elgohr / Publish-Docker-Github-Action

A Github Action used to build and publish Docker images
MIT License
781 stars 209 forks source link
actions aws-ecr build continuous-delivery docker github-actions publishing push

Publishes docker containers

Release

This Action for Docker uses the Git branch as the Docker tag for building and pushing the container. Hereby the master-branch is published as the latest-tag.

Usage

Example pipeline

name: Publish Docker
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Publish to Registry
      uses: elgohr/Publish-Docker-Github-Action@v5
      with:
        name: myDocker/repository
        username: ${{ secrets.DOCKER_USERNAME }}
        password: ${{ secrets.DOCKER_PASSWORD }}

Mandatory Arguments

name is the name of the image you would like to push
username the login username for the registry
password the authentication token [preferred] or login password for the registry.

If you would like to publish the image to other registries, these actions might be helpful

Registry Action
Amazon Webservices Elastic Container Registry (ECR) https://github.com/elgohr/ecr-login-action
Google Cloud Container Registry https://github.com/elgohr/gcloud-login-action

Outputs

tag is the tag, which was pushed
snapshot-tag is the tag that is generated by the snapshot-option and pushed
digest is the digest of the image, which was pushed

Optional Arguments

registry

Use registry for pushing to a custom registry.

As GitHub Packages Docker registry uses a different path format to GitHub Container Registry or Docker Hub. See Configuring Docker for use with GitHub Package Registry for more information.
For publishing to GitHub Container Registry please see Migrating to GitHub Container Registry for Docker images.

If you're using GitHub Packages Docker or GitHub Container Registry, you might also want to use ${{ github.actor }} as the username.

with:
  name: owner/repository/image
  username: ${{ github.actor }}
  password: ${{ secrets.GITHUB_TOKEN }}
  registry: ghcr.io

snapshot

Use snapshot to push an additional image, which is tagged with
{YEAR}{MONTH}{DAY}{HOUR}{MINUTE}{SECOND}{first 6 digits of the git sha}.
The date was inserted to prevent new builds with external dependencies override older builds with the same sha. When you would like to think about versioning images, this might be useful.

with:
  name: myDocker/repository
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
  snapshot: true

default_branch

Use default_branch when you want to use a different branch than master as the default branch.

with:
  name: myDocker/repository
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
  default_branch: trunk

dockerfile

Use dockerfile when you would like to explicitly build a Dockerfile.
This might be useful when you have multiple DockerImages.

with:
  name: myDocker/repository
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
  dockerfile: MyDockerFileName

workdir

Use workdir when you would like to change the directory for building.

with:
  name: myDocker/repository
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
  workdir: mySubDirectory

context

Use context when you would like to change the Docker build context.

with:
  name: myDocker/repository
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
  context: myContextDirectory

buildargs

Use buildargs when you want to pass a list of environment variables as build-args. Identifiers are separated by comma.
All buildargs will be masked, so that they don't appear in the logs.

- name: Publish to Registry
  uses: elgohr/Publish-Docker-Github-Action@v5
  env:
    MY_FIRST: variableContent
    MY_SECOND: variableContent
  with:
    name: myDocker/repository
    username: ${{ secrets.DOCKER_USERNAME }}
    password: ${{ secrets.DOCKER_PASSWORD }}
    buildargs: MY_FIRST,MY_SECOND

buildoptions

Use buildoptions when you want to configure options for building.

- name: Publish to Registry
  uses: elgohr/Publish-Docker-Github-Action@v5
  with:
    name: myDocker/repository
    username: ${{ secrets.DOCKER_USERNAME }}
    password: ${{ secrets.DOCKER_PASSWORD }}
    buildoptions: "--compress --force-rm"

platforms

Use platforms when you would like to build for specific target architectures.
Architectures are separated by comma.

docker/setup-buildx-action must be executed before a step that contains platforms.

- name: Set up Docker Buildx
  uses: docker/setup-buildx-action@v2
- name: Publish to Registry
  uses: elgohr/Publish-Docker-Github-Action@v5
  with:
    name: myDocker/repository
    username: ${{ secrets.DOCKER_USERNAME }}
    password: ${{ secrets.DOCKER_PASSWORD }}
    platforms: linux/amd64,linux/arm64

cache

Use cache when you have big images, that you would only like to build partially (changed layers).

CAUTION: Docker builds will cache non-repoducable commands, such as installing packages. If you use this option, your packages will never update. To avoid this, run this action on a schedule with caching disabled to rebuild the cache periodically.

name: Publish to Registry
on:
  push:
    branches:
      - master
  schedule:
    - cron: '0 2 * * 0' # Weekly on Sundays at 02:00
jobs:
  update:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Publish to Registry
      uses: elgohr/Publish-Docker-Github-Action@v5
      with:
        name: myDocker/repository
        username: ${{ secrets.DOCKER_USERNAME }}
        password: ${{ secrets.DOCKER_PASSWORD }}
        cache: ${{ github.event_name != 'schedule' }}

no_push

Use no_push when you want to build an image, but not push it to a registry.

with:
  name: myDocker/repository
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
  no_push: ${{ github.event_name == 'push' }}

Tags

This action supports multiple options that tags are handled.
By default a tag is pushed as latest.
Furthermore, one of the following options can be used.

tags

Use tags when you want to bring your own tags (separated by comma).

- name: Publish to Registry
  uses: elgohr/Publish-Docker-Github-Action@v5
  with:
    name: myDocker/repository
    username: ${{ secrets.DOCKER_USERNAME }}
    password: ${{ secrets.DOCKER_PASSWORD }}
    tags: "latest,another"

When using dynamic tag names the environment variable must be set via echo, as variables set in the environment will not auto resolve by convention.
This example illustrates how you would push to latest along with creating a custom version tag in a release. Setting it to only run on published events will keep your tags from being filled with commit hashes and will only publish when a GitHub release is created, so if the GitHub release is 2.14 this will publish to the latest and 2.14 tags.

name: Publish to Registry
on:    
  release:
      types: [published]
  push:
    branches:
      - master
  schedule:
    - cron: '0 2 * * 0' # Weekly on Sundays at 02:00
jobs:
  update:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - id: pre-step
      shell: bash
      run: echo "release-version=$(echo ${GITHUB_REF:10})" >> $GITHUB_OUTPUT
    - name: Publish to Registry
      uses: elgohr/Publish-Docker-Github-Action@v5
      with:
        name: myDocker/repository
        username: ${{ secrets.DOCKER_USERNAME }}
        password: ${{ secrets.DOCKER_PASSWORD }}
        tags: "latest,${{ steps.pre-step.outputs.release-version }}"

tag_names

Use tag_names when you want to push tags/release by their git name (e.g. refs/tags/MY_TAG_NAME).

CAUTION: Images produced by this feature can be override by branches with the same name - without a way to restore.

with:
  name: myDocker/repository
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
  tag_names: true

tag_semver

Use tag_semver when you want to push tags using the semver syntax by their git name (e.g. refs/tags/v1.2.3). This will push four docker tags: 1.2.3, 1.2 and 1. A prefix 'v' will automatically be removed.

CAUTION: Images produced by this feature can be override by branches with the same name - without a way to restore.

with:
  name: myDocker/repository
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
  tag_semver: true

Sponsors

A big "Thank you!" to the people that help to make this code sustainable:
SerhatG EdgeDB Pedro Sanders