diff --git a/README.md b/README.md index 1d32e94b0..ee647179a 100644 --- a/README.md +++ b/README.md @@ -6,18 +6,18 @@ ## Upgrade from v1 -`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It -works with 3 new actions ([login](https://github.com/docker/login-action), [setup-buildx](https://github.com/docker/setup-buildx-action) -and [setup-qemu](https://github.com/docker/setup-qemu-action)) that we have created. It's also rewritten as a -[typescript-action](https://github.com/actions/typescript-action/) to be as close as possible of the -[GitHub Runner](https://github.com/actions/virtual-environments) during its execution. +`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It's +also rewritten as a [typescript-action](https://github.com/actions/typescript-action/) to be as close as possible +of the [GitHub Runner](https://github.com/actions/virtual-environments) during its execution. -[Upgrade notes](UPGRADE.md) and many [usage examples](#usage) have been added to handle most use cases but `v1` is -still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1). +[Upgrade notes](UPGRADE.md) with many [usage examples](#advanced-usage) have been added to handle most use cases but +`v1` is still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1). ## About -GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx). +GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx) with full support of the +features provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-platform +build, secrets, remote cache, etc. and different builder deployment/namespacing options. > :bulb: See also: > * [login](https://github.com/docker/login-action) action @@ -31,46 +31,58 @@ ___ * [Usage](#usage) * [Git context](#git-context) * [Path context](#path-context) - * [Isolated builders](#isolated-builders) - * [Multi-platform image](#multi-platform-image) * [Advanced usage](#advanced-usage) - * [Push to multi-registries](#push-to-multi-registries) - * [Cache to registry](#cache-to-registry) - * [Local registry](#local-registry) - * [Export image to Docker](#export-image-to-docker) - * [Leverage GitHub cache](#leverage-github-cache) - * [Handle tags and labels](#handle-tags-and-labels) - * [Update DockerHub repo description](#update-dockerhub-repo-description) + * [Multi-platform image](docs/advanced/multi-platform.md) + * [Secrets](docs/advanced/secrets.md) + * [Isolated builders](docs/advanced/isolated-builders.md) + * [Push to multi-registries](docs/advanced/push-multi-registries.md) + * [Cache](docs/advanced/cache.md) + * [Registry cache](docs/advanced/cache.md#registry-cache) + * [GitHub cache](docs/advanced/cache.md#github-cache) + * [Local registry](docs/advanced/local-registry.md) + * [Export image to Docker](docs/advanced/export-docker.md) + * [Handle tags and labels](docs/advanced/tags-labels.md) + * [Update DockerHub repo description](docs/advanced/dockerhub-desc.md) * [Customizing](#customizing) * [inputs](#inputs) * [outputs](#outputs) -* [Notes](#notes) - * [Multi-line secret value](#multi-line-secret-value) * [Troubleshooting](#troubleshooting) * [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot) * [Limitation](#limitation) ## Usage -This action uses our [setup-buildx](https://github.com/docker/setup-buildx-action) action that extends the -`docker build` command named [buildx](https://github.com/docker/buildx) with the full support of the features -provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-arch build, -build-secrets, remote cache, etc. and different builder deployment/namespacing options. +By default, this action uses the [Git context](#git-context) so you don't need to use the +[`actions/checkout`](https://github.com/actions/checkout/) action to checkout the repository because this will be +done directly by buildkit. The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows) +and will result in the following context: `https://github.com//.git#`. -### Git context +Be careful because **any file mutation in the steps that precede the build step will be ignored** since +the context is based on the git reference. However, you can use the [Path context](#path-context) using the +[`context` input](#inputs) alongside the [`actions/checkout`](https://github.com/actions/checkout/) action to remove +this restriction. + +In the examples below we are using 3 other actions: -The default behavior of this action is to use the Git context invoked by your workflow. -(eg. `https://github.com//.git#`) +* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will create and boot a builder using by +default the `docker-container` [builder driver](https://github.com/docker/buildx#--driver-driver). This is +**not required but recommended** using it to be able to build multi-platform images, export cache, etc. +* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be useful if you want +to add emulation support with QEMU to be able to build against more platforms. +* [`login`](https://github.com/docker/setup-qemu-action) action will take care to log in against a Docker registry. + +### Git context ```yaml name: ci on: push: - branches: master + branches: + - 'master' jobs: - main: + docker: runs-on: ubuntu-latest steps: - @@ -92,17 +104,14 @@ jobs: with: push: true tags: user/app:latest - build-args: | - arg1=value1 - arg2=value2 - name: Image digest run: echo ${{ steps.docker_build.outputs.digest }} ``` -Building from current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token) -as provided by `secrets` so it does not need to be passed. But if you want to authenticate against another private -repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx: +Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token) +so it does not need to be passed. If you want to authenticate against another private repository, you have to use +a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx: ```yaml - @@ -117,23 +126,20 @@ repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authen ``` > :warning: Subdir for Git context is not yet supported ([moby/buildkit#1684](https://github.com/moby/buildkit/issues/1684)) -> but you can use the [path context](#path-context) in the meantime. - -> More info: https://docs.docker.com/engine/reference/commandline/build/#git-repositories +> but you can use the [path context](#path-context) in the meantime. More info on [Docker docs website](https://docs.docker.com/engine/reference/commandline/build/#git-repositories). ### Path context -You can also use the `PATH` context alongside the [`actions/checkout`](https://github.com/actions/checkout/) action. - ```yaml name: ci on: push: - branches: master + branches: + - 'master' jobs: - path-context: + docker: runs-on: ubuntu-latest steps: - @@ -156,432 +162,23 @@ jobs: uses: docker/build-push-action@v2 with: context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64,linux/386 push: true tags: user/app:latest ``` -### Isolated builders - -```yaml -name: ci - -on: - push: - branches: master - -jobs: - multi-builders: - runs-on: ubuntu-latest - steps: - - - uses: docker/setup-buildx-action@v1 - id: builder1 - - - uses: docker/setup-buildx-action@v1 - id: builder2 - - - name: Builder 1 name - run: echo ${{ steps.builder1.outputs.name }} - - - name: Builder 2 name - run: echo ${{ steps.builder2.outputs.name }} - - - name: Build against builder1 - uses: docker/build-push-action@v2 - with: - builder: ${{ steps.builder1.outputs.name }} - target: mytarget1 - - - name: Build against builder2 - uses: docker/build-push-action@v2 - with: - builder: ${{ steps.builder2.outputs.name }} - target: mytarget2 -``` - -### Multi-platform image - -```yaml -name: ci - -on: - push: - branches: master - -jobs: - multi: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x - push: true - tags: | - user/app:latest - user/app:1.0.0 -``` - ## Advanced usage -### Push to multi-registries - -The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub) -and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the -image to these registries. - -
- Show workflow - - ```yaml - name: ci - - on: - push: - branches: master - - jobs: - multi-registries: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.CR_PAT }} - - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x - push: true - tags: | - user/app:latest - user/app:1.0.0 - ghcr.io/user/app:latest - ghcr.io/user/app:1.0.0 - ``` -
- -### Cache to registry - -You can import/export cache from a cache manifest or (special) image configuration on the registry. - -
- Show workflow - - ```yaml - name: ci - - on: - push: - branches: master - - jobs: - registry-cache: - runs-on: ubuntu-latest - steps: - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v2 - with: - push: true - tags: user/app:latest - cache-from: type=registry,ref=user/app:latest - cache-to: type=inline - ``` -
- -### Local registry - -For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into: - -
- Show workflow - - ```yaml - name: ci - - on: - push: - branches: master - - jobs: - local-registry: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - with: - driver-opts: network=host - - - name: Build and push to local registry - uses: docker/build-push-action@v2 - with: - push: true - tags: localhost:5000/name/app:latest - - - name: Inspect - run: | - docker buildx imagetools inspect localhost:5000/name/app:latest - ``` -
- -### Export image to Docker - -You may want your build result to be available in the Docker client through `docker images` to be able to use it -in another step of your workflow: - -
- Show workflow - - ```yaml - name: ci - - on: - push: - branches: master - - jobs: - export-docker: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Build - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - load: true - tags: myimage:latest - - - name: Inspect - run: | - docker image inspect myimage:latest - ``` -
- -### Leverage GitHub cache - -You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows) -using [actions/cache](https://github.com/actions/cache) with this action: - -
- Show workflow - - ```yaml - name: ci - - on: - push: - branches: master - - jobs: - github-cache: - runs-on: ubuntu-latest - steps: - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v2 - with: - push: true - tags: user/app:latest - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - ``` -
- -### Handle tags and labels - -If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an -"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md) -for labels, you can do it in a dedicated step. The following workflow will use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta) -to handle tags and labels based on GitHub actions events and Git metadata. - -
- Show workflow - - ```yaml - name: ci - - on: - schedule: - - cron: '0 10 * * *' # everyday at 10am - push: - branches: - - '**' - tags: - - 'v*.*.*' - pull_request: - - jobs: - docker: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: Docker meta - id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 - with: - images: name/app # list of Docker images to use as base name for tags - tag-sha: true # add git short SHA as Docker tag - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - id: docker_build - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64,linux/386 - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} - ``` -
- -### Update DockerHub repo description - -You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using -a third-party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description) -with this action: - -
- Show workflow - - ```yaml - name: ci - - on: - push: - branches: master - - jobs: - main: - runs-on: ubuntu-latest - steps: - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v2 - with: - push: true - tags: user/app:latest - - - name: Update repo description - uses: peter-evans/dockerhub-description@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: user/app - ``` -
+* [Multi-platform image](docs/advanced/multi-platform.md) +* [Secrets](docs/advanced/secrets.md) +* [Isolated builders](docs/advanced/isolated-builders.md) +* [Push to multi-registries](docs/advanced/push-multi-registries.md) +* [Cache](docs/advanced/cache.md) + * [Registry cache](docs/advanced/cache.md#registry-cache) + * [GitHub cache](docs/advanced/cache.md#github-cache) +* [Local registry](docs/advanced/local-registry.md) +* [Export image to Docker](docs/advanced/export-docker.md) +* [Handle tags and labels](docs/advanced/tags-labels.md) +* [Update DockerHub repo description](docs/advanced/dockerhub-desc.md) ## Customizing @@ -631,38 +228,6 @@ Following outputs are available |---------------|---------|---------------------------------------| | `digest` | String | Image content-addressable identifier also called a digest | -## Notes - -### Multi-line secret value - -To handle multi-line value for a secret, you will need to place the key-value pair between quotes: - -```yaml -secrets: | - "MYSECRET=${{ secrets.GPG_KEY }}" - GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789 - "MYSECRET=aaaaaaaa - bbbbbbb - ccccccccc" - FOO=bar - "EMPTYLINE=aaaa - - bbbb - ccc" - "JSON_SECRET={""key1"":""value1"",""key2"":""value2""}" -``` - -| Key | Value | -|--------------------|--------------------------------------------------| -| `MYSECRET` | `***********************` | -| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789` | -| `MYSECRET` | `aaaaaaaa\nbbbbbbb\nccccccccc` | -| `FOO` | `bar` | -| `EMPTYLINE` | `aaaa\n\nbbbb\nccc` | -| `JSON_SECRET` | `{"key1":"value1","key2":"value2"}` | - -> Note: all quote signs need to be doubled for escaping. - ## Troubleshooting See [TROUBLESHOOTING.md](TROUBLESHOOTING.md) diff --git a/TROUBLESHOOTING.md b/TROUBLESHOOTING.md index dd7cf6d72..6d22cf272 100644 --- a/TROUBLESHOOTING.md +++ b/TROUBLESHOOTING.md @@ -59,8 +59,7 @@ jobs: uses: docker/build-push-action@v2 with: context: . - file: ./Dockerfile - platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x + platforms: linux/amd64,linux/arm64 tags: docker.io/user/app:latest outputs: type=oci,dest=/tmp/image.tar - diff --git a/UPGRADE.md b/UPGRADE.md index 759c6225b..82c2f25ee 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -63,7 +63,6 @@ steps: uses: docker/build-push-action@v2 with: context: . - file: ./Dockerfile pull: true push: true build-args: | @@ -136,7 +135,6 @@ steps: uses: docker/build-push-action@v2 with: context: . - file: ./Dockerfile push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.prep.outputs.tags }} labels: | @@ -145,5 +143,5 @@ steps: org.opencontainers.image.revision=${{ github.sha }} ``` -> You can also use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta) to handle tags and -> labels based on GitHub actions events and Git metadata. A workflow example is available in the [README](README.md#handle-tags-and-labels). +> You can also use the [Docker meta action to handle tags and labels](docs/advanced/tags-labels.md) based on GitHub +> actions events and Git metadata. diff --git a/docs/advanced/cache.md b/docs/advanced/cache.md new file mode 100644 index 000000000..402831e8e --- /dev/null +++ b/docs/advanced/cache.md @@ -0,0 +1,107 @@ +# Cache + +* [Registry cache](#registry-cache) +* [GitHub cache](#github-cache) + +> More info about buildx cache: https://github.com/docker/buildx#--cache-fromnametypetypekeyvalue + +## Registry cache + +You can import/export cache from a cache manifest or (special) image configuration on the registry. + +```yaml +name: ci + +on: + push: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + push: true + tags: user/app:latest + cache-from: type=registry,ref=user/app:latest + cache-to: type=inline +``` + +## GitHub cache + +> :warning: At the moment caches are copied over the existing cache so it [keeps growing](https://github.com/docker/build-push-action/issues/252). +> The `Move cache` step is used as a temporary fix (see https://github.com/moby/buildkit/issues/1896). + +> :rocket: There is a new cache backend using GitHub cache being developed that will lighten your workflow. +> More info: https://github.com/docker/buildx/pull/535 + +You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows) +using [actions/cache](https://github.com/actions/cache) with this action: + +```yaml +name: ci + +on: + push: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - + name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + push: true + tags: user/app:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + - + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache +``` diff --git a/docs/advanced/dockerhub-desc.md b/docs/advanced/dockerhub-desc.md new file mode 100644 index 000000000..96fc623af --- /dev/null +++ b/docs/advanced/dockerhub-desc.md @@ -0,0 +1,48 @@ +# Update DockerHub repo description + +You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using +a third party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description) +with this action: + +```yaml +name: ci + +on: + push: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + push: true + tags: user/app:latest + - + name: Update repo description + uses: peter-evans/dockerhub-description@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + repository: user/app +``` diff --git a/docs/advanced/export-docker.md b/docs/advanced/export-docker.md new file mode 100644 index 000000000..db941fe85 --- /dev/null +++ b/docs/advanced/export-docker.md @@ -0,0 +1,35 @@ +# Export image to Docker + +You may want your build result to be available in the Docker client through `docker images` to be able to use it +in another step of your workflow: + +```yaml +name: ci + +on: + push: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Build + uses: docker/build-push-action@v2 + with: + context: . + load: true + tags: myimage:latest + - + name: Inspect + run: | + docker image inspect myimage:latest +``` diff --git a/docs/advanced/isolated-builders.md b/docs/advanced/isolated-builders.md new file mode 100644 index 000000000..82bed1e87 --- /dev/null +++ b/docs/advanced/isolated-builders.md @@ -0,0 +1,44 @@ +# Isolated builders + +```yaml +name: ci + +on: + push: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + uses: docker/setup-buildx-action@v1 + id: builder1 + - + uses: docker/setup-buildx-action@v1 + id: builder2 + - + name: Builder 1 name + run: echo ${{ steps.builder1.outputs.name }} + - + name: Builder 2 name + run: echo ${{ steps.builder2.outputs.name }} + - + name: Build against builder1 + uses: docker/build-push-action@v2 + with: + builder: ${{ steps.builder1.outputs.name }} + context: . + target: mytarget1 + - + name: Build against builder2 + uses: docker/build-push-action@v2 + with: + builder: ${{ steps.builder2.outputs.name }} + context: . + target: mytarget2 +``` diff --git a/docs/advanced/local-registry.md b/docs/advanced/local-registry.md new file mode 100644 index 000000000..7f341a2f7 --- /dev/null +++ b/docs/advanced/local-registry.md @@ -0,0 +1,44 @@ +# Local registry + +For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into: + +```yaml +name: ci + +on: + push: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + driver-opts: network=host + - + name: Build and push to local registry + uses: docker/build-push-action@v2 + with: + context: . + push: true + tags: localhost:5000/name/app:latest + - + name: Inspect + run: | + docker buildx imagetools inspect localhost:5000/name/app:latest +``` diff --git a/docs/advanced/multi-platform.md b/docs/advanced/multi-platform.md new file mode 100644 index 000000000..9e9e329b0 --- /dev/null +++ b/docs/advanced/multi-platform.md @@ -0,0 +1,44 @@ +# Multi-platform image + +You can build multi-platform images using the [`platforms` input](../../README.md#inputs) as described below. + +> :bulb: List of available platforms will be displayed and available through our [setup-buildx](https://github.com/docker/setup-buildx-action#about) action. + +> :bulb: If you want support for more platforms, you can use QEMU with our [setup-qemu](https://github.com/docker/setup-qemu-action) action. + +```yaml +name: ci + +on: + push: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: user/app:latest +``` diff --git a/docs/advanced/push-multi-registries.md b/docs/advanced/push-multi-registries.md new file mode 100644 index 000000000..f10984d0f --- /dev/null +++ b/docs/advanced/push-multi-registries.md @@ -0,0 +1,57 @@ +# Push to multi-registries + +* [Docker Hub and GHCR](#docker-hub-and-ghcr) + +## Docker Hub and GHCR + +The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub) +and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the +image to these registries. + +```yaml +name: ci + +on: + push: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.CR_PAT }} + - + name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: | + user/app:latest + user/app:1.0.0 + ghcr.io/user/app:latest + ghcr.io/user/app:1.0.0 +``` diff --git a/docs/advanced/secrets.md b/docs/advanced/secrets.md new file mode 100644 index 000000000..0879fdf4e --- /dev/null +++ b/docs/advanced/secrets.md @@ -0,0 +1,84 @@ +# Secrets + +In the following example we will expose and use the [GITHUB_TOKEN secret](https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret) +as provided by GitHub in your workflow. + +First let's create our `Dockerfile` to use our secret: + +```Dockerfile +#syntax=docker/dockerfile:1.2 + +FROM alpine +RUN --mount=type=secret,id=github_token \ + cat /run/secrets/github_token +``` + +As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using +the [`secrets` input](../../README.md#inputs): + +```yaml +name: ci + +on: + push: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Build + uses: docker/build-push-action@v2 + with: + context: . + platforms: linux/amd64,linux/arm64 + tags: user/app:latest + secrets: | + "github_token=${{ secrets.GITHUB_TOKEN }}" +``` + +> :bulb: You can also expose a secret file to the build with [`secret-files`](../../README.md#inputs) input: +> ```yaml +> secret-files: | +> "MY_SECRET=./secret.txt" +> ``` + +If you're using [GitHub secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) and need to handle +multi-line value, you will need to place the key-value pair between quotes: + +```yaml +secrets: | + "MYSECRET=${{ secrets.GPG_KEY }}" + GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789 + "MYSECRET=aaaaaaaa + bbbbbbb + ccccccccc" + FOO=bar + "EMPTYLINE=aaaa + + bbbb + ccc" + "JSON_SECRET={""key1"":""value1"",""key2"":""value2""}" +``` + +| Key | Value | +|--------------------|--------------------------------------------------| +| `MYSECRET` | `***********************` | +| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789` | +| `MYSECRET` | `aaaaaaaa\nbbbbbbb\nccccccccc` | +| `FOO` | `bar` | +| `EMPTYLINE` | `aaaa\n\nbbbb\nccc` | +| `JSON_SECRET` | `{"key1":"value1","key2":"value2"}` | + +> :bulb: All quote signs need to be doubled for escaping. diff --git a/docs/advanced/tags-labels.md b/docs/advanced/tags-labels.md new file mode 100644 index 000000000..8a9e99474 --- /dev/null +++ b/docs/advanced/tags-labels.md @@ -0,0 +1,70 @@ +# Handle tags and labels + +If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an +"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md) +for labels, you can do it in a dedicated step. The following workflow will use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta) +to handle tags and labels based on GitHub actions events and Git metadata. + +```yaml +name: ci + +on: + schedule: + - cron: '0 10 * * *' # everyday at 10am + push: + branches: + - '**' + tags: + - 'v*.*.*' + pull_request: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Docker meta + id: docker_meta + uses: crazy-max/ghaction-docker-meta@v1 + with: + # list of Docker images to use as base name for tags + images: | + name/app + ghcr.io/username/app + # add git short SHA as Docker tag + tag-sha: true + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Login to GHCR + if: github.event_name != 'pull_request' + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USERNAME }} + password: ${{ secrets.GHCR_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.docker_meta.outputs.tags }} + labels: ${{ steps.docker_meta.outputs.labels }} +```