docker-build-push
docker-build-push copied to clipboard
Published
20 hours ago •
mr-smithers-excellent
mr-smithers-excellent
Docker Build & Push GitHub Action
Docker Build & Push Action
Builds a Docker image and pushes it to the private registry of your choosing.
Supported Docker registries
- Docker Hub
- Google Container Registry (GCR)
- AWS Elastic Container Registry (ECR)
- GitHub Docker Registry
Breaking changes
If you're experiencing issues, be sure you are using the latest stable release (currently v5). The AWS ECR login command became deprecated between v4 and v5. Additionally, support for multiple tags was added between v4 and v5.
Basic usage
- Ensure you run the checkout action before using this action
- Add the following to a workflow
.ymlfile in the/.githubdirectory of your repo
steps:
- uses: actions/checkout@v2
name: Check out code
- uses: mr-smithers-excellent/docker-build-push@v5
name: Build & push Docker image
with:
image: repo/image
tags: v1, latest
registry: registry-url.io
dockerfile: Dockerfile.ci
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
Inputs
| Name | Description | Required | Type |
|---|---|---|---|
| image | Docker image name | Yes | String |
| tags | Comma separated docker image tags (see Tagging the image with GitOps) | No | List |
| addLatest | Adds the latest tag to the GitOps-generated tags |
No | Boolean |
| addTimestamp | Suffixes a build timestamp to the branch-based Docker tag | No | Boolean |
| registry | Docker registry host | Yes | String |
| dockerfile | Location of Dockerfile (defaults to Dockerfile) |
No | String |
| directory | Directory to pass to docker build command, if not project root |
No | String |
| buildArgs | Docker build arguments passed via --build-arg |
No | List |
| labels | Docker build labels passed via --label |
No | List |
| target | Docker build target passed via --target |
No | String |
| platform | Docker build platform passed via --platform |
No | String |
| username | Docker registry username | No | String |
| password | Docker registry password or token | No | String |
| githubOrg | GitHub organization to push image to (if not current) | No | String |
| enableBuildKit | Enables Docker BuildKit support | No | Boolean |
Outputs
| Name | Description | Format |
|---|---|---|
| imageFullName | Full name of the Docker image with registry prefix | registry/owner/image |
| imageName | Name of the Docker image with owner prefix | owner/image |
| tags | Tags for the Docker image | v1,latest |
Examples
Docker Hub
- Save your Docker Hub username (
DOCKER_USERNAME) and password (DOCKER_PASSWORD) as secrets in your GitHub repo - Modify sample below and include in your workflow
.github/workflows/*.ymlfile
uses: mr-smithers-excellent/docker-build-push@v5
with:
image: docker-hub-repo/image-name
registry: docker.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
Google Container Registry (GCR)
- Create a service account with the ability to push to GCR (see configuring access control)
- Create and download JSON key for new service account
- Save content of
.jsonfile as a secret calledDOCKER_PASSWORDin your GitHub repo - Modify sample below and include in your workflow
.github/workflows/*.ymlfile - Ensure you set the username to
_json_key
uses: mr-smithers-excellent/docker-build-push@v5
with:
image: gcp-project/image-name
registry: gcr.io
username: _json_key
password: ${{ secrets.DOCKER_PASSWORD }}
AWS Elastic Container Registry (ECR)
- Create an IAM user with the ability to push to ECR (see example policies)
- Create and download access keys
- Save
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYas secrets in your GitHub repo - Ensure the repo you are trying to push to already exists, if not create with
aws ecr create-repositorybefore pushing - Modify sample below and include in your workflow
.github/workflows/*.ymlfile
uses: mr-smithers-excellent/docker-build-push@v5
with:
image: image-name
registry: [aws-account-number].dkr.ecr.[region].amazonaws.com
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GitHub Container Registry
- GitHub recently migrated their container registry from docker.pkg.github.com to ghcr.io
- It is assumed you'll be pushing the image to a repo inside your GitHub organization, unless you set
githubOrg - If using ghcr.io, provide the image name in
ghcr.io/OWNER/IMAGE_NAMEformat - If using docker.pkg.github.com, provide the image name in
docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAMEformat - Provide either the
${{ github.actor }}or an alternate username for Docker login (with associated token below) - Pass the default GitHub Actions token or custom secret with proper push permissions
New ghcr.io
uses: mr-smithers-excellent/docker-build-push@v5
with:
image: image-name
registry: ghcr.io
githubOrg: override-org # optional
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_TOKEN }}
Legacy docker.pkg.github.com
uses: mr-smithers-excellent/docker-build-push@v5
with:
image: github-repo/image-name
registry: docker.pkg.github.com
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
Tagging the image using GitOps
By default, if you do not pass a tags input this action will use an algorithm based on the state of your git repo to determine the Docker image tag(s). This is designed to enable developers to more easily use GitOps in their CI/CD pipelines. Below is a table detailing how the GitHub trigger (branch or tag) determines the Docker tag(s).
| Trigger | Commit SHA | addLatest | addTimestamp | Docker Tag(s) |
|---|---|---|---|---|
| /refs/tags/v1.0 | N/A | false | N/A | v1.0 |
| /refs/tags/v1.0 | N/A | true | N/A | v1.0,latest |
| /refs/heads/dev | 1234567 | false | true | dev-1234567-2021-09-01.195027 |
| /refs/heads/dev | 1234567 | true | false | dev-1234567,latest |
| /refs/heads/main | 1234567 | false | true | main-1234567-2021-09-01.195027 |
| /refs/heads/main | 1234567 | true | false | main-1234567,latest |
| /refs/heads/SOME-feature | 1234567 | false | true | some-feature-1234567-2021-09-01.195027 |
| /refs/heads/SOME-feature | 1234567 | true | false | some-feature-1234567,latest |
mr-smithers-excellent