GitHub Action to build and push Docker images with Buildx with full support of the features provided by Moby BuildKit builder toolkit. This includes multi-platform build, secrets, remote cache, etc. and different builder deployment/namespacing options.
In the examples below we are also using 3 other actions:
setup-buildx
action will create and boot a builder using by default thedocker-container
driver. This is not required but recommended using it to be able to build multi-platform images, export cache, etc.setup-qemu
action can be useful if you want to add emulation support with QEMU to be able to build against more platforms.login
action will take care to log in against a Docker registry.
By default, this action uses the Git context,
so you don't need to use the actions/checkout
action to check out the repository as this will be done directly by BuildKit.
The git reference will be based on the event that triggered your workflow
and will result in the following context: https://github.com/<owner>/<repo>.git#<ref>
.
name: ci
on:
push:
branches:
- 'main'
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v5
with:
push: true
tags: user/app:latest
Be careful because any file mutation in the steps that precede the build step
will be ignored, including processing of the .dockerignore
file since
the context is based on the Git reference. However, you can use the
Path context using the context
input alongside
the actions/checkout
action to remove
this restriction.
Default Git context can also be provided using the Handlebars template
expression {{defaultContext}}
. Here we can use it to provide a subdirectory
to the default Git context:
-
# Setting up Docker Buildx with docker-container driver is required
# at the moment to be able to use a subdirectory with Git context
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build and push
uses: docker/build-push-action@v5
with:
context: "{{defaultContext}}:mysubdir"
push: true
tags: user/app:latest
Warning
Subdirectory for Git context is available from BuildKit v0.9.0.
If you're using the docker
builder (default if setup-buildx-action
not used),
then BuildKit in Docker Engine will be used. As Docker Engine < v22.x.x embeds
Buildkit 0.8.2 at the moment, it does not support this feature. It's therefore
required to use the setup-buildx-action
at the moment.
Building from the current repository automatically uses the GitHub Token,
so it does not need to be passed. If you want to authenticate against another
private repository, you have to use a secret
named GIT_AUTH_TOKEN
to be able to authenticate against it with Buildx:
-
name: Build and push
uses: docker/build-push-action@v5
with:
push: true
tags: user/app:latest
secrets: |
GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}
name: ci
on:
push:
branches:
- 'main'
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: user/app:latest
- Multi-platform image
- Secrets
- Push to multi-registries
- Manage tags and labels
- Cache management
- Export to Docker
- Test before push
- Local registry
- Share built image between jobs
- Named contexts
- Copy image between registries
- Update Docker Hub repo description
Following inputs can be used as step.with
keys
List
type is a newline-delimited string
cache-from: |
user/app:cache
type=local,src=path/to/dir
CSV
type is a comma-delimited string
tags: name/app:latest,name/app:1.0.0
Name
Type
Description
add-hosts
List/CSV
List of customs host-to-IP mapping (e.g., docker:10.180.0.1
)
allow
List/CSV
List of extra privileged entitlement (e.g., network.host,security.insecure
)
annotations
List
List of annotation to set to the image
attests
List
List of attestation parameters (e.g., type=sbom,generator=image
)
builder
String
Builder instance (see setup-buildx action)
build-args
List
List of build-time variables
build-contexts
List
List of additional build contexts (e.g., name=path
)
cache-from
List
List of external cache sources (e.g., type=local,src=path/to/dir
)
cache-to
List
List of cache export destinations (e.g., type=local,dest=path/to/dir
)
cgroup-parent
String
Optional parent cgroup for the container used in the build
context
String
Build's context is the set of files located in the specified PATH
or URL
(default Git context)
file
String
Path to the Dockerfile. (default {context}/Dockerfile
)
labels
List
List of metadata for an image
load
Bool
Load is a shorthand for --output=type=docker
(default false
)
network
String
Set the networking mode for the RUN
instructions during build
no-cache
Bool
Do not use cache when building the image (default false
)
no-cache-filters
List/CSV
Do not cache specified stages
outputs
¹
List
List of output destinations (format: type=local,dest=path
)
platforms
List/CSV
List of target platforms for build
provenance
Bool/String
Generate provenance attestation for the build (shorthand for --attest=type=provenance
)
pull
Bool
Always attempt to pull all referenced images (default false
)
push
Bool
Push is a shorthand for --output=type=registry
(default false
)
sbom
Bool/String
Generate SBOM attestation for the build (shorthand for --attest=type=sbom
)
secrets
List
List of secrets to expose to the build (e.g., key=string
, GIT_AUTH_TOKEN=mytoken
)
secret-envs
List/CSV
List of secret env vars to expose to the build (e.g., key=envname
, MY_SECRET=MY_ENV_VAR
)
secret-files
List
List of secret files to expose to the build (e.g., key=filename
, MY_SECRET=./secret.txt
)
shm-size
String
Size of /dev/shm
(e.g., 2g
)
ssh
List
List of SSH agent socket or keys to expose to the build
tags
List/CSV
List of tags
target
String
Sets the target stage to build
ulimit
List
Ulimit options (e.g., nofile=1024:1024
)
github-token
String
GitHub Token used to authenticate against a repository for Git context (default ${{ github.token }}
)
Note
- ¹ multiple
outputs
are not yet supported
The following outputs are available:
Name
Type
Description
imageid
String
Image ID
digest
String
Image digest
metadata
JSON
Build result metadata
Want to contribute? Awesome! You can find information about contributing to
this project in the CONTRIBUTING.md
build-push-action's People
Recommend Projects
-
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
-
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
-
Jobs
Jooble