mr-smithers-excellent / docker-build-push Goto Github PK
View Code? Open in Web Editor NEWDocker Build & Push GitHub Action
License: MIT License
Docker Build & Push GitHub Action
License: MIT License
Docker tags should be lowercase only to support naming convention in Kubernetes namespaces and enable smooth CI/CD.
The plugin works well for branch builds and tags but it doesn't support pull requests so it's hard to know if changes once applied to a branch will work.
You can see the limitation here:
https://github.com/mr-smithers-excellent/docker-build-push/blob/master/src/docker.js#L42:L46
During a PR there is a GITHUB_REF
which has the value refs/pull/:prNumber/merge
.
That can be used to create a tag: pr-:prNumber-:sha
.
Thoughts?
I would like to use a slack action to notify my team about the new versions and for that, I need access to the image tag. Is there a way to get access to it?
- id: image_tag
uses: mr-smithers-excellent/docker-build-push@v2
with:
image: myimage/myimagename
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Slack Notification
if: always()
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
text: 'myimage/myimagename:${{ steps.image_tag.outputs.tag }}'
icon_url: ':shipit:'
username: 'CI Bot'
channel: '#build'
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
All commands in action should be relative to working-directory
unless absolute path is specified for dockerfile
or directory
.
repo
|_ ...
|_ apps
|_ app1
|_ Dockerfile
|_ ...
|_ app2
|_ Dockerfile
|_ ...
env:
BASE_DIR: "apps/app1"
...
- name: Docker build, tag, and push image
uses: mr-smithers-excellent/docker-build-push@v3
with:
image: app1
dockerfile: ${{ env.BASE_DIR }}/Dockerfile
directory: ${{ env.BASE_DIR }}
env:
BASE_DIR: "apps/app1"
...
- name: Docker build, tag, and push image
uses: mr-smithers-excellent/docker-build-push@v3
with:
image: app1
working-directory: ${{ env.BASE_DIR }}
The ECR login command is causing an error on Windows platform runners, resulting in the following message:
##[error]Command failed: $(aws ecr get-login --region us-east-1 --no-include-email)
'$' is not recognized as an internal or external command,
operable program or batch file.
Logic will need to be added to handle this login command via PowerShell.
Would be great to support multiple tags.
When release new version we always push two tags:
Thanks for creating this action!
I would like to pass not one, but multiple build arguments to the docker build step.
I am guessing you'd have to make some changes here, to pass in additional arguments to this function, but not sure I dare try doing this myself. WDYT?
It would be great if this action could support Github Packages docker registry.
It seems Github Actions provides a GITHUB_TOKEN
secret that has write access to the packages docker registry. It's unclear how this integrates with docker login
, etc. Given that this is a github action, it would be great to provide support for github's own registry out of the box.
Hello there
I want to do an experiment to use azure container registry service, but when I read the readme.md, it's not upon the list
of supported registries, refrence : https://github.com/mr-smithers-excellent/docker-build-push#docker-build--push-action.
So, I still can use this Action workflow to deploy my codes to the azure container registry?
Thank you
Hi
I try to push an image to my private dockerhub calls "nihilpro/repo" but get a error:
Requested access to the resource is denied
`# Build and push docker image
- name: Build and push docker image
uses: mr-smithers-excellent/docker-build-push@v5
with:
image: nihilpro/repo
registry: docker.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}`
But if i try to login from my machine with this credentials everything is ok.
Rather than providing a list of tag names, would it be possible to include & exclude certain git refs / tags using a regex?
The AWS CLI command invoked to authenticate with an ECR repo that is used in linux execution environments has been deprecated:
Error: Command failed: $(aws ecr get-login --region us-east-1 --no-include-email)
The updated command is the same one that is currently being used for windows execution environments as seen here
Updating the command for Linux execution environments to match the windows one should resolve the issue.
The algorithm to determine the docker tag for a git branch currently is:
// If we're not building a tag, use branch-prefix-{GIT_SHORT_SHA) as the Docker tag
// refs/heads/jira-123/feature/something
const branchName = ref.replace('refs/heads/', '');
const branchPrefix = branchName.includes('/') ? branchName.substring(0, branchName.indexOf('/')) : branchName;
dockerTag = `${branchPrefix}-${shortSha}`;
So given the example of git branches with a feature
prefix, all branches will get very similar docker tags. Wouldn't it be more useful to use a more specific part of the branch name? Or to e.g. replace slashes with dashes?
The newest release seems to have broken the ability to build tag based on latest release version - my script hasn't changed but now it fails to build the tag for the docker container.
CURRENT OUTPUT:
Run mr-smithers-excellent/docker-build-push@master
with:
image: props
registry: ***.dkr.ecr.us-east-2.amazonaws.com
dockerfile: Dockerfile
env:
AWS_DEFAULT_REGION: us-east-2
AWS_REGION: us-east-2
AWS_ACCESS_KEY_ID: ***
AWS_SECRET_ACCESS_KEY: ***
Docker image name created: .dkr.ecr.us-east-2.amazonaws.com/props
Logging into ECR region us-east-2...
WARNING! Using - the CLI is insecure. Use --password-stdin.
Building Docker image: ***.dkr.ecr.us-east-2.amazonaws.com/props:
PREVIOUS OUTPUT:
Run mr-smithers-excellent/docker-build-push@master
with:
image: props
registry: ***.dkr.ecr.us-east-2.amazonaws.com
dockerfile: Dockerfile
env:
AWS_DEFAULT_REGION: us-east-2
AWS_REGION: us-east-2
AWS_ACCESS_KEY_ID: ***
AWS_SECRET_ACCESS_KEY: ***
Creating Docker image tag...
Docker tag created: v3.2.0
Docker image name created: ***.dkr.ecr.us-east-2.amazonaws.com/props:v3.2.0
Logging into ECR region us-east-2...
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Building Docker image: ***.dkr.ecr.us-east-2.amazonaws.com/props:v3.2.0
First, thanks for maintaining this excellent package! Its much easier to configure than docker/build-push-action@v2
and I was able to make a ton of progress in a short amount of time with it.
That said, I can't seem to get this to work for my project. I think it has something to do with the repo belonging to my personal account. I don't want to publish to a github organizations registry. Is that possible with this action?
Heres the full log for reference:
Run mr-smithers-excellent/docker-build-push@v5
Docker image name created: ghcr.io/marksalpeter/golang-microservice-boilerplate
Logging into Docker registry ghcr.io...
WARNING! Your password will be stored unencrypted in /home/runner/.docker/config.json.
Building Docker image: ghcr.io/marksalpeter/golang-microservice-boilerplate:v0.3.6
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Sending build context to Docker daemon 152.6kB
Step 1/9 : FROM golang as builder
latest: Pulling from library/golang
0ecb575e629c: Already exists
7467d1831b69: Already exists
feab2c490a3c: Already exists
f15a0f46f8c3: Already exists
1517911a35d7: Pulling fs layer
8e11185b0368: Pulling fs layer
f496c6a12b74: Pulling fs layer
f496c6a12b74: Verifying Checksum
f496c6a12b74: Download complete
1517911a35d7: Verifying Checksum
1517911a35d7: Download complete
8e11185b0368: Verifying Checksum
8e11185b0368: Download complete
1517911a35d7: Pull complete
8e11185b0368: Pull complete
f496c6a12b74: Pull complete
Digest: sha256:f3f90f4d30866c1bdae90012b506bd5e557ce27ccd2510ed30a011c44c1affc8
Status: Downloaded newer image for golang:latest
---> 861b1afd1d13
Step 2/9 : ENV CGO_ENABLED=0
---> Running in 78b3d69cbcbf
Removing intermediate container 78b3d69cbcbf
---> 3b76f4c036e2
Step 3/9 : COPY . /server
---> 7ae9670ff586
Step 4/9 : RUN cd /server && go build -o server -v .
---> Running in 004fcf040e9b
net
net/textproto
crypto/x509
vendor/golang.org/x/net/http/httpguts
vendor/golang.org/x/net/http/httpproxy
mime/multipart
crypto/tls
net/http/httptrace
net/http
github.com/marksalpeter/golang-microservice-boilerplate
Removing intermediate container 004fcf040e9b
---> 7b1ca21276f2
Step 5/9 : FROM alpine:latest
latest: Pulling from library/alpine
ba3557a56b15: Pulling fs layer
ba3557a56b15: Verifying Checksum
ba3557a56b15: Download complete
ba3557a56b15: Pull complete
Digest: sha256:a75afd8b57e7f34e4dad8d65e2c7ba2e1975c795ce1ee22fa34f8cf46f96a3be
Status: Downloaded newer image for alpine:latest
---> 28f6e2705743
Step 6/9 : WORKDIR /opt
---> Running in ff4369ba4c96
Removing intermediate container ff4369ba4c96
---> 7df2c593aafa
Step 7/9 : COPY --from=builder /server/server /opt
---> 57b754a52e5c
Step 8/9 : ENTRYPOINT /opt/server
---> Running in 9f4b6385ceb1
Removing intermediate container 9f4b6385ceb1
---> 7da86c8638eb
Step 9/9 : EXPOSE 8080
---> Running in a72b94d6f885
Removing intermediate container a72b94d6f885
---> fa749470f28d
Successfully built fa749470f28d
Successfully tagged ghcr.io/marksalpeter/golang-microservice-boilerplate:v0.3.6
Pushing Docker image ghcr.io/marksalpeter/golang-microservice-boilerplate:v0.3.6
The push refers to repository [ghcr.io/marksalpeter/golang-microservice-boilerplate]
c346c899f7e6: Preparing
cb381a32b229: Preparing
denied: installation not allowed to Create organization package, existing permissions: map[actions:write checks:write contents:write deployments:write issues:write metadata:read packages:write pull_requests:write repository_projects:write sarifs:write security_events:write statuses:write]
Error: Command failed: docker push ghcr.io/marksalpeter/golang-microservice-boilerplate:v0.3.6
every time ci cd push occurs to docker i have docker images with new random tags ....as per commit sha i want to disable those random tags and want to push with just one tags always
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build-java:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Build and Push Docker Image
uses: mr-smithers-excellent/docker-build-push@v4
with:
image:
tags: v1, latest
registry: docker.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
GitHub Actions workflow now accepts IAM role to interact with AWS with OpenID Connect. I'm replacing my AWS_ACCESS_KEY_ID
with IAM role to make my workflow more secure.
Currently docker-build-push
action only accepts AWS_ACCESS_KEY_ID
for authentication, so I'm glad if I can use it with IAM role.
https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
Hello I wanna use a variable in tag
Something like this
- uses: mr-smithers-excellent/docker-build-push@v3
name: Build & push Docker image
with:
image: myimage
tag: latest-$VERSION
registry: rg.nl-ams.scw.cloud/myapp
dockerfile: Dockerfile
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
env:
VERSION: ${{ secrets.VERSION }}
It doesn't work why ?
The latest version of Flux CD requires a timestamp to be suffixed to Docker images for automated deployments. Add an optional input for including a timestamp to Docker image tags.
Thanks fo this package, nice to find one that works with Windows, the others seem to be linux bound.
Issue: when the first build & push happens all is OK, on subsequent builds it fails with:
Successfully built 7ac415707073
Successfully tagged :dev-9aea4e2
Pushing Docker image docker.io/ :dev-9aea4e2
The push refers to repository [docker.io/ ]
93a37fc3c4af: Preparing
c046cedd46c1: Preparing
65963877bc32: Preparing
d03deee11d2e: Preparing
f686442af91b: Preparing
4601355fed1f: Preparing
065c56dd8815: Preparing
a8862db1c285: Preparing
3492c6ad7ce2: Preparing
4601355fed1f: Waiting
065c56dd8815: Waiting
a8862db1c285: Waiting
3492c6ad7ce2: Waiting
denied: requested access to the resource is denied
##[error]Command failed: docker push docker.io/:dev-9aea4e2
The workflow is:
name: Docker Image CI
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: windows-2019
steps:
- uses: actions/checkout@v1
name: Check out code
# - uses: actions/checkout@v2
# - name: Build image from archive
# run: docker build <docker build command here... all works fine>
# - name: Run build-tools build command
- uses: mr-smithers-excellent/docker-build-push@v3
name: Build & push Docker image
with:
image:<docker image name>
registry: docker.io
dockerfile: bundle/Dockerfile
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
buildArgs: <pass some build args all works fine>
Any help appreciated.
Every time I run this action the build doesn't utilise the build cache, resulting in a large build time for the relative amount of change made to the docker file.
Does this action support any form of caching, or can I utilise the actions/cache
action to persist the build cache?
Even Dockerfile is there in my root directory still showing error
Repo Url :- https://github.com/rsarkar29/action
Getting below error
Run mr-smithers-excellent/docker-build-push@v4
Creating Docker image tag...
Docker tag created: master-f8f99b8
Docker image name created: docker.io/***/drupal:master-f8f99b8
Logging into Docker registry docker.io...
WARNING! Your password will be stored unencrypted in /home/runner/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /home/runner/work/action/action/Dockerfile: no such file or directory
##[error]Dockerfile does not exist in location Dockerfile
Building Docker image: docker.io//drupal:master-f8f99b8
##[error]Command failed: docker build -f Dockerfile -t docker.io//drupal:master-f8f99b8 .
Add option to push to insecure registry
I tried using the GITHUB_RUN_NUMBER for the tag, but it just took it as a raw string.
I added a step to echo it, and it printed the number fine in the logs.
I see that the inputs to this action do not support build args that can be passed during the docker image build stage. Am I missing something here? If not, would it be possible to include support for it?
Hi,
I really like the auto generation of tags based on ref. But it would be nice if there was an option to also add a "latest" tag.
eg:
uses: mr-smithers-excellent/docker-build-push@v5
with:
image: docker-hub-repo/image-name
registry: docker.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
addLatest: true
Trigger | Commit SHA | Docker Tag |
---|---|---|
/refs/tags/v1.0 | N/A | v1.0,latest |
/refs/heads/dev | 1234567 | dev-1234567,latest |
/refs/heads/master | 1234567 | master-1234567,latest |
/refs/heads/SOME-feature | 1234567 | some-feature-1234567,latest |
Hello,
ist there a way to specify the "--target"?
https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage
Example:
docker build -t gcr.io/test-api-platform/php:latest api --target api_platform_php
Can you built that option in your action?
https://docs.docker.com/engine/reference/commandline/build/#options
How do I add the registry auth method?
Creating Docker image tag...
Docker tag created: dev-9b5f85d
Docker image name created: theykk.com/cubeta/repo/repo:dev-9b5f85d
Logging into Docker registry theykk.com/cubeta...
Error response from daemon: Get https://theykk.com/v2/: unauthorized: authentication required
Error: Command failed: docker login -u *** --password-stdin theykk.com/cubeta
Error response from daemon: Get https://theykk.com/v2/: unauthorized: authentication required
Is there a method of caching layers created during the building of a Dockerfile so that the workflow doesn't start from the start all the time (for some builds it takes more than an hour at a time)? Any recommendations?
GitHub Action setOutput
function should contain a name and value. Currently the value is being incorrectly set as the name with a null value.
Hi I received an error when i tried to build image.
I have 3 .net core project in visual studio.
Here's my project hierarchy.
-root
-- apptest
-- testProject
-- APIProject
I'd like to build container an image using apptest project only.
Here's part of my github action.
i've already build and published my project on previous Job.
Build-And-Pubh-Docker-Iamge:
runs-on: windows-latest
needs: [CI]
name: Docker Build and Push
steps:
- uses: actions/checkout@v2
- name: Download a Build Artifact
uses: actions/download-artifact@v2
with:
name: webpack artifact
path: publish
- name: Docker push
uses: mr-smithers-excellent/docker-build-push@v3
with:
directory: publish
dockerfile: ./publish/Dockerfile
image: testapp/apptest
registry: docker.pkg.github.com
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
I received the following error.
denied: No matching package_file with sha256 "xxxxxx" found in repository "myorg/testapp".
What should i do? Thanks.
Apparently AWS deprecated the get-login command:
Error: Command failed: $(aws ecr get-login --region eu-central-1 --no-include-email)
Is it possible to add an option for changing the PATH used in the Docker build command?
As far I can see it is now only possible to achieve something like this:
docker build -f otherPath/Dockerfile -t image:latest .
What I would like to achieve is this:
docker build -f otherPath/Dockerfile -t image:latest otherPath
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.