name: Build and publish
on:
push:
branches:
- "develop" # Running this workflow only for develop branch
jobs:
build-and-publish-head:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected] # Checking out the repo
- name: Build and publish "head" Docker image
uses: VaultVulp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
image-tag: head # Provide Docker image tagname: Build and publish
on:
push:
branches:
- "master" # Running this workflow only for master branch
jobs:
build-and-publish-latest:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected] # Checking out the repo
- name: Build and publish "latest" Docker image
uses: VaultVulp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide only Docker image name, tag will be automatically set to latest
dockerfile: Alternative.Dockerfile # Provide custom Dockerfile namename: Build and publish
on:
push:
tags:
- "*" # Running this workflow for any tag
jobs:
build-and-publish-tag:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected] # Checking out the repo
- name: Build and publish Docker image tagged according to a git-tag
uses: VaultVulp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide only Docker image name
extract-git-tag: true # Provide flag to extract Docker image tag from git referencename: Build and publish
on: push
jobs:
build-and-publish-context:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected] # Checking out the repo
- name: Build and publish Docker image from a different context
uses: VaultVulp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
build-context: ./dev # Provide path to the folder with a Dockerfilename: Build and publish
on: push
jobs:
pull-and-build-and-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected] # Checking out the repo
- name: Pull, build and publish Docker image
uses: VaultVulp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
pull-image: true # Provide the flag to pull imageNB, additional-image-tags will not replace image-tag argument - additional tags will be appended to the list. If no image-tag was specified, then image will be tagged with the latest tag.
image-name: my-cool-service
image-tags: first
additional-image-tags: second thirdAction will produce one image with three tags:
my-cool-service:firstmy-cool-service:secondmy-cool-service:third
In this case action will use the default latest tag.
image-name: my-cool-service
additional-image-tags: second thirdAction will produce one image with three tags:
my-cool-service:latestmy-cool-service:secondmy-cool-service:third
name: Build and publish
on: push
jobs:
build-with-multiple-tags:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected] # Checking out the repo
- name: Build and publish Docker image with multiple tags
uses: VaultVulp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
image-tags: first # if ommitted will be replaced with "latest"
additional-image-tags: second third # two additional tags for an imageIt's possible to leverage custom-args to build images for different architectures.
custom-args: --platform=linux/arm64 # target architecturecustom-args: --platform=linux/arm64,linux/amd64 # multiple target architecturesname: Build and publish
on: push
jobs:
cross-platform-builds:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected] # Checking out the repo
- name: Build and publish Docker image for ARM64 and AMD64 architectures at the same time
uses: VaultVulp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
custom-args: --platform=linux/arm64,linux/amd64 # specify target architectures via the `custom-args` agrumentNB, additional arguments should be passed with the = sign istead of a (space) between argument name and values.
Correct example:
custom-args: --build-arg=some="value"
# ^ this "=" is mandatoryIncorrect example:
custom-args: --build-arg some="value"
# ^ this space might break the actionname: Build and publish
on: push
jobs:
build-with-custom-args:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected] # Checking out the repo
- name: Build and publish Docker image with arbitrary --build-arg(s)
uses: VaultVulp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
custom-args: --build-arg=some="value" --build-arg=some_other="value" # Pass some additional arguments to the docker build commandVaultVulp/test-gp-docker-action
You will encounter the following log message in your GitHub Actions Pipelines:
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Login Succeeded
I would like to ensure you, that I do not store your secrets, passwords, token, or any other information.
This warning informs you about the fact, that this Action passes your GitHub token via the command line argument:
docker login -u publisher -p ${DOCKER_TOKEN} ghcr.ioIn a non-safe environment, this could raise a security issue, but this is not the case. We are passing a temporary authorization token, which will expire once the pipeline is completed. It would also require additional code to extract this token from the environment or docker internals, that this Action does not have.
This is the detailed explanation about the ${{ secrets.GITHUB_TOKEN }} and it's relations with the GCR.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent