Usage examples:
Build and publish Docker Image with the head tag for the develop branch
Complete workflow example
name: Build and publish on: push: branches: - "develop" # Running this workflow only for develop branch jobs: build-and-publish-head: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.5.0 # Checking out the repo - name: Build and publish "head" Docker image uses: VaultVulp/gp-docker-action@1.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages image-name: my-cool-service # Provide Docker image name image-tag: head # Provide Docker image tag
Build and publish Docker Image with a latest tag for the master branch with different dockerfile
Complete workflow example
name: Build and publish on: push: branches: - "master" # Running this workflow only for master branch jobs: build-and-publish-latest: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.5.0 # Checking out the repo - name: Build and publish "latest" Docker image uses: VaultVulp/gp-docker-action@1.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages image-name: my-cool-service # Provide only Docker image name, tag will be automatically set to latest dockerfile: Alternative.Dockerfile # Provide custom Dockerfile name
Build and publish Docker Image with a tag equal to a git tag
Complete workflow example
name: Build and publish on: push: tags: - "*" # Running this workflow for any tag jobs: build-and-publish-tag: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.5.0 # Checking out the repo - name: Build and publish Docker image tagged according to a git-tag uses: VaultVulp/gp-docker-action@1.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages image-name: my-cool-service # Provide only Docker image name extract-git-tag: true # Provide flag to extract Docker image tag from git reference
Build and publish Docker Image with a different build context
Complete workflow example
name: Build and publish on: push jobs: build-and-publish-context: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.5.0 # Checking out the repo - name: Build and publish Docker image from a different context uses: VaultVulp/gp-docker-action@1.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages image-name: my-cool-service # Provide Docker image name build-context: ./dev # Provide path to the folder with a Dockerfile
Pulling an image before building it
Complete workflow example
name: Build and publish on: push jobs: pull-and-build-and-publish: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.5.0 # Checking out the repo - name: Pull, build and publish Docker image uses: VaultVulp/gp-docker-action@1.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages image-name: my-cool-service # Provide Docker image name pull-image: true # Provide the flag to pull image
Passing additional image tags
NB, additional-image-tags will not replace image-tag argument - additional tags will be appended to the list. If no image-tag was specified, then image will be tagged with the latest tag.
Examples
image-tag was specified:
image-name: my-cool-service image-tags: first additional-image-tags: second third
Action will produce one image with three tags:
my-cool-service:firstmy-cool-service:secondmy-cool-service:third
No image-tag was specified:
In this case action will use the default latest tag.
image-name: my-cool-service additional-image-tags: second third
Action will produce one image with three tags:
my-cool-service:latestmy-cool-service:secondmy-cool-service:third
Complete workflow example
name: Build and publish on: push jobs: build-with-multiple-tags: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.5.0 # Checking out the repo - name: Build and publish Docker image with multiple tags uses: VaultVulp/gp-docker-action@1.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages image-name: my-cool-service # Provide Docker image name image-tags: first # if ommitted will be replaced with "latest" additional-image-tags: second third # two additional tags for an image
Cross-platform builds
It's possible to leverage custom-args to build images for different architectures.
Examples
One architeture
custom-args: --platform=linux/arm64 # target architecture
Multiple architetures
custom-args: --platform=linux/arm64,linux/amd64 # multiple target architectures
Complete workflow example
name: Build and publish on: push jobs: cross-platform-builds: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.5.0 # Checking out the repo - name: Build and publish Docker image for ARM64 and AMD64 architectures at the same time uses: VaultVulp/gp-docker-action@1.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages image-name: my-cool-service # Provide Docker image name custom-args: --platform=linux/arm64,linux/amd64 # specify target architectures via the `custom-args` agrument
Passing additional arguments to the docker build command
NB, additional arguments should be passed with the = sign istead of a (space) between argument name and values.
Correct example:
custom-args: --build-arg=some="value" # ^ this "=" is mandatory
Incorrect example:
custom-args: --build-arg some="value" # ^ this space might break the action
Complete workflow example
name: Build and publish on: push jobs: build-with-custom-args: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.5.0 # Checking out the repo - name: Build and publish Docker image with arbitrary --build-arg(s) uses: VaultVulp/gp-docker-action@1.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages image-name: my-cool-service # Provide Docker image name custom-args: --build-arg=some="value" --build-arg=some_other="value" # Pass some additional arguments to the docker build command
My own repo with examples
VaultVulp/test-gp-docker-action
Security considerations
You will encounter the following log message in your GitHub Actions Pipelines:
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Login Succeeded
I would like to ensure you, that I do not store your secrets, passwords, token, or any other information.
This warning informs you about the fact, that this Action passes your GitHub token via the command line argument:
docker login -u publisher -p ${DOCKER_TOKEN} ghcr.ioIn a non-safe environment, this could raise a security issue, but this is not the case. We are passing a temporary authorization token, which will expire once the pipeline is completed. It would also require additional code to extract this token from the environment or docker internals, that this Action does not have.
This is the detailed explanation about the ${{ secrets.GITHUB_TOKEN }} and it's relations with the GCR.