diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3452d5b..ed78c32 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,11 +11,53 @@ on:
jobs:
git-context:
runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- buildx-version:
- - latest
+ services:
+ registry:
+ image: registry:2
+ ports:
+ - 5000:5000
+ steps:
+ -
+ name: Checkout
+ uses: actions/checkout@v2.3.2
+ -
+ name: Set up QEMU
+ uses: docker/setup-qemu-action@v1
+ with:
+ platforms: all
+ -
+ name: Set up Docker Buildx
+ id: buildx
+ uses: docker/setup-buildx-action@v1
+ with:
+ version: latest
+ driver-opts: network=host
+ -
+ name: Build and push
+ id: docker_build
+ uses: ./
+ with:
+ file: ./test/Dockerfile
+ builder: ${{ steps.buildx.outputs.name }}
+ platforms: linux/amd64,linux/arm64
+ push: true
+ tags: |
+ localhost:5000/name/app:latest
+ localhost:5000/name/app:1.0.0
+ -
+ name: Inspect
+ run: |
+ docker buildx imagetools inspect localhost:5000/name/app:1.0.0
+ -
+ name: Image digest
+ run: echo ${{ steps.docker_build.outputs.digest }}
+ -
+ name: Dump context
+ if: always()
+ uses: crazy-max/ghaction-dump-context@v1
+
+ git-context-secret:
+ runs-on: ubuntu-latest
services:
registry:
image: registry:2
diff --git a/README.md b/README.md
index 85b0f1b..b7a683f 100644
--- a/README.md
+++ b/README.md
@@ -45,10 +45,7 @@ build-secrets, remote cache, etc. and different builder deployment/namespacing o
The default behavior of this action is to use the [Git context invoked by your workflow](https://github.com/docker/build-push-action/blob/master/src/context.ts#L35).
-
- Show workflow
-
- ```yaml
+```yaml
name: ci
on:
@@ -81,11 +78,11 @@ jobs:
-
name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- ```
-
+```
-If you use this action in a private repository, you have to pass the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
-as a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
+Building from current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
+as provided by `secrets` so it does not need to be passed. But if you want to authenticate against another private
+repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
```yaml
-
@@ -96,7 +93,7 @@ as a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with bu
push: true
tags: user/app:latest
secrets: |
- GIT_AUTH_TOKEN=${{ github.token }}
+ GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}
```
> :warning: Subdir for Git context is [not yet supported](https://github.com/docker/build-push-action/issues/120).
@@ -106,140 +103,128 @@ as a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with bu
You can also use the `PATH` context alongside the [`actions/checkout`](https://github.com/actions/checkout/) action.
-
- Show workflow
-
- ```yaml
- name: ci
+```yaml
+name: ci
- on:
- push:
- branches: master
+on:
+ push:
+ branches: master
- jobs:
- path-context:
- runs-on: ubuntu-latest
- steps:
- -
- name: Checkout
- uses: actions/checkout@v2
- -
- name: Set up QEMU
- uses: docker/setup-qemu-action@v1
- -
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v1
- -
- name: Login to DockerHub
- uses: docker/login-action@v1
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
- -
- name: Build and push
- uses: docker/build-push-action@v2
- with:
- context: .
- file: ./Dockerfile
- platforms: linux/amd64,linux/arm64,linux/386
- push: true
- tags: user/app:latest
- ```
-
+jobs:
+ path-context:
+ runs-on: ubuntu-latest
+ steps:
+ -
+ name: Checkout
+ uses: actions/checkout@v2
+ -
+ name: Set up QEMU
+ uses: docker/setup-qemu-action@v1
+ -
+ name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
+ -
+ name: Login to DockerHub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+ -
+ name: Build and push
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./Dockerfile
+ platforms: linux/amd64,linux/arm64,linux/386
+ push: true
+ tags: user/app:latest
+```
### Isolated builders
-
- Show workflow
-
- ```yaml
- name: ci
+```yaml
+name: ci
- on:
- push:
- branches: master
+on:
+ push:
+ branches: master
- jobs:
- multi-builders:
- runs-on: ubuntu-latest
- steps:
- -
- uses: docker/setup-buildx-action@v1
- id: builder1
- -
- uses: docker/setup-buildx-action@v1
- id: builder2
- -
- name: Builder 1 name
- run: echo ${{ steps.builder1.outputs.name }}
- -
- name: Builder 2 name
- run: echo ${{ steps.builder2.outputs.name }}
- -
- name: Build against builder1
- uses: docker/build-push-action@v2
- with:
- builder: ${{ steps.builder1.outputs.name }}
- target: mytarget1
- -
- name: Build against builder2
- uses: docker/build-push-action@v2
- with:
- builder: ${{ steps.builder2.outputs.name }}
- target: mytarget2
- ```
-
+jobs:
+ multi-builders:
+ runs-on: ubuntu-latest
+ steps:
+ -
+ uses: docker/setup-buildx-action@v1
+ id: builder1
+ -
+ uses: docker/setup-buildx-action@v1
+ id: builder2
+ -
+ name: Builder 1 name
+ run: echo ${{ steps.builder1.outputs.name }}
+ -
+ name: Builder 2 name
+ run: echo ${{ steps.builder2.outputs.name }}
+ -
+ name: Build against builder1
+ uses: docker/build-push-action@v2
+ with:
+ builder: ${{ steps.builder1.outputs.name }}
+ target: mytarget1
+ -
+ name: Build against builder2
+ uses: docker/build-push-action@v2
+ with:
+ builder: ${{ steps.builder2.outputs.name }}
+ target: mytarget2
+```
### Multi-platform image
-
- Show workflow
-
- ```yaml
- name: ci
+```yaml
+name: ci
- on:
- push:
- branches: master
+on:
+ push:
+ branches: master
- jobs:
- multi:
- runs-on: ubuntu-latest
- steps:
- -
- name: Checkout
- uses: actions/checkout@v2
- -
- name: Set up QEMU
- uses: docker/setup-qemu-action@v1
- -
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v1
- -
- name: Login to DockerHub
- uses: docker/login-action@v1
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
- -
- name: Build and push
- uses: docker/build-push-action@v2
- with:
- context: .
- file: ./Dockerfile
- platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
- push: true
- tags: |
- user/app:latest
- user/app:1.0.0
- ```
-
+jobs:
+ multi:
+ runs-on: ubuntu-latest
+ steps:
+ -
+ name: Checkout
+ uses: actions/checkout@v2
+ -
+ name: Set up QEMU
+ uses: docker/setup-qemu-action@v1
+ -
+ name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
+ -
+ name: Login to DockerHub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+ -
+ name: Build and push
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./Dockerfile
+ platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+ push: true
+ tags: |
+ user/app:latest
+ user/app:1.0.0
+```
## Advanced usage
### Local registry
-For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into.
+For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
Show workflow
@@ -284,7 +269,7 @@ For testing purposes you may need to create a [local registry](https://hub.docke
### Leverage GitHub cache
You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
-using [actions/cache](https://github.com/actions/cache) with this action.
+using [actions/cache](https://github.com/actions/cache) with this action:
Show workflow
@@ -338,15 +323,6 @@ The following workflow with the `Prepare` step will generate some [outputs](http
to handle tags and labels based on GitHub actions events. This is just an example to show many cases that you
might want to use:
-| Event | Ref | Commit SHA | Docker Tag | Pushed |
-|-----------------|-------------------------------|------------|------------------------------------|--------|
-| `schedule` | | | `nightly` | Yes |
-| `pull_request` | `refs/pull/2/merge` | `a123b57` | `pr-2` | No |
-| `push` | `refs/heads/` | `676cae2` | `sha-676cae2`, `edge` | Yes |
-| `push` | `refs/heads/dev` | `cf20257` | `sha-cf20257`, `dev` | Yes |
-| `push` | `refs/heads/my/branch` | `a5df687` | `sha-a5df687`, `my-branch` | Yes |
-| `push tag` | `refs/tags/v1.2.3` | | `v1.2.3`, `v1.2`, `v1`, `latest` | Yes |
-
Show workflow
@@ -434,11 +410,20 @@ might want to use:
```
+| Event | Ref | Commit SHA | Docker Tag | Pushed |
+|-----------------|-------------------------------|------------|------------------------------------|--------|
+| `schedule` | | | `nightly` | Yes |
+| `pull_request` | `refs/pull/2/merge` | `a123b57` | `pr-2` | No |
+| `push` | `refs/heads/` | `676cae2` | `sha-676cae2`, `edge` | Yes |
+| `push` | `refs/heads/dev` | `cf20257` | `sha-cf20257`, `dev` | Yes |
+| `push` | `refs/heads/my/branch` | `a5df687` | `sha-a5df687`, `my-branch` | Yes |
+| `push tag` | `refs/tags/v1.2.3` | | `v1.2.3`, `v1.2`, `v1`, `latest` | Yes |
+
### Update DockerHub repo description
You can update the [Docker Hub repository description](https://docs.docker.com/docker-hub/repos/) using
a third-party action called [Docker Hub Description](https://github.com/peter-evans/dockerhub-description)
-with this action.
+with this action:
Show workflow
diff --git a/action.yml b/action.yml
index 5734fe3..ec7feb8 100644
--- a/action.yml
+++ b/action.yml
@@ -64,6 +64,10 @@ inputs:
secrets:
description: "List of secrets to expose to the build (eg. key=value, GIT_AUTH_TOKEN=mytoken)"
required: false
+ github-token:
+ description: "GitHub Token used to authenticate against a repository for Git context"
+ default: ${{ github.token }}
+ required: false
outputs:
digest:
diff --git a/dist/index.js b/dist/index.js
index 063f93f..3c0c05e 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -7955,6 +7955,12 @@ function convertBody(buffer, headers) {
// html4
if (!res && str) {
res = / __awaiter(this, void 0, void 0, function* () {
args.push('--cache-to', cacheTo);
}));
+ let hasGitAuthToken = false;
yield exports.asyncForEach(inputs.secrets, (secret) => __awaiter(this, void 0, void 0, function* () {
+ if (secret.startsWith('GIT_AUTH_TOKEN=')) {
+ hasGitAuthToken = true;
+ }
args.push('--secret', yield buildx.getSecret(secret));
}));
+ if (inputs.githubToken && !hasGitAuthToken && inputs.context == defaultContext) {
+ args.push('--secret', yield buildx.getSecret(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
+ }
if (inputs.file) {
args.push('--file', inputs.file);
}
diff --git a/src/context.ts b/src/context.ts
index 6977e3f..98eef07 100644
--- a/src/context.ts
+++ b/src/context.ts
@@ -6,7 +6,8 @@ import * as buildx from './buildx';
import * as core from '@actions/core';
import * as github from '@actions/github';
-export const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-'));
+export const tmpDir: string = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-'));
+const defaultContext: string = `https://github.com/${github.context.repo.owner}/${github.context.repo.repo}#${github.context.ref}`;
export interface Inputs {
context: string;
@@ -26,13 +27,12 @@ export interface Inputs {
cacheFrom: string[];
cacheTo: string[];
secrets: string[];
+ githubToken: string;
}
export async function getInputs(): Promise {
return {
- context:
- core.getInput('context') ||
- `https://github.com/${github.context.repo.owner}/${github.context.repo.repo}#${github.context.ref}`,
+ context: core.getInput('context') || defaultContext,
file: core.getInput('file') || 'Dockerfile',
buildArgs: await getInputList('build-args'),
labels: await getInputList('labels'),
@@ -48,7 +48,8 @@ export async function getInputs(): Promise {
outputs: await getInputList('outputs', true),
cacheFrom: await getInputList('cache-from', true),
cacheTo: await getInputList('cache-to', true),
- secrets: await getInputList('secrets', true)
+ secrets: await getInputList('secrets', true),
+ githubToken: core.getInput('github-token')
};
}
@@ -92,9 +93,16 @@ async function getBuildArgs(inputs: Inputs, buildxVersion: string): Promise {
args.push('--cache-to', cacheTo);
});
+ let hasGitAuthToken: boolean = false;
await asyncForEach(inputs.secrets, async secret => {
+ if (secret.startsWith('GIT_AUTH_TOKEN=')) {
+ hasGitAuthToken = true;
+ }
args.push('--secret', await buildx.getSecret(secret));
});
+ if (inputs.githubToken && !hasGitAuthToken && inputs.context == defaultContext) {
+ args.push('--secret', await buildx.getSecret(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
+ }
if (inputs.file) {
args.push('--file', inputs.file);
}