GitHub Action to build and push Docker images with Buildx
Find a file
CrazyMax a63b18dea2
Enhance documentation
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-02-17 18:53:20 +01:00
.github Enhance virtual-env workflow 2021-02-15 20:39:21 +01:00
__tests__ Allow to use secret file mount 2021-02-15 10:08:25 +01:00
dist Merge pull request #296 from crazy-max/secret-file 2021-02-16 13:15:29 +01:00
docs/advanced Enhance documentation 2021-02-17 18:53:20 +01:00
src Allow to use secret file mount 2021-02-15 10:08:25 +01:00
test Enable iidfile for multi-platform 2020-10-21 09:51:12 +02:00
.dockerignore Container based developer flow 2020-10-23 21:59:05 +02:00
.editorconfig Move editorconfig 2020-08-11 21:05:57 +02:00
.gitattributes Build push action v2 2020-08-16 00:36:41 +02:00
.gitignore Build push action v2 2020-08-16 00:36:41 +02:00
.prettierrc.json Build push action v2 2020-08-16 00:36:41 +02:00
action.yml Update action.yml 2021-02-16 11:56:02 +01:00
docker-bake.hcl Container based developer flow 2020-10-23 21:59:05 +02:00
Dockerfile Allow to use secret file mount 2021-02-15 10:08:25 +01:00
jest.config.js Do not set --iidfile flag if local and tar exporters are used 2020-10-19 21:17:12 +02:00
LICENSE Rename LICENCE to LICENSE 2020-03-17 18:43:10 -07:00
package.json Bump csv-parse from 4.14.2 to 4.15.1 2021-02-02 05:59:48 +00:00
README.md Enhance documentation 2021-02-17 18:53:20 +01:00
TROUBLESHOOTING.md Enhance documentation 2021-02-17 18:53:20 +01:00
tsconfig.json Move setup-buildx and setup-qemu actions 2020-08-24 14:04:40 +02:00
UPGRADE.md Enhance documentation 2021-02-17 18:53:20 +01:00
yarn.lock Bump csv-parse from 4.14.2 to 4.15.1 2021-02-02 05:59:48 +00:00

GitHub release GitHub marketplace CI workflow Test workflow Codecov

Upgrade from v1

v2 of this action includes significant updates and now uses Docker Buildx. It's also rewritten as a typescript-action to be as close as possible of the GitHub Runner during its execution.

Upgrade notes with many usage examples have been added to handle most use cases but v1 is still available through releases/v1 branch.

About

GitHub Action to build and push Docker images with Buildx with full support of the features provided by Moby BuildKit builder toolkit. This includes multi-platform build, secrets, remote cache, etc. and different builder deployment/namespacing options.

💡 See also:

Screenshot


Usage

By default, this action uses the Git context so you don't need to use the actions/checkout action to checkout the repository because this will be done directly by buildkit. The git reference will be based on the event that triggered your workflow and will result in the following context: https://github.com/<owner>/<repo>.git#<ref>.

Be careful because any file mutation in the steps that precede the build step will be ignored since the context is based on the git reference. However, you can use the Path context using the context input alongside the actions/checkout action to remove this restriction.

In the examples below we are using 3 other actions:

  • setup-buildx action will create and boot a builder using by default the docker-container builder driver. This is not required but recommended using it to be able to build multi-platform images, export cache, etc.
  • setup-qemu action can be useful if you want to add emulation support with QEMU to be able to build against more platforms.
  • login action will take care to log in against a Docker registry.

Git context

name: ci

on:
  push:
    branches:
      - 'master'

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          push: true
          tags: user/app:latest
      -
        name: Image digest
        run: echo ${{ steps.docker_build.outputs.digest }}

Building from the current repository automatically uses the GitHub Token so it does not need to be passed. If you want to authenticate against another private repository, you have to use a secret named GIT_AUTH_TOKEN to be able to authenticate against it with buildx:

      -
        name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          push: true
          tags: user/app:latest
          secrets: |
            GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}            

⚠️ Subdir for Git context is not yet supported (moby/buildkit#1684) but you can use the path context in the meantime. More info on Docker docs website.

Path context

name: ci

on:
  push:
    branches:
      - 'master'

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          push: true
          tags: user/app:latest

Advanced usage

Customizing

inputs

Following inputs can be used as step.with keys

List type is a newline-delimited string

cache-from: |
  user/app:cache
  type=local,src=path/to/dir  

CSV type is a comma-delimited string

tags: name/app:latest,name/app:1.0.0
Name Type Description
builder String Builder instance (see setup-buildx action)
context String Build's context is the set of files located in the specified PATH or URL (default Git context)
file String Path to the Dockerfile. (default {context}/Dockerfile)
build-args List List of build-time variables
labels List List of metadata for an image
tags List/CSV List of tags
pull Bool Always attempt to pull a newer version of the image (default false)
target String Sets the target stage to build
allow List/CSV List of extra privileged entitlement (eg. network.host,security.insecure)
no-cache Bool Do not use cache when building the image (default false)
platforms List/CSV List of target platforms for build
load Bool Load is a shorthand for --output=type=docker (default false)
push Bool Push is a shorthand for --output=type=registry (default false)
outputs List List of output destinations (format: type=local,dest=path)
cache-from List List of external cache sources (eg. type=local,src=path/to/dir)
cache-to List List of cache export destinations (eg. type=local,dest=path/to/dir)
secrets List List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)
secret-files List List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)
ssh List List of SSH agent socket or keys to expose to the build

outputs

Following outputs are available

Name Type Description
digest String Image content-addressable identifier also called a digest

Troubleshooting

See TROUBLESHOOTING.md

Keep up-to-date with GitHub Dependabot

Since Dependabot has native GitHub Actions support, to enable it on your GitHub repo all you need to do is add the .github/dependabot.yml file:

version: 2
updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"

Limitation

This action is only available for Linux virtual environments.