path context](#path-context) in the meantime. More info on [Docker docs website](https://docs.docker.com/engine/reference/commandline/build/#git-repositories).
|
||||
|
||||
### Path context
|
||||
|
||||
You can also use the `PATH` context alongside the [`actions/checkout`](https://github.com/actions/checkout/) action.
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
path-context:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
|
@ -156,432 +162,23 @@ jobs:
|
|||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/amd64,linux/arm64,linux/386
|
||||
push: true
|
||||
tags: user/app:latest
|
||||
```
|
||||
|
||||
### Isolated builders
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
multi-builders:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
uses: docker/setup-buildx-action@v1
|
||||
id: builder1
|
||||
-
|
||||
uses: docker/setup-buildx-action@v1
|
||||
id: builder2
|
||||
-
|
||||
name: Builder 1 name
|
||||
run: echo ${{ steps.builder1.outputs.name }}
|
||||
-
|
||||
name: Builder 2 name
|
||||
run: echo ${{ steps.builder2.outputs.name }}
|
||||
-
|
||||
name: Build against builder1
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.builder1.outputs.name }}
|
||||
target: mytarget1
|
||||
-
|
||||
name: Build against builder2
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.builder2.outputs.name }}
|
||||
target: mytarget2
|
||||
```
|
||||
|
||||
### Multi-platform image
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
multi:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
|
||||
push: true
|
||||
tags: |
|
||||
user/app:latest
|
||||
user/app:1.0.0
|
||||
```
|
||||
|
||||
## Advanced usage
|
||||
|
||||
### Push to multi-registries
|
||||
|
||||
The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub)
|
||||
and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the
|
||||
image to these registries.
|
||||
|
||||
<details>
|
||||
<summary><b>Show workflow</b></summary>
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
multi-registries:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.CR_PAT }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
|
||||
push: true
|
||||
tags: |
|
||||
user/app:latest
|
||||
user/app:1.0.0
|
||||
ghcr.io/user/app:latest
|
||||
ghcr.io/user/app:1.0.0
|
||||
```
|
||||
</details>
|
||||
|
||||
### Cache to registry
|
||||
|
||||
You can import/export cache from a cache manifest or (special) image configuration on the registry.
|
||||
|
||||
<details>
|
||||
<summary><b>Show workflow</b></summary>
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
registry-cache:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: true
|
||||
tags: user/app:latest
|
||||
cache-from: type=registry,ref=user/app:latest
|
||||
cache-to: type=inline
|
||||
```
|
||||
</details>
|
||||
|
||||
### Local registry
|
||||
|
||||
For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
|
||||
|
||||
<details>
|
||||
<summary><b>Show workflow</b></summary>
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
local-registry:
|
||||
runs-on: ubuntu-latest
|
||||
services:
|
||||
registry:
|
||||
image: registry:2
|
||||
ports:
|
||||
- 5000:5000
|
||||
steps:
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
with:
|
||||
driver-opts: network=host
|
||||
-
|
||||
name: Build and push to local registry
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: true
|
||||
tags: localhost:5000/name/app:latest
|
||||
-
|
||||
name: Inspect
|
||||
run: |
|
||||
docker buildx imagetools inspect localhost:5000/name/app:latest
|
||||
```
|
||||
</details>
|
||||
|
||||
### Export image to Docker
|
||||
|
||||
You may want your build result to be available in the Docker client through `docker images` to be able to use it
|
||||
in another step of your workflow:
|
||||
|
||||
<details>
|
||||
<summary><b>Show workflow</b></summary>
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
export-docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
load: true
|
||||
tags: myimage:latest
|
||||
-
|
||||
name: Inspect
|
||||
run: |
|
||||
docker image inspect myimage:latest
|
||||
```
|
||||
</details>
|
||||
|
||||
### Leverage GitHub cache
|
||||
|
||||
You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
|
||||
using [actions/cache](https://github.com/actions/cache) with this action:
|
||||
|
||||
<details>
|
||||
<summary><b>Show workflow</b></summary>
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
github-cache:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Cache Docker layers
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: /tmp/.buildx-cache
|
||||
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-buildx-
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: true
|
||||
tags: user/app:latest
|
||||
cache-from: type=local,src=/tmp/.buildx-cache
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache
|
||||
```
|
||||
</details>
|
||||
|
||||
### Handle tags and labels
|
||||
|
||||
If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
|
||||
"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
|
||||
for labels, you can do it in a dedicated step. The following workflow will use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta)
|
||||
to handle tags and labels based on GitHub actions events and Git metadata.
|
||||
|
||||
<details>
|
||||
<summary><b>Show workflow</b></summary>
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 10 * * *' # everyday at 10am
|
||||
push:
|
||||
branches:
|
||||
- '**'
|
||||
tags:
|
||||
- 'v*.*.*'
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Docker meta
|
||||
id: docker_meta
|
||||
uses: crazy-max/ghaction-docker-meta@v1
|
||||
with:
|
||||
images: name/app # list of Docker images to use as base name for tags
|
||||
tag-sha: true # add git short SHA as Docker tag
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/amd64,linux/arm64,linux/386
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.docker_meta.outputs.tags }}
|
||||
labels: ${{ steps.docker_meta.outputs.labels }}
|
||||
```
|
||||
</details>
|
||||
|
||||
### Update DockerHub repo description
|
||||
|
||||
You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
|
||||
a third-party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description)
|
||||
with this action:
|
||||
|
||||
<details>
|
||||
<summary><b>Show workflow</b></summary>
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
main:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: true
|
||||
tags: user/app:latest
|
||||
-
|
||||
name: Update repo description
|
||||
uses: peter-evans/dockerhub-description@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
repository: user/app
|
||||
```
|
||||
</details>
|
||||
* [Multi-platform image](docs/advanced/multi-platform.md)
|
||||
* [Secrets](docs/advanced/secrets.md)
|
||||
* [Isolated builders](docs/advanced/isolated-builders.md)
|
||||
* [Push to multi-registries](docs/advanced/push-multi-registries.md)
|
||||
* [Cache](docs/advanced/cache.md)
|
||||
* [Registry cache](docs/advanced/cache.md#registry-cache)
|
||||
* [GitHub cache](docs/advanced/cache.md#github-cache)
|
||||
* [Local registry](docs/advanced/local-registry.md)
|
||||
* [Export image to Docker](docs/advanced/export-docker.md)
|
||||
* [Handle tags and labels](docs/advanced/tags-labels.md)
|
||||
* [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
|
||||
|
||||
## Customizing
|
||||
|
||||
|
@ -631,38 +228,6 @@ Following outputs are available
|
|||
|---------------|---------|---------------------------------------|
|
||||
| `digest` | String | Image content-addressable identifier also called a digest |
|
||||
|
||||
## Notes
|
||||
|
||||
### Multi-line secret value
|
||||
|
||||
To handle multi-line value for a secret, you will need to place the key-value pair between quotes:
|
||||
|
||||
```yaml
|
||||
secrets: |
|
||||
"MYSECRET=${{ secrets.GPG_KEY }}"
|
||||
GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
|
||||
"MYSECRET=aaaaaaaa
|
||||
bbbbbbb
|
||||
ccccccccc"
|
||||
FOO=bar
|
||||
"EMPTYLINE=aaaa
|
||||
|
||||
bbbb
|
||||
ccc"
|
||||
"JSON_SECRET={""key1"":""value1"",""key2"":""value2""}"
|
||||
```
|
||||
|
||||
| Key | Value |
|
||||
|--------------------|--------------------------------------------------|
|
||||
| `MYSECRET` | `***********************` |
|
||||
| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789` |
|
||||
| `MYSECRET` | `aaaaaaaa\nbbbbbbb\nccccccccc` |
|
||||
| `FOO` | `bar` |
|
||||
| `EMPTYLINE` | `aaaa\n\nbbbb\nccc` |
|
||||
| `JSON_SECRET` | `{"key1":"value1","key2":"value2"}` |
|
||||
|
||||
> Note: all quote signs need to be doubled for escaping.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)
|
||||
|
|
|
@ -59,8 +59,7 @@ jobs:
|
|||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tags: docker.io/user/app:latest
|
||||
outputs: type=oci,dest=/tmp/image.tar
|
||||
-
|
||||
|
|
|
@ -63,7 +63,6 @@ steps:
|
|||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
pull: true
|
||||
push: true
|
||||
build-args: |
|
||||
|
@ -136,7 +135,6 @@ steps:
|
|||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.prep.outputs.tags }}
|
||||
labels: |
|
||||
|
@ -145,5 +143,5 @@ steps:
|
|||
org.opencontainers.image.revision=${{ github.sha }}
|
||||
```
|
||||
|
||||
> You can also use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta) to handle tags and
|
||||
> labels based on GitHub actions events and Git metadata. A workflow example is available in the [README](README.md#handle-tags-and-labels).
|
||||
> You can also use the [Docker meta action to handle tags and labels](docs/advanced/tags-labels.md) based on GitHub
|
||||
> actions events and Git metadata.
|
||||
|
|
107
docs/advanced/cache.md
Normal file
107
docs/advanced/cache.md
Normal file
|
@ -0,0 +1,107 @@
|
|||
# Cache
|
||||
|
||||
* [Registry cache](#registry-cache)
|
||||
* [GitHub cache](#github-cache)
|
||||
|
||||
> More info about buildx cache: https://github.com/docker/buildx#--cache-fromnametypetypekeyvalue
|
||||
|
||||
## Registry cache
|
||||
|
||||
You can import/export cache from a cache manifest or (special) image configuration on the registry.
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: user/app:latest
|
||||
cache-from: type=registry,ref=user/app:latest
|
||||
cache-to: type=inline
|
||||
```
|
||||
|
||||
## GitHub cache
|
||||
|
||||
> :warning: At the moment caches are copied over the existing cache so it [keeps growing](https://github.com/docker/build-push-action/issues/252).
|
||||
> The `Move cache` step is used as a temporary fix (see https://github.com/moby/buildkit/issues/1896).
|
||||
|
||||
> :rocket: There is a new cache backend using GitHub cache being developed that will lighten your workflow.
|
||||
> More info: https://github.com/docker/buildx/pull/535
|
||||
|
||||
You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
|
||||
using [actions/cache](https://github.com/actions/cache) with this action:
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Cache Docker layers
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: /tmp/.buildx-cache
|
||||
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-buildx-
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: user/app:latest
|
||||
cache-from: type=local,src=/tmp/.buildx-cache
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache-new
|
||||
-
|
||||
# Temp fix
|
||||
# https://github.com/docker/build-push-action/issues/252
|
||||
# https://github.com/moby/buildkit/issues/1896
|
||||
name: Move cache
|
||||
run: |
|
||||
rm -rf /tmp/.buildx-cache
|
||||
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
|
||||
```
|
48
docs/advanced/dockerhub-desc.md
Normal file
48
docs/advanced/dockerhub-desc.md
Normal file
|
@ -0,0 +1,48 @@
|
|||
# Update DockerHub repo description
|
||||
|
||||
You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
|
||||
a third party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description)
|
||||
with this action:
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: user/app:latest
|
||||
-
|
||||
name: Update repo description
|
||||
uses: peter-evans/dockerhub-description@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
repository: user/app
|
||||
```
|
35
docs/advanced/export-docker.md
Normal file
35
docs/advanced/export-docker.md
Normal file
|
@ -0,0 +1,35 @@
|
|||
# Export image to Docker
|
||||
|
||||
You may want your build result to be available in the Docker client through `docker images` to be able to use it
|
||||
in another step of your workflow:
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
load: true
|
||||
tags: myimage:latest
|
||||
-
|
||||
name: Inspect
|
||||
run: |
|
||||
docker image inspect myimage:latest
|
||||
```
|
44
docs/advanced/isolated-builders.md
Normal file
44
docs/advanced/isolated-builders.md
Normal file
|
@ -0,0 +1,44 @@
|
|||
# Isolated builders
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
uses: docker/setup-buildx-action@v1
|
||||
id: builder1
|
||||
-
|
||||
uses: docker/setup-buildx-action@v1
|
||||
id: builder2
|
||||
-
|
||||
name: Builder 1 name
|
||||
run: echo ${{ steps.builder1.outputs.name }}
|
||||
-
|
||||
name: Builder 2 name
|
||||
run: echo ${{ steps.builder2.outputs.name }}
|
||||
-
|
||||
name: Build against builder1
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.builder1.outputs.name }}
|
||||
context: .
|
||||
target: mytarget1
|
||||
-
|
||||
name: Build against builder2
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.builder2.outputs.name }}
|
||||
context: .
|
||||
target: mytarget2
|
||||
```
|
44
docs/advanced/local-registry.md
Normal file
44
docs/advanced/local-registry.md
Normal file
|
@ -0,0 +1,44 @@
|
|||
# Local registry
|
||||
|
||||
For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
services:
|
||||
registry:
|
||||
image: registry:2
|
||||
ports:
|
||||
- 5000:5000
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
with:
|
||||
driver-opts: network=host
|
||||
-
|
||||
name: Build and push to local registry
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: localhost:5000/name/app:latest
|
||||
-
|
||||
name: Inspect
|
||||
run: |
|
||||
docker buildx imagetools inspect localhost:5000/name/app:latest
|
||||
```
|
44
docs/advanced/multi-platform.md
Normal file
44
docs/advanced/multi-platform.md
Normal file
|
@ -0,0 +1,44 @@
|
|||
# Multi-platform image
|
||||
|
||||
You can build multi-platform images using the [`platforms` input](../../README.md#inputs) as described below.
|
||||
|
||||
> :bulb: List of available platforms will be displayed and available through our [setup-buildx](https://github.com/docker/setup-buildx-action#about) action.
|
||||
|
||||
> :bulb: If you want support for more platforms, you can use QEMU with our [setup-qemu](https://github.com/docker/setup-qemu-action) action.
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: true
|
||||
tags: user/app:latest
|
||||
```
|
57
docs/advanced/push-multi-registries.md
Normal file
57
docs/advanced/push-multi-registries.md
Normal file
|
@ -0,0 +1,57 @@
|
|||
# Push to multi-registries
|
||||
|
||||
* [Docker Hub and GHCR](#docker-hub-and-ghcr)
|
||||
|
||||
## Docker Hub and GHCR
|
||||
|
||||
The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub)
|
||||
and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the
|
||||
image to these registries.
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.CR_PAT }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: true
|
||||
tags: |
|
||||
user/app:latest
|
||||
user/app:1.0.0
|
||||
ghcr.io/user/app:latest
|
||||
ghcr.io/user/app:1.0.0
|
||||
```
|
84
docs/advanced/secrets.md
Normal file
84
docs/advanced/secrets.md
Normal file
|
@ -0,0 +1,84 @@
|
|||
# Secrets
|
||||
|
||||
In the following example we will expose and use the [GITHUB_TOKEN secret](https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret)
|
||||
as provided by GitHub in your workflow.
|
||||
|
||||
First let's create our `Dockerfile` to use our secret:
|
||||
|
||||
```Dockerfile
|
||||
#syntax=docker/dockerfile:1.2
|
||||
|
||||
FROM alpine
|
||||
RUN --mount=type=secret,id=github_token \
|
||||
cat /run/secrets/github_token
|
||||
```
|
||||
|
||||
As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
|
||||
the [`secrets` input](../../README.md#inputs):
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tags: user/app:latest
|
||||
secrets: |
|
||||
"github_token=${{ secrets.GITHUB_TOKEN }}"
|
||||
```
|
||||
|
||||
> :bulb: You can also expose a secret file to the build with [`secret-files`](../../README.md#inputs) input:
|
||||
> ```yaml
|
||||
> secret-files: |
|
||||
> "MY_SECRET=./secret.txt"
|
||||
> ```
|
||||
|
||||
If you're using [GitHub secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) and need to handle
|
||||
multi-line value, you will need to place the key-value pair between quotes:
|
||||
|
||||
```yaml
|
||||
secrets: |
|
||||
"MYSECRET=${{ secrets.GPG_KEY }}"
|
||||
GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
|
||||
"MYSECRET=aaaaaaaa
|
||||
bbbbbbb
|
||||
ccccccccc"
|
||||
FOO=bar
|
||||
"EMPTYLINE=aaaa
|
||||
|
||||
bbbb
|
||||
ccc"
|
||||
"JSON_SECRET={""key1"":""value1"",""key2"":""value2""}"
|
||||
```
|
||||
|
||||
| Key | Value |
|
||||
|--------------------|--------------------------------------------------|
|
||||
| `MYSECRET` | `***********************` |
|
||||
| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789` |
|
||||
| `MYSECRET` | `aaaaaaaa\nbbbbbbb\nccccccccc` |
|
||||
| `FOO` | `bar` |
|
||||
| `EMPTYLINE` | `aaaa\n\nbbbb\nccc` |
|
||||
| `JSON_SECRET` | `{"key1":"value1","key2":"value2"}` |
|
||||
|
||||
> :bulb: All quote signs need to be doubled for escaping.
|
70
docs/advanced/tags-labels.md
Normal file
70
docs/advanced/tags-labels.md
Normal file
|
@ -0,0 +1,70 @@
|
|||
# Handle tags and labels
|
||||
|
||||
If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
|
||||
"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
|
||||
for labels, you can do it in a dedicated step. The following workflow will use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta)
|
||||
to handle tags and labels based on GitHub actions events and Git metadata.
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 10 * * *' # everyday at 10am
|
||||
push:
|
||||
branches:
|
||||
- '**'
|
||||
tags:
|
||||
- 'v*.*.*'
|
||||
pull_request:
|
||||
branches:
|
||||
- 'master'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Docker meta
|
||||
id: docker_meta
|
||||
uses: crazy-max/ghaction-docker-meta@v1
|
||||
with:
|
||||
# list of Docker images to use as base name for tags
|
||||
images: |
|
||||
name/app
|
||||
ghcr.io/username/app
|
||||
# add git short SHA as Docker tag
|
||||
tag-sha: true
|
||||
-
|
||||
name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
-
|
||||
name: Login to DockerHub
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Login to GHCR
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ secrets.GHCR_USERNAME }}
|
||||
password: ${{ secrets.GHCR_TOKEN }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.docker_meta.outputs.tags }}
|
||||
labels: ${{ steps.docker_meta.outputs.labels }}
|
||||
```
|
Loading…
Reference in a new issue