GitHub Action to build and publish Docker Images to GitHub Container registry
Usage examples:
Build and publish Docker Image with the head tag for the develop branch
Complete workflow example
name: Build and publish
on:
push:
branches:
- "develop" # Running this workflow only for develop branch
jobs:
build-and-publish-head:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.5.0 # Checking out the repo
- name: Build and publish "head" Docker image
uses: VaultVulp/gp-docker-action@1.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
image-tag: head # Provide Docker image tagBuild and publish Docker Image with a latest tag for the master branch with different dockerfile
Complete workflow example
name: Build and publish
on:
push:
branches:
- "master" # Running this workflow only for master branch
jobs:
build-and-publish-latest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.5.0 # Checking out the repo
- name: Build and publish "latest" Docker image
uses: VaultVulp/gp-docker-action@1.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide only Docker image name, tag will be automatically set to latest
dockerfile: Alternative.Dockerfile # Provide custom Dockerfile nameBuild and publish Docker Image with a tag equal to a git tag
Complete workflow example
name: Build and publish
on:
push:
tags:
- "*" # Running this workflow for any tag
jobs:
build-and-publish-tag:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.5.0 # Checking out the repo
- name: Build and publish Docker image tagged according to a git-tag
uses: VaultVulp/gp-docker-action@1.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide only Docker image name
extract-git-tag: true # Provide flag to extract Docker image tag from git referenceBuild and publish Docker Image with a different build context
Complete workflow example
name: Build and publish
on: push
jobs:
build-and-publish-context:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.5.0 # Checking out the repo
- name: Build and publish Docker image from a different context
uses: VaultVulp/gp-docker-action@1.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
build-context: ./dev # Provide path to the folder with a DockerfilePulling an image before building it
Complete workflow example
name: Build and publish
on: push
jobs:
pull-and-build-and-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.5.0 # Checking out the repo
- name: Pull, build and publish Docker image
uses: VaultVulp/gp-docker-action@1.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
pull-image: true # Provide the flag to pull imagePassing additional image tags
NB, additional-image-tags will not replace image-tag argument - additional tags will be appended to the list. If no image-tag was specified, then image will be tagged with the latest tag.
Examples
image-tag was specified:
image-name: my-cool-service
image-tags: first
additional-image-tags: second thirdAction will produce one image with three tags:
my-cool-service:firstmy-cool-service:secondmy-cool-service:third
No image-tag was specified:
In this case action will use the default latest tag.
image-name: my-cool-service
additional-image-tags: second thirdAction will produce one image with three tags:
my-cool-service:latestmy-cool-service:secondmy-cool-service:third
Complete workflow example
name: Build and publish
on: push
jobs:
build-with-multiple-tags:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.5.0 # Checking out the repo
- name: Build and publish Docker image with multiple tags
uses: VaultVulp/gp-docker-action@1.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
image-tags: first # if ommitted will be replaced with "latest"
additional-image-tags: second third # two additional tags for an imageCross-platform builds
It's possible to leverage custom-args to build images for different architectures.
Examples
One architeture
custom-args: --platform=linux/arm64 # target architectureMultiple architetures
custom-args: --platform=linux/arm64,linux/amd64 # multiple target architecturesComplete workflow example
name: Build and publish
on: push
jobs:
cross-platform-builds:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.5.0 # Checking out the repo
- name: Build and publish Docker image for ARM64 and AMD64 architectures at the same time
uses: VaultVulp/gp-docker-action@1.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
custom-args: --platform=linux/arm64,linux/amd64 # specify target architectures via the `custom-args` agrumentPassing additional arguments to the docker build command
NB, additional arguments should be passed with the = sign istead of a (space) between argument name and values.
Correct example:
custom-args: --build-arg=some="value"
# ^ this "=" is mandatoryIncorrect example:
custom-args: --build-arg some="value"
# ^ this space might break the actionComplete workflow example
name: Build and publish
on: push
jobs:
build-with-custom-args:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.5.0 # Checking out the repo
- name: Build and publish Docker image with arbitrary --build-arg(s)
uses: VaultVulp/gp-docker-action@1.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
custom-args: --build-arg=some="value" --build-arg=some_other="value" # Pass some additional arguments to the docker build commandMy own repo with examples
VaultVulp/test-gp-docker-action
Security considerations
You will encounter the following log message in your GitHub Actions Pipelines:
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Login Succeeded
I would like to ensure you, that I do not store your secrets, passwords, token, or any other information.
This warning informs you about the fact, that this Action passes your GitHub token via the command line argument:
docker login -u publisher -p ${DOCKER_TOKEN} ghcr.ioIn a non-safe environment, this could raise a security issue, but this is not the case. We are passing a temporary authorization token, which will expire once the pipeline is completed. It would also require additional code to extract this token from the environment or docker internals, that this Action does not have.
This is the detailed explanation about the ${{ secrets.GITHUB_TOKEN }} and it's relations with the GCR.