docker
/
build-push-action
mirror of https://github.com/docker/build-push-action.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: docker:master
Branches Tags
docker:master
docker:ci-oci-artifact
docker:dependabot/npm_and_yarn/docker/actions-toolkit-0.63.0
docker:dependabot/npm_and_yarn/tmp-0.2.4
docker:dependabot/npm_and_yarn/undici-5.29.0
docker:dependabot/npm_and_yarn/brace-expansion-1.1.12
docker:releases/v5
docker:releases/v4
docker:releases/v3
docker:releases/v2
docker:releases/v1
docker:v1
docker:v1.0
docker:v1.0.0
docker:v1.0.1
docker:v1.1.0
docker:v1.1.1
docker:v1.1.2
docker:v2
docker:v2.0.0
docker:v2.0.1
docker:v2.1.0
docker:v2.10.0
docker:v2.2.0
docker:v2.2.1
docker:v2.2.2
docker:v2.3.0
docker:v2.4.0
docker:v2.5.0
docker:v2.6.0
docker:v2.6.1
docker:v2.7.0
docker:v2.8.0
docker:v2.9.0
docker:v3
docker:v3.0.0
docker:v3.1.0
docker:v3.1.1
docker:v3.2.0
docker:v3.3.0
docker:v3.3.1
docker:v4
docker:v4.0.0
docker:v4.1.0
docker:v4.1.1
docker:v4.2.0
docker:v4.2.1
docker:v5
docker:v5.0.0
docker:v5.1.0
docker:v5.2.0
docker:v5.3.0
docker:v5.4.0
docker:v6
docker:v6.0.0
docker:v6.0.1
docker:v6.0.2
docker:v6.1.0
docker:v6.10.0
docker:v6.11.0
docker:v6.12.0
docker:v6.13.0
docker:v6.14.0
docker:v6.15.0
docker:v6.16.0
docker:v6.17.0
docker:v6.18.0
docker:v6.2.0
docker:v6.3.0
docker:v6.4.0
docker:v6.4.1
docker:v6.5.0
docker:v6.6.0
docker:v6.6.1
docker:v6.7.0
docker:v6.8.0
docker:v6.9.0
..
compare: docker:v2.2.0
Branches Tags
docker:master
docker:ci-oci-artifact
docker:dependabot/npm_and_yarn/docker/actions-toolkit-0.63.0
docker:dependabot/npm_and_yarn/tmp-0.2.4
docker:dependabot/npm_and_yarn/undici-5.29.0
docker:dependabot/npm_and_yarn/brace-expansion-1.1.12
docker:releases/v5
docker:releases/v4
docker:releases/v3
docker:releases/v2
docker:releases/v1
docker:v1
docker:v1.0
docker:v1.0.0
docker:v1.0.1
docker:v1.1.0
docker:v1.1.1
docker:v1.1.2
docker:v2
docker:v2.0.0
docker:v2.0.1
docker:v2.1.0
docker:v2.10.0
docker:v2.2.0
docker:v2.2.1
docker:v2.2.2
docker:v2.3.0
docker:v2.4.0
docker:v2.5.0
docker:v2.6.0
docker:v2.6.1
docker:v2.7.0
docker:v2.8.0
docker:v2.9.0
docker:v3
docker:v3.0.0
docker:v3.1.0
docker:v3.1.1
docker:v3.2.0
docker:v3.3.0
docker:v3.3.1
docker:v4
docker:v4.0.0
docker:v4.1.0
docker:v4.1.1
docker:v4.2.0
docker:v4.2.1
docker:v5
docker:v5.0.0
docker:v5.1.0
docker:v5.2.0
docker:v5.3.0
docker:v5.4.0
docker:v6
docker:v6.0.0
docker:v6.0.1
docker:v6.0.2
docker:v6.1.0
docker:v6.10.0
docker:v6.11.0
docker:v6.12.0
docker:v6.13.0
docker:v6.14.0
docker:v6.15.0
docker:v6.16.0
docker:v6.17.0
docker:v6.18.0
docker:v6.2.0
docker:v6.3.0
docker:v6.4.0
docker:v6.4.1
docker:v6.5.0
docker:v6.6.0
docker:v6.6.1
docker:v6.7.0
docker:v6.8.0
docker:v6.9.0

No commits in common. 'master' and 'v2.2.0' have entirely different histories.
master ... v2.2.0

82 changed files with 22044 additions and 15968 deletions
Show Stats

13
.dockerignore
Unescape Escape View File

@ -1,12 +1 @@
/coverage
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
node_modules

3
.eslintignore
Unescape Escape View File

@ -1,3 +0,0 @@
/dist/**
/coverage/**
/node_modules/**

24
.eslintrc.json
Unescape Escape View File

@ -1,24 +0,0 @@
{
"env": {
"node": true,
"es6": true,
"jest": true
},
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/eslint-recommended",
"plugin:@typescript-eslint/recommended",
"plugin:jest/recommended",
"plugin:prettier/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 2023,
"sourceType": "module"
},
"plugins": [
"@typescript-eslint",
"jest",
"prettier"
]
}

2
.gitattributes vendored
Unescape Escape View File

@ -1,4 +1,2 @@
/.yarn/releases/** binary
/.yarn/plugins/** binary
/dist/** linguist-generated=true
/lib/** linguist-generated=true

1
.github/CODEOWNERS vendored
Unescape Escape View File

@ -0,0 +1 @@
* @crazy-max

3
.github/CODE_OF_CONDUCT.md vendored
Unescape Escape View File

@ -1,3 +0,0 @@
# Code of conduct
- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)

35
.github/CONTRIBUTING.md vendored
Unescape Escape View File

@ -2,20 +2,33 @@
Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
Contributions to this project are [released](https://docs.github.com/en/github/site-policy/github-terms-of-service#6-contributions-under-repository-license)
to the public under the [project's open source license](LICENSE).
Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE).
## Submitting a pull request
1. [Fork](https://github.com/docker/build-push-action/fork) and clone the repository
2. Configure and install the dependencies: `yarn install`
3. Create a new branch: `git checkout -b my-branch-name`
4. Make your changes
5. Make sure the tests pass: `docker buildx bake test`
6. Format code and build javascript artifacts: `docker buildx bake pre-checkin`
7. Validate all code has correctly formatted and built: `docker buildx bake validate`
8. Push to your fork and [submit a pull request](https://github.com/docker/build-push-action/compare)
9. Pat your self on the back and wait for your pull request to be reviewed and merged.
3. Make sure the tests pass on your machine: `yarn run test`
4. Create a new branch: `git checkout -b my-branch-name`
5. Make your change, add tests, and make sure the tests still pass
6. Run pre-checkin: `yarn run pre-checkin`
7. Push to your fork and [submit a pull request](https://github.com/docker/build-push-action/compare)
8. Pat your self on the back and wait for your pull request to be reviewed and merged.
## Container based developer flow
If you don't want to maintain a Node developer environment that fits this project you can use containerized commands instead of invoking yarn directly.
```
# format code and build javascript artifacts
docker buildx bake pre-checkin
# validate all code has correctly formatted and built
docker buildx bake validate
# run tests
docker buildx bake test
```
Here are a few things you can do that will increase the likelihood of your pull request being accepted:
@ -27,5 +40,5 @@ Here are a few things you can do that will increase the likelihood of your pull
## Resources
- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
- [Using Pull Requests](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests)
- [GitHub Help](https://docs.github.com/en)
- [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
- [GitHub Help](https://help.github.com)

101
.github/ISSUE_TEMPLATE/bug.yml vendored
Unescape Escape View File

@ -1,101 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
name: Bug Report
description: Report a bug
labels:
- status/triage
body:
- type: markdown
attributes:
value: |
Thank you for taking the time to report a bug!
If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
Before submitting a bug report, check out the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md).
- type: checkboxes
attributes:
label: Contributing guidelines
description: >
Make sure you've read the contributing guidelines before proceeding.
options:
- label: I've read the [contributing guidelines](https://github.com/docker/build-push-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
required: true
- type: checkboxes
attributes:
label: "I've found a bug, and:"
description: |
Make sure that your request fulfills all of the following requirements.
If one requirement cannot be satisfied, explain in detail why.
options:
- label: The documentation does not mention anything about my problem
- label: There are no open or closed issues that are related to my problem
- type: textarea
attributes:
label: Description
description: >
Provide a brief description of the bug in 1-2 sentences.
validations:
required: true
- type: textarea
attributes:
label: Expected behaviour
description: >
Describe precisely what you'd expect to happen.
validations:
required: true
- type: textarea
attributes:
label: Actual behaviour
description: >
Describe precisely what is actually happening.
validations:
required: true
- type: input
attributes:
label: Repository URL
description: >
Enter the URL of the repository where you are experiencing the
issue. If your repository is private, provide a link to a minimal
repository that reproduces the issue.
- type: input
attributes:
label: Workflow run URL
description: >
Enter the URL of the GitHub Action workflow run, if public.
- type: textarea
attributes:
label: YAML workflow
description: |
Provide the YAML of the workflow that's causing the issue.
Make sure to remove any sensitive information.
render: yaml
validations:
required: true
- type: textarea
attributes:
label: Workflow logs
description: >
[Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
and make sure to remove any sensitive information.
- type: textarea
attributes:
label: BuildKit logs
description: >
If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
render: text
- type: textarea
attributes:
label: Additional info
description: |
Provide any additional information that could be useful.

37
.github/ISSUE_TEMPLATE/bug_report.md vendored
Unescape Escape View File

@ -0,0 +1,37 @@
---
name: Bug report
about: Create a report to help us improve
---
### Troubleshooting
Before sumbitting a bug report please read the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md).
### Behaviour
#### Steps to reproduce this issue
1.
2.
3.
#### Expected behaviour
> Tell us what should happen
#### Actual behaviour
> Tell us what happens instead
### Configuration
* Repository URL (if public):
* Build URL (if public):
```yml
# paste your YAML workflow file here and remove sensitive data
```
### Logs
> Download the [log file of your build](https://help.github.com/en/actions/configuring-and-managing-workflows/managing-a-workflow-run#downloading-logs) and [attach it](https://help.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.

9
.github/ISSUE_TEMPLATE/config.yml vendored
Unescape Escape View File

@ -1,9 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
blank_issues_enabled: true
contact_links:
- name: Questions and Discussions
url: https://github.com/docker/build-push-action/discussions/new
about: Use Github Discussions to ask questions and/or open discussion topics.
- name: Documentation
url: https://docs.docker.com/build/ci/github-actions/
about: Read the documentation.

15
.github/ISSUE_TEMPLATE/feature.yml vendored
Unescape Escape View File

@ -1,15 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
name: Feature request
description: Missing functionality? Come tell us about it!
labels:
- kind/enhancement
- status/triage
body:
- type: textarea
id: description
attributes:
label: Description
description: What is the feature you want to see?
validations:
required: true

12
.github/SECURITY.md vendored
Unescape Escape View File

@ -1,12 +0,0 @@
# Reporting security issues
The project maintainers take security seriously. If you discover a security
issue, please bring it to their attention right away!
**Please _DO NOT_ file a public issue**, instead send your report privately to
[security@docker.com](mailto:security@docker.com).
Security reports are greatly appreciated, and we will publicly thank you for it.
We also like to send gifts—if you'd like Docker swag, make sure to let
us know. We currently do not offer a paid security bounty program, but are not
ruling it out in the future.

31
.github/SUPPORT.md vendored
Unescape Escape View File

@ -0,0 +1,31 @@
# Support [![](https://isitmaintained.com/badge/resolution/docker/build-push-action.svg)](https://isitmaintained.com/project/docker/build-push-action)
First, [be a good guy](https://github.com/kossnocorp/etiquette/blob/master/README.md).
## Reporting an issue
Please do a search in [open issues](https://github.com/docker/build-push-action/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed.
If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment.
:+1: - upvote
:-1: - downvote
If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
## Writing good bug reports and feature requests
File a single issue per problem and feature request.
* Do not enumerate multiple bugs or feature requests in the same issue.
* Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
You are now ready to [create a new issue](https://github.com/docker/build-push-action/issues/new/choose)!
## Closure policy
* Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
* Issues that go a week without a response from original poster are subject to closure at our discretion.

BIN
.github/build-push-action.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 16 KiB

BIN
.github/build-push-summary.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 81 KiB

9
.github/dependabot.yml vendored
Unescape Escape View File

@ -5,15 +5,14 @@ updates:
schedule:
interval: "daily"
labels:
- "dependencies"
- "bot"
- ":game_die: dependencies"
- ":robot: bot"
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
versioning-strategy: "increase"
allow:
- dependency-type: "production"
labels:
- "dependencies"
- "bot"
- ":game_die: dependencies"
- ":robot: bot"

5
.github/e2e/distribution/env vendored
Unescape Escape View File

@ -1,5 +0,0 @@
REGISTRY_FQDN=localhost:8080
REGISTRY_SLUG=localhost:8080/test-docker-action
DISTRIBUTION_HOST=localhost
DISTRIBUTION_PORT=8080

13
.github/e2e/distribution/install.sh vendored
Unescape Escape View File

@ -1,13 +0,0 @@
#!/usr/bin/env bash
set -eu
: "${DISTRIBUTION_VERSION:=2}"
: "${DISTRIBUTION_HOST:=localhost}"
: "${DISTRIBUTION_PORT:=8080}"
echo "::group::Starting registry:${DISTRIBUTION_VERSION}"
(
set -x
docker run -d --name registry -p "${DISTRIBUTION_PORT}:5000" "registry:${DISTRIBUTION_VERSION}"
)
echo "::endgroup::"

8
.github/e2e/harbor/env vendored
Unescape Escape View File

@ -1,8 +0,0 @@
REGISTRY_FQDN=localhost:8081
REGISTRY_USER=admin
REGISTRY_PASSWORD=Harbor12345
REGISTRY_SLUG=localhost:8081/test-docker-action/test-docker-action
HARBOR_HOST=localhost
HARBOR_PORT=8081
HARBOR_PROJECT=test-docker-action

79
.github/e2e/harbor/install.sh vendored
Unescape Escape View File

@ -1,79 +0,0 @@
#!/usr/bin/env bash
set -eu
: "${HARBOR_VERSION:=v2.7.0}"
: "${HARBOR_HOST:=localhost}"
: "${HARBOR_PORT:=49154}"
: "${REGISTRY_USER:=admin}"
: "${REGISTRY_PASSWORD:=Harbor12345}"
: "${HARBOR_PROJECT:=test-docker-action}"
project_post_data() {
cat <<EOF
{
"project_name": "$HARBOR_PROJECT",
"public": true
}
EOF
}
export TERM=xterm
# download
echo "::group::Downloading Harbor $HARBOR_VERSION"
(
cd /tmp
set -x
wget -q "https://github.com/goharbor/harbor/releases/download/${HARBOR_VERSION}/harbor-offline-installer-${HARBOR_VERSION}.tgz" -O harbor-online-installer.tgz
tar xvf harbor-online-installer.tgz
)
echo "::endgroup::"
# config
echo "::group::Configuring Harbor"
(
cd /tmp/harbor
set -x
cp harbor.yml.tmpl harbor.yml
harborConfig="$(harborHost="$HARBOR_HOST" harborPort="$HARBOR_PORT" harborPwd="$REGISTRY_PASSWORD" yq --no-colors '.hostname = env(harborHost) | .http.port = env(harborPort) | .harbor_admin_password = env(harborPwd) | del(.https)' harbor.yml)"
tee harbor.yml <<<"$harborConfig" >/dev/null
yq --no-colors harbor.yml
)
echo "::endgroup::"
# install and start
echo "::group::Installing Harbor"
(
cd /tmp/harbor
set -x
./install.sh
sleep 10
netstat -aptn
)
echo "::endgroup::"
# compose config
echo "::group::Compose config"
(
cd /tmp/harbor
set -x
docker compose config
)
echo "::endgroup::"
# create project
echo "::group::Creating project"
(
set -x
curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H "Content-Type: application/json" -d "$(project_post_data)" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects"
)
echo "::endgroup::"
# list projects
echo "::group::List projects"
(
set -x
curl --fail -s -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -H "Content-Type: application/json" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects" | jq
)
echo "::endgroup::"

8
.github/e2e/nexus/docker-compose.yml vendored
Unescape Escape View File

@ -1,8 +0,0 @@
services:
nexus:
image: sonatype/nexus3:${NEXUS_VERSION:-latest}
volumes:
- "./data:/nexus-data"
ports:
- "8081:8081"
- "8082:8082"

9
.github/e2e/nexus/env vendored
Unescape Escape View File

@ -1,9 +0,0 @@
REGISTRY_FQDN=localhost:8082
REGISTRY_USER=admin
REGISTRY_PASSWORD=Nexus12345
REGISTRY_SLUG=localhost:8082/test-docker-action
NEXUS_HOST=localhost
NEXUS_PORT=8081
NEXUS_REGISTRY_PORT=8082
NEXUS_REPO=test-docker-action

94
.github/e2e/nexus/install.sh vendored
Unescape Escape View File

@ -1,94 +0,0 @@
#!/usr/bin/env bash
set -eu
SCRIPT_DIR=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
: "${NEXUS_VERSION:=3.47.1}"
: "${NEXUS_HOST:=localhost}"
: "${NEXUS_PORT:=8081}"
: "${NEXUS_REGISTRY_PORT:=8082}"
: "${REGISTRY_USER:=admin}"
: "${REGISTRY_PASSWORD:=Nexus12345}"
: "${NEXUS_REPO:=test-docker-action}"
createrepo_post_data() {
cat <<EOF
{
"name": "${NEXUS_REPO}",
"online": true,
"storage": {
"blobStoreName": "default",
"strictContentTypeValidation": true,
"writePolicy": "ALLOW"
},
"docker": {
"v1Enabled": false,
"forceBasicAuth": true,
"httpPort": ${NEXUS_REGISTRY_PORT},
"httpsPort": null,
"subdomain": null
}
}
EOF
}
export NEXUS_VERSION
mkdir -p /tmp/nexus/data
chown 200:200 /tmp/nexus/data
cp "${SCRIPT_DIR}/docker-compose.yml" /tmp/nexus/docker-compose.yml
echo "::group::Pulling Nexus $NEXUS_VERSION"
(
cd /tmp/nexus
set -x
docker compose pull
)
echo "::endgroup::"
echo "::group::Compose config"
(
cd /tmp/nexus
set -x
docker compose config
)
echo "::endgroup::"
echo "::group::Running Nexus"
(
cd /tmp/nexus
set -x
docker compose up -d
)
echo "::endgroup::"
echo "::group::Running Nexus"
(
cd /tmp/nexus
set -x
docker compose up -d
)
echo "::endgroup::"
echo "::group::Waiting for Nexus to be ready"
until $(curl --output /dev/null --silent --head --fail "http://$NEXUS_HOST:$NEXUS_PORT"); do
printf '.'
sleep 5
done
echo "ready!"
echo "::endgroup::"
echo "::group::Change user's password"
(
set -x
curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$(cat /tmp/nexus/data/admin.password)" -X PUT -H 'Content-Type: text/plain' -d "$REGISTRY_PASSWORD" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/security/users/$REGISTRY_USER/change-password"
)
echo "::endgroup::"
echo "::group::Create Docker repository"
(
set -x
curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H 'Content-Type: application/json' -d "$(createrepo_post_data)" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/repositories/docker/hosted"
)
echo "::endgroup::"

79
.github/labels.yml vendored
Unescape Escape View File

@ -0,0 +1,79 @@
## more info https://github.com/crazy-max/ghaction-github-labeler
- # automerge
name: ":bell: automerge"
color: "8f4fbc"
description: ""
- # bot
name: ":robot: bot"
color: "69cde9"
description: ""
- # bug
name: ":bug: bug"
color: "b60205"
description: ""
- # dependencies
name: ":game_die: dependencies"
color: "0366d6"
description: ""
from_name: "dependencies"
- # documentation
name: ":memo: documentation"
color: "c5def5"
description: ""
- # duplicate
name: ":busts_in_silhouette: duplicate"
color: "cccccc"
description: ""
- # enhancement
name: ":sparkles: enhancement"
color: "0054ca"
description: ""
- # feature request
name: ":bulb: feature request"
color: "0e8a16"
description: ""
- # feedback
name: ":mega: feedback"
color: "03a9f4"
description: ""
- # future maybe
name: ":rocket: future maybe"
color: "fef2c0"
description: ""
- # good first issue
name: ":hatching_chick: good first issue"
color: "7057ff"
description: ""
- # help wanted
name: ":pray: help wanted"
color: "4caf50"
description: ""
- # hold
name: ":hand: hold"
color: "24292f"
description: ""
- # invalid
name: ":no_entry_sign: invalid"
color: "e6e6e6"
description: ""
- # maybe bug
name: ":interrobang: maybe bug"
color: "ff5722"
description: ""
- # needs more info
name: ":thinking: needs more info"
color: "795548"
description: ""
- # question
name: ":question: question"
color: "3f51b5"
description: ""
from_name: "question"
- # upstream
name: ":eyes: upstream"
color: "fbca04"
description: ""
- # wontfix
name: ":coffin: wontfix"
color: "ffffff"
description: ""

134
.github/workflows/.e2e-run.yml vendored
Unescape Escape View File

@ -1,134 +0,0 @@
# reusable workflow
name: .e2e-run
on:
workflow_call:
inputs:
id:
required: false
type: string
type:
required: true
type: string
name:
required: true
type: string
registry:
required: false
type: string
slug:
required: false
type: string
username_secret:
required: false
type: string
password_secret:
required: false
type: string
env:
HARBOR_VERSION: v2.13.2
NEXUS_VERSION: 3.47.1
DISTRIBUTION_VERSION: 3.0.0
jobs:
run:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
-
buildx_version: edge
buildkit_image: moby/buildkit:latest
-
buildx_version: latest
buildkit_image: moby/buildkit:buildx-stable-1
-
buildx_version: https://github.com/docker/buildx.git#master
buildkit_image: moby/buildkit:master
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: Set up env
if: inputs.type == 'local'
run: |
cat ./.github/e2e/${{ inputs.id }}/env >> $GITHUB_ENV
-
name: Set up BuildKit config
run: |
touch /tmp/buildkitd.toml
if [ "${{ inputs.type }}" = "local" ]; then
echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
fi
-
name: Set up Docker daemon
if: inputs.type == 'local'
run: |
if [ ! -e /etc/docker/daemon.json ]; then
echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null
fi
DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
cat /etc/docker/daemon.json
sudo service docker restart
-
name: Install ${{ inputs.name }}
if: inputs.type == 'local'
run: |
sudo -E bash ./.github/e2e/${{ inputs.id }}/install.sh
sudo chown $(id -u):$(id -g) -R ~/.docker
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_SLUG || inputs.slug }}
tags: |
type=ref,event=branch,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
type=ref,event=tag,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
type=raw,gh-runid-${{ github.run_id }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ matrix.buildx_version }}
buildkitd-config: /tmp/buildkitd.toml
buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
driver-opts: |
image=${{ matrix.buildkit_image }}
network=host
-
name: Login to Registry
if: github.event_name != 'pull_request' && (env.REGISTRY_USER || inputs.username_secret) != ''
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
username: ${{ env.REGISTRY_USER || secrets[inputs.username_secret] }}
password: ${{ env.REGISTRY_PASSWORD || secrets[inputs.password_secret] }}
-
name: Build and push
uses: ./
with:
context: ./test
file: ./test/multi.Dockerfile
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || inputs.slug }}:master
cache-to: type=inline
-
name: Inspect image
run: |
docker pull ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
-
name: Check manifest
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'

1594
.github/workflows/ci.yml vendored
View File

File diff suppressed because it is too large Load Diff

116
.github/workflows/e2e.yml vendored
Unescape Escape View File

@ -1,107 +1,83 @@
name: e2e
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
schedule:
- cron: '0 10 * * *'
- cron: '0 10 * * *' # everyday at 10am
push:
branches:
- 'master'
- master
tags:
- 'v*'
- v*
jobs:
build:
uses: ./.github/workflows/.e2e-run.yml
docker:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
-
name: Distribution
id: distribution
type: local
-
name: Docker Hub
registry: ''
slug: ghactionstest/ghactionstest
username_secret: DOCKERHUB_USERNAME
password_secret: DOCKERHUB_TOKEN
type: remote
-
name: GitHub
registry: ghcr.io
slug: ghcr.io/docker-ghactiontest/test
username_secret: GHCR_USERNAME
password_secret: GHCR_PAT
type: remote
-
name: GitLab
registry: registry.gitlab.com
slug: registry.gitlab.com/test1716/test
username_secret: GITLAB_USERNAME
password_secret: GITLAB_TOKEN
type: remote
steps:
-
name: AWS ECR
registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com
slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action
username_secret: AWS_ACCESS_KEY_ID
password_secret: AWS_SECRET_ACCESS_KEY
type: remote
name: Checkout
uses: actions/checkout@v2
-
name: AWS ECR Public
registry: public.ecr.aws
slug: public.ecr.aws/q3b5f1u4/test-docker-action
username_secret: AWS_ACCESS_KEY_ID
password_secret: AWS_SECRET_ACCESS_KEY
type: remote
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ${{ matrix.slug }}
-
name: Google Artifact Registry
registry: us-east4-docker.pkg.dev
slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action
username_secret: GAR_USERNAME
password_secret: GAR_JSON_KEY
type: remote
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Azure Container Registry
registry: officialgithubactions.azurecr.io
slug: officialgithubactions.azurecr.io/test-docker-action
username_secret: AZURE_CLIENT_ID
password_secret: AZURE_CLIENT_SECRET
type: remote
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Quay
registry: quay.io
slug: quay.io/docker_build_team/ghactiontest
username_secret: QUAY_USERNAME
password_secret: QUAY_TOKEN
type: remote
name: Login to Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ${{ matrix.registry }}
username: ${{ secrets[matrix.username_secret] }}
password: ${{ secrets[matrix.password_secret] }}
-
name: Artifactory
registry: infradock.jfrog.io
slug: infradock.jfrog.io/test-ghaction/build-push-action
username_secret: ARTIFACTORY_USERNAME
password_secret: ARTIFACTORY_TOKEN
type: remote
name: Build and push
uses: ./
with:
context: ./test
file: ./test/Dockerfile-multi
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
-
name: Harbor
id: harbor
type: local
name: Inspect image
if: github.event_name != 'pull_request'
run: |
docker pull ${{ matrix.slug }}:${{ steps.docker_meta.outputs.version }}
docker image inspect ${{ matrix.slug }}:${{ steps.docker_meta.outputs.version }}
-
name: Nexus
id: nexus
type: local
with:
id: ${{ matrix.id }}
type: ${{ matrix.type }}
name: ${{ matrix.name }}
registry: ${{ matrix.registry }}
slug: ${{ matrix.slug }}
username_secret: ${{ matrix.username_secret }}
password_secret: ${{ matrix.password_secret }}
secrets: inherit
name: Check manifest
if: github.event_name != 'pull_request'
run: |
docker buildx imagetools inspect ${{ matrix.slug }}:${{ steps.docker_meta.outputs.version }}
-
name: Dump context
if: always()
uses: crazy-max/ghaction-dump-context@v1

71
.github/workflows/example.yml vendored
Unescape Escape View File

@ -0,0 +1,71 @@
# This workflow is provided just as an usage example and not for repo testing/verification
name: example
on:
schedule:
- cron: '0 10 * * 0' # everyday sunday at 10am
push:
branches:
- '**'
tags:
- 'v*.*.*'
pull_request:
env:
DOCKER_IMAGE: localhost:5000/name/app
jobs:
docker:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ${{ env.DOCKER_IMAGE }} # list of Docker images to use as base name for tags
tag-sha: true # add git short SHA as Docker tag
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
driver-opts: network=host
-
name: Build and export to Docker client
uses: ./
with:
context: ./test
file: ./test/Dockerfile
load: true
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
-
name: Build and push to local registry
uses: ./
with:
context: ./test
file: ./test/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
-
name: Inspect image
run: |
docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
-
name: Check manifest
if: github.event_name != 'pull_request'
run: |
docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
-
name: Dump context
if: always()
uses: crazy-max/ghaction-dump-context@v1

20
.github/workflows/labels.yml vendored
Unescape Escape View File

@ -0,0 +1,20 @@
name: labels
on:
push:
branches:
- 'master'
paths:
- '.github/labels.yml'
- '.github/workflows/labels.yml'
jobs:
labeler:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Run Labeler
uses: crazy-max/ghaction-github-labeler@v3

17
.github/workflows/pr-assign-author.yml vendored
Unescape Escape View File

@ -1,17 +0,0 @@
name: pr-assign-author
permissions:
contents: read
on:
pull_request_target:
types:
- opened
- reopened
jobs:
run:
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
permissions:
contents: read
pull-requests: write

21
.github/workflows/publish.yml vendored
Unescape Escape View File

@ -1,21 +0,0 @@
name: publish
on:
release:
types:
- published
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: Publish
uses: actions/publish-immutable-action@v0.0.4

37
.github/workflows/test.yml vendored
Unescape Escape View File

@ -1,32 +1,43 @@
name: test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- 'master'
- 'releases/v*'
- master
pull_request:
branches:
- master
jobs:
test-containerized:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Validate
run: docker buildx bake validate
-
name: Test
run: docker buildx bake test
test:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v2
-
name: Install
run: yarn install
-
name: Test
uses: docker/bake-action@v6
with:
source: .
targets: test
run: yarn run test
-
name: Upload coverage
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@v1
if: success()
with:
files: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }}
file: ./coverage/clover.xml

43
.github/workflows/validate.yml vendored
Unescape Escape View File

@ -1,43 +0,0 @@
name: validate
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- 'master'
- 'releases/v*'
pull_request:
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.generate.outputs.targets }}
steps:
-
name: Checkout
uses: actions/checkout@v5
-
name: List targets
id: generate
uses: docker/bake-action/subaction/list-targets@v6
with:
target: validate
validate:
runs-on: ubuntu-latest
needs:
- prepare
strategy:
fail-fast: false
matrix:
target: ${{ fromJson(needs.prepare.outputs.targets) }}
steps:
-
name: Validate
uses: docker/bake-action@v6
with:
targets: ${{ matrix.target }}

72
.gitignore vendored
Unescape Escape View File

@ -1,5 +1,11 @@
# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
node_modules
lib
# Jetbrains
/.idea
/*.iml
# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs
logs
*.log
@ -7,7 +13,6 @@ npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@ -18,14 +23,34 @@ pids
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# TypeScript v1 declaration files
typings/
# TypeScript cache
*.tsbuildinfo
@ -35,19 +60,36 @@ jspm_packages/
# Optional eslint cache
.eslintcache
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variable files
# dotenv environment variables file
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
.env.test
# parcel-bundler cache (https://parceljs.org/)
.cache
# next.js build output
.next
# nuxt.js build output
.nuxt
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/

6
.prettierignore
Unescape Escape View File

@ -1,6 +0,0 @@
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/

2
.prettierrc.json
Unescape Escape View File

@ -1,5 +1,5 @@
{
"printWidth": 240,
"printWidth": 120,
"tabWidth": 2,
"useTabs": false,
"semi": true,

541
.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs vendored
View File

File diff suppressed because one or more lines are too long

13
.yarnrc.yml
Unescape Escape View File

@ -1,13 +0,0 @@
logFilters:
- code: YN0013
level: discard
- code: YN0019
level: discard
- code: YN0076
level: discard
nodeLinker: node-modules
plugins:
- path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
spec: "@yarnpkg/plugin-interactive-tools"

52
Dockerfile
Unescape Escape View File

@ -0,0 +1,52 @@
#syntax=docker/dockerfile:1.1-experimental
FROM node:12 AS deps
WORKDIR /src
COPY package.json yarn.lock ./
RUN --mount=type=cache,target=/usr/local/share/.cache/yarn \
yarn install
FROM scratch AS update-yarn
COPY --from=deps /src/yarn.lock /
FROM deps AS validate-yarn
COPY .git .git
RUN status=$(git status --porcelain -- yarn.lock); if [ -n "$status" ]; then echo $status; exit 1; fi
FROM deps AS base
COPY . .
FROM base AS build
RUN yarn build
FROM deps AS test
COPY --from=docker /usr/local/bin/docker /usr/bin/
ARG TARGETOS
ARG TARGETARCH
ARG BUILDX_VERSION=v0.4.2
ENV RUNNER_TEMP=/tmp/github_runner
ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
RUN mkdir -p /usr/local/lib/docker/cli-plugins && \
curl -fsSL https://github.com/docker/buildx/releases/download/$BUILDX_VERSION/buildx-$BUILDX_VERSION.$TARGETOS-$TARGETARCH > /usr/local/lib/docker/cli-plugins/docker-buildx && \
chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx && \
docker buildx version
COPY . .
RUN yarn run test
FROM base AS run-format
RUN yarn run format
FROM scratch AS format
COPY --from=run-format /src/src/*.ts /src/
FROM base AS validate-format
RUN yarn run format-check
FROM scratch AS dist
COPY --from=build /src/dist/ /dist/
FROM build AS validate-build
RUN status=$(git status --porcelain -- dist); if [ -n "$status" ]; then echo $status; exit 1; fi
FROM base AS dev
ENTRYPOINT ["bash"]

713
README.md
Unescape Escape View File

@ -1,15 +1,28 @@
[![GitHub release](https://img.shields.io/github/release/docker/build-push-action.svg?style=flat-square)](https://github.com/docker/build-push-action/releases/latest)
[![GitHub marketplace](https://img.shields.io/badge/marketplace-build--and--push--docker--images-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/build-and-push-docker-images)
[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=ci)
[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
[![CI workflow](https://img.shields.io/github/workflow/status/docker/build-push-action/ci?label=ci&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=ci)
[![Test workflow](https://img.shields.io/github/workflow/status/docker/build-push-action/test?label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
[![Codecov](https://img.shields.io/codecov/c/github/docker/build-push-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/build-push-action)
## Upgrade from v1
`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It
works with 3 new actions ([login](https://github.com/docker/login-action), [setup-buildx](https://github.com/docker/setup-buildx-action)
and [setup-qemu](https://github.com/docker/setup-qemu-action)) that we have created. It's also rewritten as a
[typescript-action](https://github.com/actions/typescript-action/) to be as closed as possible of the
[GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
[Upgrade notes](UPGRADE.md) and many [usage examples](#usage) have been added to handle most use cases but `v1` is
still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
## About
GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx)
with full support of the features provided by [Moby BuildKit](https://github.com/moby/buildkit)
builder toolkit. This includes multi-platform build, secrets, remote cache, etc.
and different builder deployment/namespacing options.
GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx).
> :bulb: See also:
> * [login](https://github.com/docker/login-action) action
> * [setup-buildx](https://github.com/docker/setup-buildx-action) action
> * [setup-qemu](https://github.com/docker/setup-qemu-action) action
![Screenshot](.github/build-push-action.png)
@ -18,198 +31,566 @@ ___
* [Usage](#usage)
* [Git context](#git-context)
* [Path context](#path-context)
* [Examples](#examples)
* [Summaries](#summaries)
* [Isolated builders](#isolated-builders)
* [Multi-platform image](#multi-platform-image)
* [Advanced usage](#advanced-usage)
* [Push to multi-registries](#push-to-multi-registries)
* [Cache to registry](#push-to-multi-registries)
* [Local registry](#local-registry)
* [Export image to Docker](#export-image-to-docker)
* [Leverage GitHub cache](#leverage-github-cache)
* [Handle tags and labels](#handle-tags-and-labels)
* [Update DockerHub repo description](#update-dockerhub-repo-description)
* [Customizing](#customizing)
* [inputs](#inputs)
* [outputs](#outputs)
* [environment variables](#environment-variables)
* [Notes](#notes)
* [Multi-line secret value](#multi-line-secret-value)
* [Troubleshooting](#troubleshooting)
* [Contributing](#contributing)
* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
* [Limitation](#limitation)
## Usage
In the examples below we are also using 3 other actions:
* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will
create and boot a builder using by default the [`docker-container` driver](https://docs.docker.com/build/building/drivers/docker-container/).
This is **not required but recommended** using it to be able to build
multi-platform images, export cache, etc.
* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be
useful if you want to add emulation support with QEMU to be able to build
against more platforms.
* [`login`](https://github.com/docker/login-action) action will take care to
log in against a Docker registry.
This action uses our [setup-buildx](https://github.com/docker/setup-buildx-action) action that extends the
`docker build` command named [buildx](https://github.com/docker/buildx) with the full support of the features
provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-arch build,
build-secrets, remote cache, etc. and different builder deployment/namespacing options.
### Git context
By default, this action uses the [Git context](https://docs.docker.com/engine/reference/commandline/build/#git-repositories),
so you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
action to check out the repository as this will be done directly by [BuildKit](https://github.com/moby/buildkit).
The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
The default behavior of this action is to use the [Git context invoked](https://github.com/docker/build-push-action/blob/master/src/context.ts#L31-L35)
by your workflow.
```yaml
name: ci
on:
push:
branches: master
jobs:
docker:
main:
runs-on: ubuntu-latest
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
tags: user/app:latest
build-args: |
arg1=value1
arg2=value2
-
name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
```
Building from current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
as provided by `secrets` so it does not need to be passed. But if you want to authenticate against another private
repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
```yaml
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
tags: user/app:latest
secrets: |
GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}
```
> :warning: Subdir for Git context is [not yet supported](https://github.com/docker/build-push-action/issues/120).
> For the moment you can use the [path context](#path-context).
> More info: https://docs.docker.com/engine/reference/commandline/build/#git-repositories
### Path context
You can also use the `PATH` context alongside the [`actions/checkout`](https://github.com/actions/checkout/) action.
```yaml
name: ci
on:
push:
branches: master
jobs:
path-context:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/386
push: true
tags: user/app:latest
```
Be careful because **any file mutation in the steps that precede the build step
will be ignored, including processing of the `.dockerignore` file** since
the context is based on the Git reference. However, you can use the
[Path context](#path-context) using the [`context` input](#inputs) alongside
the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
this restriction.
### Isolated builders
```yaml
name: ci
on:
push:
branches: master
jobs:
multi-builders:
runs-on: ubuntu-latest
steps:
-
uses: docker/setup-buildx-action@v1
id: builder1
-
uses: docker/setup-buildx-action@v1
id: builder2
-
name: Builder 1 name
run: echo ${{ steps.builder1.outputs.name }}
-
name: Builder 2 name
run: echo ${{ steps.builder2.outputs.name }}
-
name: Build against builder1
uses: docker/build-push-action@v2
with:
builder: ${{ steps.builder1.outputs.name }}
target: mytarget1
-
name: Build against builder2
uses: docker/build-push-action@v2
with:
builder: ${{ steps.builder2.outputs.name }}
target: mytarget2
```
### Multi-platform image
```yaml
name: ci
on:
push:
branches: master
jobs:
multi:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: true
tags: |
user/app:latest
user/app:1.0.0
```
## Advanced usage
### Push to multi-registries
Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
to the default Git context:
The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub)
and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the
image to these registries.
<details>
<summary><b>Show workflow</b></summary>
```yaml
name: ci
on:
push:
branches: master
jobs:
multi-registries:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
-
name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v2
with:
context: "{{defaultContext}}:mysubdir"
context: .
file: ./Dockerfile
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: true
tags: user/app:latest
tags: |
user/app:latest
user/app:1.0.0
ghcr.io/user/app:latest
ghcr.io/user/app:1.0.0
```
</details>
### Cache to registry
You can import/export cache from a cache manifest or (special) image configuration on the registry.
Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
so it does not need to be passed. If you want to authenticate against another
private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets)
named `GIT_AUTH_TOKEN` to be able to authenticate against it with Buildx:
<details>
<summary><b>Show workflow</b></summary>
```yaml
name: ci
on:
push:
branches: master
jobs:
registry-cache:
runs-on: ubuntu-latest
steps:
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v2
with:
push: true
tags: user/app:latest
secrets: |
GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}
cache-from: type=registry,ref=user/app:latest
cache-to: type=inline
```
</details>
### Path context
### Local registry
For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
<details>
<summary><b>Show workflow</b></summary>
```yaml
name: ci
on:
push:
branches: master
jobs:
docker:
local-registry:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
driver-opts: network=host
-
name: Build and push to local registry
uses: docker/build-push-action@v2
with:
push: true
tags: localhost:5000/name/app:latest
-
name: Inspect
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest
```
</details>
### Export image to Docker
You may want your build result to be available in the Docker client through `docker images` to be able to use it
in another step of your workflow:
<details>
<summary><b>Show workflow</b></summary>
```yaml
name: ci
on:
push:
branches: master
jobs:
export-docker:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Build
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
load: true
tags: myimage:latest
-
name: Inspect
run: |
docker image inspect myimage:latest
```
</details>
### Leverage GitHub cache
You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
using [actions/cache](https://github.com/actions/cache) with this action:
<details>
<summary><b>Show workflow</b></summary>
```yaml
name: ci
on:
push:
branches: master
jobs:
github-cache:
runs-on: ubuntu-latest
steps:
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
-
name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
push: true
tags: user/app:latest
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
```
</details>
> If you want to [export layers for all stages](https://github.com/docker/buildx#--cache-tonametypetypekeyvalue),
> you have to specify `mode=max` attribute in `cache-to`.
### Handle tags and labels
If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
for labels, you can do it in a dedicated step. The following workflow will use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta)
to handle tags and labels based on GitHub actions events and Git metadata.
<details>
<summary><b>Show workflow</b></summary>
```yaml
name: ci
on:
schedule:
- cron: '0 10 * * *' # everyday at 10am
push:
branches:
- '**'
tags:
- 'v*.*.*'
pull_request:
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: name/app # list of Docker images to use as base name for tags
tag-sha: true # add git short SHA as Docker tag
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v6
id: docker_build
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: user/app:latest
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/386
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
```
</details>
## Examples
* [Multi-platform image](https://docs.docker.com/build/ci/github-actions/multi-platform/)
* [Secrets](https://docs.docker.com/build/ci/github-actions/secrets/)
* [Push to multi-registries](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)
* [Manage tags and labels](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)
* [Cache management](https://docs.docker.com/build/ci/github-actions/cache/)
* [Export to Docker](https://docs.docker.com/build/ci/github-actions/export-docker/)
* [Test before push](https://docs.docker.com/build/ci/github-actions/test-before-push/)
* [Validating build configuration](https://docs.docker.com/build/ci/github-actions/checks/)
* [Local registry](https://docs.docker.com/build/ci/github-actions/local-registry/)
* [Share built image between jobs](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)
* [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
* [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
* [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
* [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/)
* [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/)
* [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/)
## Summaries
This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)
that provides a detailed overview of the build execution. The summary shows an
overview of all the steps executed during the build, including the build inputs
and eventual errors.
![build-push-action job summary](./.github/build-push-summary.png)
The summary also includes a link for downloading the build record with
additional details about the build, including build stats, logs, outputs, and
more. The build record can be imported to Docker Desktop for inspecting the
build in greater detail.
> [!WARNING]
>
> If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)
> action in your workflow, you need to ignore the build record artifacts
> if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),
> otherwise the action will fail:
> ```yaml
> - uses: actions/download-artifact@v4
> with:
> pattern: "!*.dockerbuild"
> ```
> More info: https://github.com/actions/toolkit/pull/1874
### Update DockerHub repo description
You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
a third-party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description)
with this action:
<details>
<summary><b>Show workflow</b></summary>
```yaml
name: ci
Summaries are enabled by default, but can be disabled with the
`DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
on:
push:
branches: master
For more information about summaries, refer to the
[documentation](https://docs.docker.com/go/build-summary/).
jobs:
main:
runs-on: ubuntu-latest
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
push: true
tags: user/app:latest
-
name: Update repo description
uses: peter-evans/dockerhub-description@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: user/app
```
</details>
## Customizing
### inputs
The following inputs can be used as `step.with` keys:
Following inputs can be used as `step.with` keys
> `List` type is a newline-delimited string
> ```yaml
@ -224,66 +605,84 @@ The following inputs can be used as `step.with` keys:
> ```
| Name | Type | Description |
|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) |
| `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) |
| `annotations` | List | List of annotation to set to the image |
| `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) |
|---------------------|----------|------------------------------------|
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `build-args` | List | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg) |
| `build-contexts` | List | List of additional [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., `name=path`) |
| `cache-from` | List | List of [external cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from) (e.g., `type=local,src=path/to/dir`) |
| `cache-to` | List | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`) |
| `call` | String | Set [method for evaluating build](https://docs.docker.com/reference/cli/docker/buildx/build/#call) (e.g., `check`) |
| `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build |
| `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
| `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) |
| `file` | String | Path to the Dockerfile (default `./Dockerfile`) |
| `build-args` | List | List of build-time variables |
| `labels` | List | List of metadata for an image |
| `load` | Bool | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`) |
| `network` | String | Set the networking mode for the `RUN` instructions during build |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `no-cache-filters` | List/CSV | Do not cache specified stages |
| `outputs` | List | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`) |
| `platforms` | List/CSV | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build |
| `provenance` | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`) |
| `pull` | Bool | Always attempt to pull all referenced images (default `false`) |
| `push` | Bool | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`) |
| `sbom` | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`) |
| `secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
| `secret-envs` | List/CSV | List of [secret env vars](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=envname`, `MY_SECRET=MY_ENV_VAR`) |
| `secret-files` | List | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
| `shm-size` | String | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`) |
| `ssh` | List | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build |
| `tags` | List/CSV | List of tags |
| `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) |
| `target` | String | Sets the target stage to build |
| `ulimit` | List | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`) |
| `github-token` | String | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) |
| `allow` | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx#--allowentitlement) (eg. `network.host,security.insecure`) |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `platforms` | List/CSV | List of [target platforms](https://github.com/docker/buildx#---platformvaluevalue) for build |
| `load` | Bool | [Load](https://github.com/docker/buildx#--load) is a shorthand for `--output=type=docker` (default `false`) |
| `push` | Bool | [Push](https://github.com/docker/buildx#--push) is a shorthand for `--output=type=registry` (default `false`) |
| `outputs` | List | List of [output destinations](https://github.com/docker/buildx#-o---outputpath-typetypekeyvalue) (format: `type=local,dest=path`) |
| `cache-from` | List | List of [external cache sources](https://github.com/docker/buildx#--cache-fromnametypetypekeyvalue) (eg. `type=local,src=path/to/dir`) |
| `cache-to` | List | List of [cache export destinations](https://github.com/docker/buildx#--cache-tonametypetypekeyvalue) (eg. `type=local,dest=path/to/dir`) |
| `secrets` | List | List of secrets to expose to the build (eg. `key=value`, `GIT_AUTH_TOKEN=mytoken`) |
| `ssh` | List | List of SSH agent socket or keys to expose to the build |
### outputs
The following outputs are available:
Following outputs are available
| Name | Type | Description |
|------------|---------|-----------------------|
| `imageid` | String | Image ID |
| `digest` | String | Image digest |
| `metadata` | JSON | Build result metadata |
|---------------|---------|---------------------------------------|
| `digest` | String | Image content-addressable identifier also called a digest |
## Notes
### Multi-line secret value
To handle multi-line value for a secret, you will need to place the key-value pair between quotes:
```yaml
secrets: |
"MYSECRET=${{ secrets.GPG_KEY }}"
GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
"MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc"
FOO=bar
"EMPTYLINE=aaaa
bbbb
ccc"
```
### environment variables
| Key | Value |
|--------------------|--------------------------------------------------|
| `MYSECRET` | `***********************` |
| `GIT_AUTH_TOKEN` | `abcdefghi,jklmno=0123456789` |
| `MYSECRET` | `aaaaaaaa\nbbbbbbb\nccccccccc` |
| `FOO` | `bar` |
| `EMPTYLINE` | `aaaa\n\nbbbb\nccc` |
| Name | Type | Default | Description |
|--------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `DOCKER_BUILD_CHECKS_ANNOTATIONS` | Bool | `true` | If `false`, GitHub annotations are not generated for [build checks](https://docs.docker.com/build/checks/) |
| `DOCKER_BUILD_SUMMARY` | Bool | `true` | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled |
| `DOCKER_BUILD_RECORD_UPLOAD` | Bool | `true` | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled |
| `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number | | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
| `DOCKER_BUILD_EXPORT_LEGACY` | Bool | `false` | If `true`, exports build using legacy export-build tool instead of [`buildx history export` command](https://docs.docker.com/reference/cli/docker/buildx/history/export/) |
> Note: all quote signs need to be doubled for escaping.
## Troubleshooting
See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)
## Contributing
## Keep up-to-date with GitHub Dependabot
Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
```yaml
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
```
## Limitation
Want to contribute? Awesome! You can find information about contributing to
this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
This action is only available for Linux [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources).

211
TROUBLESHOOTING.md
Unescape Escape View File

@ -1,9 +1,112 @@
# Troubleshooting
* [`auto-push is currently not implemented for docker driver`](#auto-push-is-currently-not-implemented-for-docker-driver)
* [Cannot push to a registry](#cannot-push-to-a-registry)
* [BuildKit container logs](#buildkit-container-logs)
* [With containerd](#with-containerd)
* [`repository name must be lowercase`](#repository-name-must-be-lowercase)
## `auto-push is currently not implemented for docker driver`
If you're using the default builder (which uses the docker driver) without using our `setup-buildx-action`, you may
encounter this error message if you try to push your image:
```
Run docker/build-push-action@v2
📣 Buildx version: 0.4.2
🏃 Starting build...
/usr/bin/docker buildx build --tag localhost:5000/name/app:latest --iidfile /tmp/docker-build-push-eYl8PB/iidfile --file ./test/Dockerfile --push ./test
auto-push is currently not implemented for docker driver
Error: buildx call failed with: auto-push is currently not implemented for docker driver
```
While waiting for an implementation to be done on buildx/buildkit, you have the following possibilities
to solve this atm:
### With `docker-container` driver and `setup-buildx`
> Recommended solution
```yaml
jobs:
build:
-
name: Checkout
uses: actions/checkout@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.USER }}
password: ${{ secrets.PASSWORD }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
tags: ${{ env.REGISTRY }}/myapp:latest
push: true
```
### With `docker` driver
```yaml
jobs:
build:
-
name: Checkout
uses: actions/checkout@v2
-
name: Login
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.USER }}
password: ${{ secrets.PASSWORD }}
-
name: Build
uses: docker/build-push-action@v2
with:
context: .
tags: ${{ env.REGISTRY }}/myapp:latest
load: true
-
name: Push
run: docker push ${{ env.REGISTRY }}/myapp:latest
```
### With `docker` driver and `setup-buildx`
```yaml
jobs:
build:
-
name: Checkout
uses: actions/checkout@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
driver: docker
-
name: Login
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.USER }}
password: ${{ secrets.PASSWORD }}
-
name: Build
uses: docker/build-push-action@v2
with:
context: .
tags: ${{ env.REGISTRY }}/myapp:latest
load: true
-
name: Push
run: docker push ${{ env.REGISTRY }}/myapp:latest
```
## Cannot push to a registry
@ -15,22 +118,23 @@ While pushing to a registry, you may encounter these kinds of issues:
* `failed commit on ref "manifest-sha256:...": unexpected status: 401 Unauthorized`
* `unexpected response: 401 Unauthorized`
These issues are not directly related to this action but are rather linked to
[Buildx](https://github.com/docker/buildx), [BuildKit](https://github.com/moby/buildkit),
[containerd](https://github.com/containerd/containerd) or the registry on which
you're pushing your image. The quality of error message depends on the registry
and are usually not very informative.
### BuildKit container logs
These issues are not directly related to this action but are rather linked to [buildx](https://github.com/docker/buildx),
[buildkit](https://github.com/moby/buildkit), [containerd](https://github.com/containerd/containerd) or the registry
on which you're pushing your image. The quality of error message depends on the registry and are usually not very informative.
To help you solve this, you have to [enable debugging in the setup-buildx](https://github.com/docker/setup-buildx-action#buildkit-container-logs)
action step and attach BuildKit container logs to your issue.
To help you solve this, you should first enable debugging in the
[setup-buildx action step](https://github.com/docker/setup-buildx-action):
### With containerd
```yaml
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
buildkitd-flags: --debug
```
Next you can test pushing with [containerd action](https://github.com/crazy-max/ghaction-setup-containerd)
using the following workflow. If it works then open an issue on [BuildKit](https://github.com/moby/buildkit)
repository.
Next you can test pushing with [containerd action](https://github.com/crazy-max/ghaction-setup-containerd) using the
following workflow. If it works then open an issue on [buildkit](https://github.com/moby/buildkit) repository.
```yaml
name: containerd
@ -44,24 +148,25 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v2
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v1
with:
buildkitd-flags: --debug
-
name: Set up containerd
uses: crazy-max/ghaction-setup-containerd@v2
uses: crazy-max/ghaction-setup-containerd@v1
-
name: Build Docker image
uses: docker/build-push-action@v6
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/amd64,linux/arm64
file: ./Dockerfile
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
tags: docker.io/user/app:latest
outputs: type=oci,dest=/tmp/image.tar
-
@ -73,65 +178,3 @@ jobs:
run: |
sudo ctr --debug i push --user "${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}" docker.io/user/app:latest
```
## `repository name must be lowercase`
You may encounter this issue if you're using `github.repository` as a repo slug
in your tag:
```
#6 exporting to image
#6 exporting layers
#6 exporting layers 1.2s done
#6 exporting manifest sha256:b47f7dfb97b89ccd5de553af3c8cd94c4795884cbe5693e93946b1d95a7b1d12 0.0s done
#6 exporting config sha256:995e93fab8196893192f08a38deea6769dc4d98f86cf705eccc24ec96a3e271c 0.0s done
#6 ERROR: invalid reference format: repository name must be lowercase
------
> exporting to image:
------
error: failed to solve: invalid reference format: repository name must be lowercase
```
or a cache reference:
```
#10 importing cache manifest from ghcr.io/My-Org/repo:main
#10 ERROR: invalid reference format: repository name must be lowercase
```
To fix this issue you can use our [metadata action](https://github.com/docker/metadata-action)
to generate sanitized tags:
```yaml
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ github.repository }}
tags: latest
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
```
Or a dedicated step to sanitize the slug:
```yaml
- name: Sanitize repo slug
uses: actions/github-script@v6
id: repo_slug
with:
result-encoding: string
script: return 'ghcr.io/${{ github.repository }}'.toLowerCase()
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.repo_slug.outputs.result }}:latest
```

149
UPGRADE.md
Unescape Escape View File

@ -0,0 +1,149 @@
# Upgrade notes
## v1 to v2
* Input `path` is now called `context` for consistency with other Docker build tools
* `path` defaults to current git repository so checkout action is not required in a workflow
* Rename `dockerfile` input to `file` for consistency with other Docker build tools
* Rename `always_pull` input to `pull` for consistency with other Docker build tools
* Add `builder` input to be able to choose a builder instance through our [setup-buildx action](https://github.com/docker/setup-buildx-action)
* Add [`platforms`](https://github.com/docker/buildx#---platformvaluevalue) input to support multi-platform builds
* Add [`allow`](https://github.com/docker/buildx#--allowentitlement) input
* Add [`load`](https://github.com/docker/buildx#--load) input
* Add [`outputs`](https://github.com/docker/buildx#-o---outputpath-typetypekeyvalue) input
* Add [`cache-from`](https://github.com/docker/buildx#--cache-fromnametypetypekeyvalue) input (`cache_froms` removed)
* Add [`cache-to`](https://github.com/docker/buildx#--cache-tonametypetypekeyvalue) input
* Rename `build_args` input to `build-args` for consistency with other Docker build tools
* Add `secrets` input
* Review `tags` input
* Remove `repository` input. See [Simple workflow](#simple-workflow) for migration
* Remove `username`, `password` and `registry` inputs. Login support moved to [docker/login-action](https://github.com/docker/login-action) repo
* Remove `tag_with_sha`, `tag_with_ref`, `add_git_labels` inputs. See [Tags with ref and Git labels](#tags-with-ref-and-git-labels) for migration
* Handle Git context
* Add `digest` output
### Simple workflow
```yaml
# v1
steps:
-
name: Checkout code
uses: actions/checkout@v2
-
name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
always_pull: true
build_args: arg1=value1,arg2=value2
cache_froms: myorg/myrepository:latest
tags: latest
```
```yaml
# v2
steps:
-
name: Checkout code
uses: actions/checkout@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
pull: true
push: true
build-args: |
arg1=value1
arg2=value2
cache-from: type=registry,ref=myorg/myrepository:latest
cache-to: type=inline
tags: myorg/myrepository:latest
```
### Tags with ref and Git labels
```yaml
# v1
steps:
-
name: Checkout code
uses: actions/checkout@v2
-
name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
push: ${{ github.event_name != 'pull_request' }}
tag_with_ref: true
tag_with_sha: true
add_git_labels: true
```
```yaml
# v2
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Prepare
id: prep
run: |
DOCKER_IMAGE=myorg/myrepository
VERSION=edge
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
elif [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.number }}
fi
TAGS="${DOCKER_IMAGE}:${VERSION}"
if [ "${{ github.event_name }}" = "push" ]; then
TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
fi
echo ::set-output name=version::${VERSION}
echo ::set-output name=tags::${TAGS}
echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prep.outputs.tags }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
```
> You can also use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta) to handle tags and
> labels based on GitHub actions events and Git metadata. A workflow example is available in the [README](README.md#handle-tags-and-labels).

207
__mocks__/@actions/github.ts
Unescape Escape View File

@ -1,207 +0,0 @@
import {jest} from '@jest/globals';
export const context = {
repo: {
owner: 'docker',
repo: 'build-push-action'
},
ref: 'refs/heads/master',
runId: 123456789,
payload: {
after: '860c1904a1ce19322e91ac35af1ab07466440c37',
base_ref: null,
before: '5f3331d7f7044c18ca9f12c77d961c4d7cf3276a',
commits: [
{
author: {
email: 'crazy-max@users.noreply.github.com',
name: 'CrazyMax',
username: 'crazy-max'
},
committer: {
email: 'crazy-max@users.noreply.github.com',
name: 'CrazyMax',
username: 'crazy-max'
},
distinct: true,
id: '860c1904a1ce19322e91ac35af1ab07466440c37',
message: 'hello dev',
timestamp: '2022-04-19T11:27:24+02:00',
tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
}
],
compare: 'https://github.com/docker/test-docker-action/compare/5f3331d7f704...860c1904a1ce',
created: false,
deleted: false,
forced: false,
head_commit: {
author: {
email: 'crazy-max@users.noreply.github.com',
name: 'CrazyMax',
username: 'crazy-max'
},
committer: {
email: 'crazy-max@users.noreply.github.com',
name: 'CrazyMax',
username: 'crazy-max'
},
distinct: true,
id: '860c1904a1ce19322e91ac35af1ab07466440c37',
message: 'hello dev',
timestamp: '2022-04-19T11:27:24+02:00',
tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
},
organization: {
avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
description: 'Docker helps developers bring their ideas to life by conquering the complexity of app development.',
events_url: 'https://api.github.com/orgs/docker/events',
hooks_url: 'https://api.github.com/orgs/docker/hooks',
id: 5429470,
issues_url: 'https://api.github.com/orgs/docker/issues',
login: 'docker',
members_url: 'https://api.github.com/orgs/docker/members{/member}',
node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
public_members_url: 'https://api.github.com/orgs/docker/public_members{/member}',
repos_url: 'https://api.github.com/orgs/docker/repos',
url: 'https://api.github.com/orgs/docker'
},
pusher: {
email: 'github@crazymax.dev',
name: 'crazy-max'
},
ref: 'refs/heads/dev',
repository: {
allow_forking: true,
archive_url: 'https://api.github.com/repos/docker/test-docker-action/{archive_format}{/ref}',
archived: false,
assignees_url: 'https://api.github.com/repos/docker/test-docker-action/assignees{/user}',
blobs_url: 'https://api.github.com/repos/docker/test-docker-action/git/blobs{/sha}',
branches_url: 'https://api.github.com/repos/docker/test-docker-action/branches{/branch}',
clone_url: 'https://github.com/docker/test-docker-action.git',
collaborators_url: 'https://api.github.com/repos/docker/test-docker-action/collaborators{/collaborator}',
comments_url: 'https://api.github.com/repos/docker/test-docker-action/comments{/number}',
commits_url: 'https://api.github.com/repos/docker/test-docker-action/commits{/sha}',
compare_url: 'https://api.github.com/repos/docker/test-docker-action/compare/{base}...{head}',
contents_url: 'https://api.github.com/repos/docker/test-docker-action/contents/{+path}',
contributors_url: 'https://api.github.com/repos/docker/test-docker-action/contributors',
created_at: 1596792180,
default_branch: 'master',
deployments_url: 'https://api.github.com/repos/docker/test-docker-action/deployments',
description: 'Test "Docker" Actions',
disabled: false,
downloads_url: 'https://api.github.com/repos/docker/test-docker-action/downloads',
events_url: 'https://api.github.com/repos/docker/test-docker-action/events',
fork: false,
forks: 1,
forks_count: 1,
forks_url: 'https://api.github.com/repos/docker/test-docker-action/forks',
full_name: 'docker/test-docker-action',
git_commits_url: 'https://api.github.com/repos/docker/test-docker-action/git/commits{/sha}',
git_refs_url: 'https://api.github.com/repos/docker/test-docker-action/git/refs{/sha}',
git_tags_url: 'https://api.github.com/repos/docker/test-docker-action/git/tags{/sha}',
git_url: 'git://github.com/docker/test-docker-action.git',
has_downloads: true,
has_issues: true,
has_pages: false,
has_projects: true,
has_wiki: true,
homepage: '',
hooks_url: 'https://api.github.com/repos/docker/test-docker-action/hooks',
html_url: 'https://github.com/docker/test-docker-action',
id: 285789493,
is_template: false,
issue_comment_url: 'https://api.github.com/repos/docker/test-docker-action/issues/comments{/number}',
issue_events_url: 'https://api.github.com/repos/docker/test-docker-action/issues/events{/number}',
issues_url: 'https://api.github.com/repos/docker/test-docker-action/issues{/number}',
keys_url: 'https://api.github.com/repos/docker/test-docker-action/keys{/key_id}',
labels_url: 'https://api.github.com/repos/docker/test-docker-action/labels{/name}',
language: 'JavaScript',
languages_url: 'https://api.github.com/repos/docker/test-docker-action/languages',
license: {
key: 'mit',
name: 'MIT License',
node_id: 'MDc6TGljZW5zZTEz',
spdx_id: 'MIT',
url: 'https://api.github.com/licenses/mit'
},
master_branch: 'master',
merges_url: 'https://api.github.com/repos/docker/test-docker-action/merges',
milestones_url: 'https://api.github.com/repos/docker/test-docker-action/milestones{/number}',
mirror_url: null,
name: 'test-docker-action',
node_id: 'MDEwOlJlcG9zaXRvcnkyODU3ODk0OTM=',
notifications_url: 'https://api.github.com/repos/docker/test-docker-action/notifications{?since,all,participating}',
open_issues: 6,
open_issues_count: 6,
organization: 'docker',
owner: {
avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
email: 'info@docker.com',
events_url: 'https://api.github.com/users/docker/events{/privacy}',
followers_url: 'https://api.github.com/users/docker/followers',
following_url: 'https://api.github.com/users/docker/following{/other_user}',
gists_url: 'https://api.github.com/users/docker/gists{/gist_id}',
gravatar_id: '',
html_url: 'https://github.com/docker',
id: 5429470,
login: 'docker',
name: 'docker',
node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
organizations_url: 'https://api.github.com/users/docker/orgs',
received_events_url: 'https://api.github.com/users/docker/received_events',
repos_url: 'https://api.github.com/users/docker/repos',
site_admin: false,
starred_url: 'https://api.github.com/users/docker/starred{/owner}{/repo}',
subscriptions_url: 'https://api.github.com/users/docker/subscriptions',
type: 'Organization',
url: 'https://api.github.com/users/docker'
},
private: true,
pulls_url: 'https://api.github.com/repos/docker/test-docker-action/pulls{/number}',
pushed_at: 1650360446,
releases_url: 'https://api.github.com/repos/docker/test-docker-action/releases{/id}',
size: 796,
ssh_url: 'git@github.com:docker/test-docker-action.git',
stargazers: 0,
stargazers_count: 0,
stargazers_url: 'https://api.github.com/repos/docker/test-docker-action/stargazers',
statuses_url: 'https://api.github.com/repos/docker/test-docker-action/statuses/{sha}',
subscribers_url: 'https://api.github.com/repos/docker/test-docker-action/subscribers',
subscription_url: 'https://api.github.com/repos/docker/test-docker-action/subscription',
svn_url: 'https://github.com/docker/test-docker-action',
tags_url: 'https://api.github.com/repos/docker/test-docker-action/tags',
teams_url: 'https://api.github.com/repos/docker/test-docker-action/teams',
topics: [],
trees_url: 'https://api.github.com/repos/docker/test-docker-action/git/trees{/sha}',
updated_at: '2022-04-19T09:05:09Z',
url: 'https://github.com/docker/test-docker-action',
visibility: 'private',
watchers: 0,
watchers_count: 0
},
sender: {
avatar_url: 'https://avatars.githubusercontent.com/u/1951866?v=4',
events_url: 'https://api.github.com/users/crazy-max/events{/privacy}',
followers_url: 'https://api.github.com/users/crazy-max/followers',
following_url: 'https://api.github.com/users/crazy-max/following{/other_user}',
gists_url: 'https://api.github.com/users/crazy-max/gists{/gist_id}',
gravatar_id: '',
html_url: 'https://github.com/crazy-max',
id: 1951866,
login: 'crazy-max',
node_id: 'MDQ6VXNlcjE5NTE4NjY=',
organizations_url: 'https://api.github.com/users/crazy-max/orgs',
received_events_url: 'https://api.github.com/users/crazy-max/received_events',
repos_url: 'https://api.github.com/users/crazy-max/repos',
site_admin: false,
starred_url: 'https://api.github.com/users/crazy-max/starred{/owner}{/repo}',
subscriptions_url: 'https://api.github.com/users/crazy-max/subscriptions',
type: 'User',
url: 'https://api.github.com/users/crazy-max'
}
}
};
export const getOctokit = jest.fn();

141
__tests__/buildx.test.ts
Unescape Escape View File

@ -0,0 +1,141 @@
import * as fs from 'fs';
import * as path from 'path';
import * as semver from 'semver';
import * as buildx from '../src/buildx';
import * as context from '../src/context';
import * as docker from '../src/docker';
const tmpNameSync = path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
const digest = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
const tmpDir = path.join('/tmp/.docker-build-push-jest').split(path.sep).join(path.posix.sep);
if (!fs.existsSync(tmpDir)) {
fs.mkdirSync(tmpDir, {recursive: true});
}
return tmpDir;
});
jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
return tmpNameSync;
});
describe('getImageID', () => {
it('matches', async () => {
const imageIDFile = await buildx.getImageIDFile();
console.log(`imageIDFile: ${imageIDFile}`);
await fs.writeFileSync(imageIDFile, digest);
const imageID = await buildx.getImageID();
console.log(`imageID: ${imageID}`);
expect(imageID).toEqual(digest);
});
});
describe('isLocalOrTarExporter', () => {
// prettier-ignore
test.each([
[
[
'type=registry,ref=user/app',
],
false
],
[
[
'type=docker',
],
false
],
[
[
'type=local,dest=./release-out'
],
true
],
[
[
'type=tar,dest=/tmp/image.tar'
],
true
],
[
[
'type=docker',
'type=tar,dest=/tmp/image.tar'
],
true
],
[
[
'"type=tar","dest=/tmp/image.tar"'
],
true
],
[
[
'" type= local" , dest=./release-out'
],
true
],
[
[
'.'
],
true
],
])(
'given %p returns %p',
async (outputs: Array<string>, expected: boolean) => {
expect(buildx.isLocalOrTarExporter(outputs)).toEqual(expected);
}
);
});
describe('getVersion', () => {
async function isDaemonRunning() {
return await docker.isDaemonRunning();
}
(isDaemonRunning() ? it : it.skip)(
'valid',
async () => {
const version = await buildx.getVersion();
console.log(`version: ${version}`);
expect(semver.valid(version)).not.toBeNull();
},
100000
);
});
describe('parseVersion', () => {
test.each([
['github.com/docker/buildx 0.4.1+azure bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
['github.com/docker/buildx v0.4.1 bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
['github.com/docker/buildx v0.4.2 fb7b670b764764dc4716df3eba07ffdae4cc47b2', '0.4.2']
])('given %p', async (stdout, expected) => {
expect(await buildx.parseVersion(stdout)).toEqual(expected);
});
});
describe('getSecret', () => {
test.each([
['A_SECRET=abcdef0123456789', 'A_SECRET', 'abcdef0123456789', false],
['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789', false],
['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==', false],
['aaaaaaaa', '', '', true],
['aaaaaaaa=', '', '', true],
['=bbbbbbb', '', '', true]
])('given %p key and %p secret', async (kvp, key, secret, invalid) => {
try {
const secretArgs = await buildx.getSecret(kvp);
expect(true).toBe(!invalid);
console.log(`secretArgs: ${secretArgs}`);
expect(secretArgs).toEqual(`id=${key},src=${tmpNameSync}`);
const secretContent = await fs.readFileSync(tmpNameSync, 'utf-8');
console.log(`secretValue: ${secretContent}`);
expect(secretContent).toEqual(secret);
} catch (err) {
expect(true).toBe(invalid);
}
});
});

1079
__tests__/context.test.ts
View File

File diff suppressed because it is too large Load Diff

362
__tests__/fixtures/github-repo.json
Unescape Escape View File

@ -1,362 +0,0 @@
{
"id": 1296269,
"node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
"name": "Hello-World",
"full_name": "octocat/Hello-World",
"owner": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"private": false,
"html_url": "https://github.com/octocat/Hello-World",
"description": "This your first repo!",
"fork": false,
"url": "https://api.github.com/repos/octocat/Hello-World",
"archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
"assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
"blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
"branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
"collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
"comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
"commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
"compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
"contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
"contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
"deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
"downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
"events_url": "http://api.github.com/repos/octocat/Hello-World/events",
"forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
"git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
"git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
"git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
"git_url": "git:github.com/octocat/Hello-World.git",
"issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
"issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
"issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
"keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
"labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
"languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
"merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
"milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
"notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
"pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
"releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
"ssh_url": "git@github.com:octocat/Hello-World.git",
"stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
"statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
"subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
"subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
"tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
"teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
"trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
"clone_url": "https://github.com/octocat/Hello-World.git",
"mirror_url": "git:git.example.com/octocat/Hello-World",
"hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
"svn_url": "https://svn.github.com/octocat/Hello-World",
"homepage": "https://github.com",
"language": null,
"forks_count": 9,
"stargazers_count": 80,
"watchers_count": 80,
"size": 108,
"default_branch": "master",
"open_issues_count": 0,
"is_template": true,
"topics": [
"octocat",
"atom",
"electron",
"api"
],
"has_issues": true,
"has_projects": true,
"has_wiki": true,
"has_pages": false,
"has_downloads": true,
"archived": false,
"disabled": false,
"visibility": "public",
"pushed_at": "2011-01-26T19:06:43Z",
"created_at": "2011-01-26T19:01:12Z",
"updated_at": "2011-01-26T19:14:43Z",
"permissions": {
"pull": true,
"triage": true,
"push": false,
"maintain": false,
"admin": false
},
"allow_rebase_merge": true,
"template_repository": null,
"temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
"allow_squash_merge": true,
"delete_branch_on_merge": true,
"allow_merge_commit": true,
"subscribers_count": 42,
"network_count": 0,
"license": {
"key": "mit",
"name": "MIT License",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit",
"node_id": "MDc6TGljZW5zZW1pdA=="
},
"organization": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "Organization",
"site_admin": false
},
"parent": {
"id": 1296269,
"node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
"name": "Hello-World",
"full_name": "octocat/Hello-World",
"owner": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"private": false,
"html_url": "https://github.com/octocat/Hello-World",
"description": "This your first repo!",
"fork": false,
"url": "https://api.github.com/repos/octocat/Hello-World",
"archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
"assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
"blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
"branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
"collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
"comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
"commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
"compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
"contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
"contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
"deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
"downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
"events_url": "http://api.github.com/repos/octocat/Hello-World/events",
"forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
"git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
"git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
"git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
"git_url": "git:github.com/octocat/Hello-World.git",
"issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
"issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
"issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
"keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
"labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
"languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
"merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
"milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
"notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
"pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
"releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
"ssh_url": "git@github.com:octocat/Hello-World.git",
"stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
"statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
"subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
"subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
"tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
"teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
"trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
"clone_url": "https://github.com/octocat/Hello-World.git",
"mirror_url": "git:git.example.com/octocat/Hello-World",
"hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
"svn_url": "https://svn.github.com/octocat/Hello-World",
"homepage": "https://github.com",
"language": null,
"forks_count": 9,
"stargazers_count": 80,
"watchers_count": 80,
"size": 108,
"default_branch": "master",
"open_issues_count": 0,
"is_template": true,
"topics": [
"octocat",
"atom",
"electron",
"api"
],
"has_issues": true,
"has_projects": true,
"has_wiki": true,
"has_pages": false,
"has_downloads": true,
"archived": false,
"disabled": false,
"visibility": "public",
"pushed_at": "2011-01-26T19:06:43Z",
"created_at": "2011-01-26T19:01:12Z",
"updated_at": "2011-01-26T19:14:43Z",
"permissions": {
"admin": false,
"push": false,
"pull": true
},
"allow_rebase_merge": true,
"template_repository": null,
"temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
"allow_squash_merge": true,
"delete_branch_on_merge": true,
"allow_merge_commit": true,
"subscribers_count": 42,
"network_count": 0
},
"source": {
"id": 1296269,
"node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
"name": "Hello-World",
"full_name": "octocat/Hello-World",
"owner": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"private": false,
"html_url": "https://github.com/octocat/Hello-World",
"description": "This your first repo!",
"fork": false,
"url": "https://api.github.com/repos/octocat/Hello-World",
"archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
"assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
"blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
"branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
"collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
"comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
"commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
"compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
"contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
"contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
"deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
"downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
"events_url": "http://api.github.com/repos/octocat/Hello-World/events",
"forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
"git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
"git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
"git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
"git_url": "git:github.com/octocat/Hello-World.git",
"issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
"issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
"issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
"keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
"labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
"languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
"merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
"milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
"notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
"pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
"releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
"ssh_url": "git@github.com:octocat/Hello-World.git",
"stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
"statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
"subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
"subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
"tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
"teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
"trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
"clone_url": "https://github.com/octocat/Hello-World.git",
"mirror_url": "git:git.example.com/octocat/Hello-World",
"hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
"svn_url": "https://svn.github.com/octocat/Hello-World",
"homepage": "https://github.com",
"language": null,
"forks_count": 9,
"stargazers_count": 80,
"watchers_count": 80,
"size": 108,
"default_branch": "master",
"open_issues_count": 0,
"is_template": true,
"topics": [
"octocat",
"atom",
"electron",
"api"
],
"has_issues": true,
"has_projects": true,
"has_wiki": true,
"has_pages": false,
"has_downloads": true,
"archived": false,
"disabled": false,
"visibility": "public",
"pushed_at": "2011-01-26T19:06:43Z",
"created_at": "2011-01-26T19:01:12Z",
"updated_at": "2011-01-26T19:14:43Z",
"permissions": {
"admin": false,
"push": false,
"pull": true
},
"allow_rebase_merge": true,
"template_repository": null,
"temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
"allow_squash_merge": true,
"delete_branch_on_merge": true,
"allow_merge_commit": true,
"subscribers_count": 42,
"network_count": 0
}
}

1
__tests__/fixtures/secret.txt
Unescape Escape View File

@ -1 +0,0 @@
bar

103
action.yml
Unescape Escape View File

@ -7,120 +7,75 @@ branding:
color: 'blue'
inputs:
add-hosts:
description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
required: false
allow:
description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
required: false
annotations:
description: "List of annotation to set to the image"
required: false
attests:
description: "List of attestation parameters (e.g., type=sbom,generator=image)"
required: false
build-args:
description: "List of build-time variables"
required: false
build-contexts:
description: "List of additional build contexts (e.g., name=path)"
required: false
builder:
description: "Builder instance"
required: false
cache-from:
description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
required: false
cache-to:
description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
required: false
call:
description: "Set method for evaluating build (e.g., check)"
required: false
cgroup-parent:
description: "Optional parent cgroup for the container used in the build"
required: false
context:
description: "Build's context is the set of files located in the specified PATH or URL"
required: false
file:
description: "Path to the Dockerfile"
required: false
default: './Dockerfile'
build-args:
description: "List of build-time variables"
required: false
labels:
description: "List of metadata for an image"
required: false
load:
description: "Load is a shorthand for --output=type=docker"
tags:
description: "List of tags"
required: false
pull:
description: "Always attempt to pull a newer version of the image"
required: false
default: 'false'
network:
description: "Set the networking mode for the RUN instructions during build"
target:
description: "Sets the target stage to build"
required: false
allow:
description: "List of extra privileged entitlement (eg. network.host,security.insecure)"
required: false
no-cache:
description: "Do not use cache when building the image"
required: false
default: 'false'
no-cache-filters:
description: "Do not cache specified stages"
required: false
outputs:
description: "List of output destinations (format: type=local,dest=path)"
required: false
platforms:
description: "List of target platforms for build"
required: false
provenance:
description: "Generate provenance attestation for the build (shorthand for --attest=type=provenance)"
required: false
pull:
description: "Always attempt to pull all referenced images"
load:
description: "Load is a shorthand for --output=type=docker"
required: false
default: 'false'
push:
description: "Push is a shorthand for --output=type=registry"
required: false
default: 'false'
sbom:
description: "Generate SBOM attestation for the build (shorthand for --attest=type=sbom)"
required: false
secrets:
description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
required: false
secret-envs:
description: "List of secret env vars to expose to the build (e.g., key=envname, MY_SECRET=MY_ENV_VAR)"
required: false
secret-files:
description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
required: false
shm-size:
description: "Size of /dev/shm (e.g., 2g)"
required: false
ssh:
description: "List of SSH agent socket or keys to expose to the build"
outputs:
description: "List of output destinations (format: type=local,dest=path)"
required: false
tags:
description: "List of tags"
cache-from:
description: "List of external cache sources for buildx (eg. user/app:cache, type=local,src=path/to/dir)"
required: false
target:
description: "Sets the target stage to build"
cache-to:
description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)"
required: false
ulimit:
description: "Ulimit options (e.g., nofile=1024:1024)"
secrets:
description: "List of secrets to expose to the build (eg. key=value, GIT_AUTH_TOKEN=mytoken)"
required: false
github-token:
description: "GitHub Token used to authenticate against a repository for Git context"
default: ${{ github.token }}
required: false
ssh:
description: "List of SSH agent socket or keys to expose to the build"
required: false
outputs:
imageid:
description: 'Image ID'
digest:
description: 'Image digest'
metadata:
description: 'Build result metadata'
description: 'Image content-addressable identifier also called a digest'
runs:
using: 'node20'
using: 'node12'
main: 'dist/index.js'
post: 'dist/index.js'

3
codecov.yml
Unescape Escape View File

@ -1,3 +0,0 @@
comment: false
github_checks:
annotations: false

80
dev.Dockerfile
Unescape Escape View File

@ -1,80 +0,0 @@
# syntax=docker/dockerfile:1
ARG NODE_VERSION=20
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git
WORKDIR /src
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache <<EOT
corepack enable
yarn --version
yarn config set --home enableTelemetry 0
EOT
FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update
COPY --from=deps /vendor /
FROM deps AS vendor-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock
exit 1
fi
EOT
FROM deps AS build
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run build && mkdir /out && cp -Rf dist /out/
FROM scratch AS build-update
COPY --from=build /out /
FROM build AS build-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist
exit 1
fi
EOT
FROM deps AS format
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run format \
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
FROM scratch AS format-update
COPY --from=format /out /
FROM deps AS lint
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run lint
FROM deps AS test
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run test --coverage --coverageDirectory=/tmp/coverage
FROM scratch AS test-coverage
COPY --from=test /tmp/coverage /

15679
dist/index.js generated vendored
View File

File diff suppressed because one or more lines are too long

1
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

3924
dist/licenses.txt generated vendored
View File

File diff suppressed because it is too large Load Diff

1
dist/sourcemap-register.js generated vendored
View File

File diff suppressed because one or more lines are too long

58
docker-bake.hcl
Unescape Escape View File

@ -1,66 +1,42 @@
target "_common" {
args = {
BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
}
}
group "default" {
targets = ["build"]
}
group "pre-checkin" {
targets = ["vendor", "format", "build"]
targets = ["update-yarn", "format", "build"]
}
group "validate" {
targets = ["lint", "build-validate", "vendor-validate"]
targets = ["validate-format", "validate-build", "validate-yarn"]
}
target "update-yarn" {
target = "update-yarn"
output = ["."]
}
target "build" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "build-update"
target = "dist"
output = ["."]
}
target "build-validate" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "build-validate"
output = ["type=cacheonly"]
target "test" {
target = "test"
}
target "format" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "format-update"
target = "format"
output = ["."]
}
target "lint" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "lint"
output = ["type=cacheonly"]
target "validate-format" {
target = "validate-format"
}
target "vendor" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "vendor-update"
output = ["."]
target "validate-build" {
target = "validate-build"
}
target "vendor-validate" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "vendor-validate"
output = ["type=cacheonly"]
}
target "test" {
inherits = ["_common"]
dockerfile = "dev.Dockerfile"
target = "test-coverage"
output = ["./coverage"]
target "validate-yarn" {
target = "validate-yarn"
}

12
jest.config.js
Unescape Escape View File

@ -0,0 +1,12 @@
module.exports = {
clearMocks: false,
moduleFileExtensions: ['js', 'ts'],
setupFiles: ["dotenv/config"],
testEnvironment: 'node',
testMatch: ['**/*.test.ts'],
testRunner: 'jest-circus/runner',
transform: {
'^.+\\.ts$': 'ts-jest'
},
verbose: false
}

30
jest.config.ts
Unescape Escape View File

@ -1,30 +0,0 @@
import fs from 'fs';
import os from 'os';
import path from 'path';
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-action-'));
process.env = Object.assign({}, process.env, {
TEMP: tmpDir,
GITHUB_REPOSITORY: 'docker/build-push-action',
RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
}) as {
[key: string]: string;
};
module.exports = {
clearMocks: false,
testEnvironment: 'node',
moduleFileExtensions: ['js', 'ts'],
testMatch: ['**/*.test.ts'],
transform: {
'^.+\\.ts$': 'ts-jest'
},
moduleNameMapper: {
'^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
},
collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__mocks__/', '__tests__/'],
verbose: true
};

59
package.json
Unescape Escape View File

@ -1,16 +1,13 @@
{
"name": "docker-build-push",
"description": "Build and push Docker images",
"main": "src/main.ts",
"main": "lib/main.js",
"scripts": {
"build": "ncc build --source-map --minify --license licenses.txt",
"lint": "yarn run prettier && yarn run eslint",
"format": "yarn run prettier:fix && yarn run eslint:fix",
"eslint": "eslint --max-warnings=0 .",
"eslint:fix": "eslint --fix .",
"prettier": "prettier --check \"./**/*.ts\"",
"prettier:fix": "prettier --write \"./**/*.ts\"",
"test": "jest"
"build": "tsc && ncc build",
"format": "prettier --write **/*.ts",
"format-check": "prettier --check **/*.ts",
"test": "jest --coverage",
"pre-checkin": "yarn run format && yarn run build"
},
"repository": {
"type": "git",
@ -22,27 +19,35 @@
"build",
"push"
],
"author": "Docker Inc.",
"author": "Docker",
"contributors": [
{
"name": "CrazyMax",
"url": "https://crazymax.dev"
}
],
"license": "Apache-2.0",
"packageManager": "yarn@3.6.3",
"dependencies": {
"@actions/core": "^1.11.1",
"@docker/actions-toolkit": "0.62.1",
"handlebars": "^4.7.7"
"@actions/core": "^1.2.6",
"@actions/exec": "^1.0.4",
"@actions/github": "^4.0.0",
"csv-parse": "^4.14.1",
"semver": "^7.3.2",
"tmp": "^0.2.1"
},
"devDependencies": {
"@types/node": "^20.12.12",
"@typescript-eslint/eslint-plugin": "^7.9.0",
"@typescript-eslint/parser": "^7.9.0",
"@vercel/ncc": "^0.38.1",
"eslint": "^8.57.0",
"eslint-config-prettier": "^9.1.0",
"eslint-plugin-jest": "^28.5.0",
"eslint-plugin-prettier": "^5.1.3",
"jest": "^29.7.0",
"prettier": "^3.2.5",
"ts-jest": "^29.1.2",
"ts-node": "^10.9.2",
"typescript": "^5.4.5"
"@types/csv-parse": "^1.2.2",
"@types/jest": "^26.0.3",
"@types/node": "^14.0.14",
"@types/tmp": "^0.2.0",
"@vercel/ncc": "^0.23.0",
"dotenv": "^8.2.0",
"jest": "^26.1.0",
"jest-circus": "^26.1.0",
"jest-runtime": "^26.1.0",
"prettier": "^2.0.5",
"ts-jest": "^26.1.1",
"typescript": "^3.9.5",
"typescript-formatter": "^7.2.2"
}
}

89
src/buildx.ts
Unescape Escape View File

@ -0,0 +1,89 @@
import csvparse from 'csv-parse/lib/sync';
import fs from 'fs';
import path from 'path';
import * as semver from 'semver';
import * as context from './context';
import * as exec from './exec';
export async function getImageIDFile(): Promise<string> {
return path.join(context.tmpDir(), 'iidfile').split(path.sep).join(path.posix.sep);
}
export async function getImageID(): Promise<string | undefined> {
const iidFile = await getImageIDFile();
if (!fs.existsSync(iidFile)) {
return undefined;
}
return fs.readFileSync(iidFile, {encoding: 'utf-8'});
}
export async function getSecret(kvp: string): Promise<string> {
const delimiterIndex = kvp.indexOf('=');
const key = kvp.substring(0, delimiterIndex);
const value = kvp.substring(delimiterIndex + 1);
if (key.length == 0 || value.length == 0) {
throw new Error(`${kvp} is not a valid secret`);
}
const secretFile = context.tmpNameSync({
tmpdir: context.tmpDir()
});
await fs.writeFileSync(secretFile, value);
return `id=${key},src=${secretFile}`;
}
export function isLocalOrTarExporter(outputs: string[]): Boolean {
for (let output of csvparse(outputs.join(`\n`), {
delimiter: ',',
trim: true,
columns: false,
relaxColumnCount: true
})) {
// Local if no type is defined
// https://github.com/docker/buildx/blob/d2bf42f8b4784d83fde17acb3ed84703ddc2156b/build/output.go#L29-L43
if (output.length == 1 && !output[0].startsWith('type=')) {
return true;
}
for (let [key, value] of output.map(chunk => chunk.split('=').map(item => item.trim()))) {
if (key == 'type' && (value == 'local' || value == 'tar')) {
return true;
}
}
}
return false;
}
export function hasGitAuthToken(secrets: string[]): Boolean {
for (let secret of secrets) {
if (secret.startsWith('GIT_AUTH_TOKEN=')) {
return true;
}
}
return false;
}
export async function isAvailable(): Promise<Boolean> {
return await exec.exec(`docker`, ['buildx'], true).then(res => {
if (res.stderr != '' && !res.success) {
return false;
}
return res.success;
});
}
export async function getVersion(): Promise<string> {
return await exec.exec(`docker`, ['buildx', 'version'], true).then(res => {
if (res.stderr != '' && !res.success) {
throw new Error(res.stderr);
}
return parseVersion(res.stdout);
});
}
export async function parseVersion(stdout: string): Promise<string> {
const matches = /\sv?([0-9.]+)/.exec(stdout);
if (!matches) {
throw new Error(`Cannot parse Buildx version`);
}
return semver.clean(matches[1]);
}

353
src/context.ts
Unescape Escape View File

@ -1,286 +1,193 @@
import csvparse from 'csv-parse/lib/sync';
import * as fs from 'fs';
import * as os from 'os';
import * as path from 'path';
import * as semver from 'semver';
import * as tmp from 'tmp';
import * as core from '@actions/core';
import * as handlebars from 'handlebars';
import * as github from '@actions/github';
import * as buildx from './buildx';
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
import {Context} from '@docker/actions-toolkit/lib/context';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {Util} from '@docker/actions-toolkit/lib/util';
let _defaultContext, _tmpDir: string;
export interface Inputs {
'add-hosts': string[];
allow: string[];
annotations: string[];
attests: string[];
'build-args': string[];
'build-contexts': string[];
builder: string;
'cache-from': string[];
'cache-to': string[];
call: string;
'cgroup-parent': string;
context: string;
file: string;
buildArgs: string[];
labels: string[];
load: boolean;
network: string;
'no-cache': boolean;
'no-cache-filters': string[];
outputs: string[];
platforms: string[];
provenance: string;
tags: string[];
pull: boolean;
target: string;
allow: string[];
noCache: boolean;
builder: string;
platforms: string[];
load: boolean;
push: boolean;
sbom: string;
outputs: string[];
cacheFrom: string[];
cacheTo: string[];
secrets: string[];
'secret-envs': string[];
'secret-files': string[];
'shm-size': string;
githubToken: string;
ssh: string[];
tags: string[];
target: string;
ulimit: string[];
'github-token': string;
}
export async function getInputs(): Promise<Inputs> {
export function defaultContext(): string {
if (!_defaultContext) {
_defaultContext = `https://github.com/${github.context.repo.owner}/${
github.context.repo.repo
}.git#${github.context?.ref?.replace(/^refs\//, '')}`;
}
return _defaultContext;
}
export function tmpDir(): string {
if (!_tmpDir) {
_tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-')).split(path.sep).join(path.posix.sep);
}
return _tmpDir;
}
export function tmpNameSync(options?: tmp.TmpNameOptions): string {
return tmp.tmpNameSync(options);
}
export async function getInputs(defaultContext: string): Promise<Inputs> {
return {
'add-hosts': Util.getInputList('add-hosts'),
allow: Util.getInputList('allow'),
annotations: Util.getInputList('annotations', {ignoreComma: true}),
attests: Util.getInputList('attests', {ignoreComma: true}),
'build-args': Util.getInputList('build-args', {ignoreComma: true}),
'build-contexts': Util.getInputList('build-contexts', {ignoreComma: true}),
builder: core.getInput('builder'),
'cache-from': Util.getInputList('cache-from', {ignoreComma: true}),
'cache-to': Util.getInputList('cache-to', {ignoreComma: true}),
call: core.getInput('call'),
'cgroup-parent': core.getInput('cgroup-parent'),
context: core.getInput('context') || Context.gitContext(),
file: core.getInput('file'),
labels: Util.getInputList('labels', {ignoreComma: true}),
load: core.getBooleanInput('load'),
network: core.getInput('network'),
'no-cache': core.getBooleanInput('no-cache'),
'no-cache-filters': Util.getInputList('no-cache-filters'),
outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}),
platforms: Util.getInputList('platforms'),
provenance: Build.getProvenanceInput('provenance'),
pull: core.getBooleanInput('pull'),
push: core.getBooleanInput('push'),
sbom: core.getInput('sbom'),
secrets: Util.getInputList('secrets', {ignoreComma: true}),
'secret-envs': Util.getInputList('secret-envs'),
'secret-files': Util.getInputList('secret-files', {ignoreComma: true}),
'shm-size': core.getInput('shm-size'),
ssh: Util.getInputList('ssh'),
tags: Util.getInputList('tags'),
context: core.getInput('context') || defaultContext,
file: core.getInput('file') || 'Dockerfile',
buildArgs: await getInputList('build-args', true),
labels: await getInputList('labels', true),
tags: await getInputList('tags'),
pull: /true/i.test(core.getInput('pull')),
target: core.getInput('target'),
ulimit: Util.getInputList('ulimit', {ignoreComma: true}),
'github-token': core.getInput('github-token')
allow: await getInputList('allow'),
noCache: /true/i.test(core.getInput('no-cache')),
builder: core.getInput('builder'),
platforms: await getInputList('platforms'),
load: /true/i.test(core.getInput('load')),
push: /true/i.test(core.getInput('push')),
outputs: await getInputList('outputs', true),
cacheFrom: await getInputList('cache-from', true),
cacheTo: await getInputList('cache-to', true),
secrets: await getInputList('secrets', true),
githubToken: core.getInput('github-token'),
ssh: await getInputList('ssh')
};
}
export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
const context = handlebars.compile(inputs.context)({
defaultContext: Context.gitContext()
});
// prettier-ignore
return [
...await getBuildArgs(inputs, context, toolkit),
...await getCommonArgs(inputs, toolkit),
context
];
export async function getArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
let args: Array<string> = ['buildx'];
args.push.apply(args, await getBuildArgs(inputs, defaultContext, buildxVersion));
args.push.apply(args, await getCommonArgs(inputs));
args.push(inputs.context);
return args;
}
async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = ['build'];
await Util.asyncForEach(inputs['add-hosts'], async addHost => {
args.push('--add-host', addHost);
});
await Util.asyncForEach(inputs.allow, async allow => {
args.push('--allow', allow);
});
if (await toolkit.buildx.versionSatisfies('>=0.12.0')) {
await Util.asyncForEach(inputs.annotations, async annotation => {
args.push('--annotation', annotation);
});
} else if (inputs.annotations.length > 0) {
core.warning("Annotations are only supported by buildx >= 0.12.0; the input 'annotations' is ignored.");
}
await Util.asyncForEach(inputs['build-args'], async buildArg => {
async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
let args: Array<string> = ['build'];
await asyncForEach(inputs.buildArgs, async buildArg => {
args.push('--build-arg', buildArg);
});
if (await toolkit.buildx.versionSatisfies('>=0.8.0')) {
await Util.asyncForEach(inputs['build-contexts'], async buildContext => {
args.push(
'--build-context',
handlebars.compile(buildContext)({
defaultContext: Context.gitContext()
})
);
});
} else if (inputs['build-contexts'].length > 0) {
core.warning("Build contexts are only supported by buildx >= 0.8.0; the input 'build-contexts' is ignored.");
}
await Util.asyncForEach(inputs['cache-from'], async cacheFrom => {
args.push('--cache-from', cacheFrom);
});
await Util.asyncForEach(inputs['cache-to'], async cacheTo => {
args.push('--cache-to', cacheTo);
await asyncForEach(inputs.labels, async label => {
args.push('--label', label);
});
if (inputs.call) {
if (!(await toolkit.buildx.versionSatisfies('>=0.15.0'))) {
throw new Error(`Buildx >= 0.15.0 is required to use the call flag.`);
}
args.push('--call', inputs.call);
}
if (inputs['cgroup-parent']) {
args.push('--cgroup-parent', inputs['cgroup-parent']);
}
await Util.asyncForEach(inputs['secret-envs'], async secretEnv => {
try {
args.push('--secret', Build.resolveSecretEnv(secretEnv));
} catch (err) {
core.warning(err.message);
}
await asyncForEach(inputs.tags, async tag => {
args.push('--tag', tag);
});
if (inputs.file) {
args.push('--file', inputs.file);
if (inputs.target) {
args.push('--target', inputs.target);
}
if (!Build.hasLocalExporter(inputs.outputs) && !Build.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
args.push('--iidfile', toolkit.buildxBuild.getImageIDFilePath());
if (inputs.allow.length > 0) {
args.push('--allow', inputs.allow.join(','));
}
await Util.asyncForEach(inputs.labels, async label => {
args.push('--label', label);
});
await Util.asyncForEach(inputs['no-cache-filters'], async noCacheFilter => {
args.push('--no-cache-filter', noCacheFilter);
});
await Util.asyncForEach(inputs.outputs, async output => {
args.push('--output', output);
});
if (inputs.platforms.length > 0) {
args.push('--platform', inputs.platforms.join(','));
}
if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
args.push(...(await getAttestArgs(inputs, toolkit)));
} else {
core.warning("Attestations are only supported by buildx >= 0.10.0; the inputs 'attests', 'provenance' and 'sbom' are ignored.");
}
await Util.asyncForEach(inputs.secrets, async secret => {
try {
args.push('--secret', Build.resolveSecretString(secret));
} catch (err) {
core.warning(err.message);
await asyncForEach(inputs.outputs, async output => {
args.push('--output', output);
});
if (
!buildx.isLocalOrTarExporter(inputs.outputs) &&
(inputs.platforms.length == 0 || semver.satisfies(buildxVersion, '>=0.4.2'))
) {
args.push('--iidfile', await buildx.getImageIDFile());
}
await asyncForEach(inputs.cacheFrom, async cacheFrom => {
args.push('--cache-from', cacheFrom);
});
await Util.asyncForEach(inputs['secret-files'], async secretFile => {
await asyncForEach(inputs.cacheTo, async cacheTo => {
args.push('--cache-to', cacheTo);
});
await asyncForEach(inputs.secrets, async secret => {
try {
args.push('--secret', Build.resolveSecretFile(secretFile));
args.push('--secret', await buildx.getSecret(secret));
} catch (err) {
core.warning(err.message);
}
});
if (inputs['github-token'] && !Build.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
args.push('--secret', Build.resolveSecretString(`GIT_AUTH_TOKEN=${inputs['github-token']}`));
}
if (inputs['shm-size']) {
args.push('--shm-size', inputs['shm-size']);
if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
args.push('--secret', await buildx.getSecret(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
}
await Util.asyncForEach(inputs.ssh, async ssh => {
await asyncForEach(inputs.ssh, async ssh => {
args.push('--ssh', ssh);
});
await Util.asyncForEach(inputs.tags, async tag => {
args.push('--tag', tag);
});
if (inputs.target) {
args.push('--target', inputs.target);
if (inputs.file) {
args.push('--file', inputs.file);
}
await Util.asyncForEach(inputs.ulimit, async ulimit => {
args.push('--ulimit', ulimit);
});
return args;
}
async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = [];
async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
let args: Array<string> = [];
if (inputs.noCache) {
args.push('--no-cache');
}
if (inputs.builder) {
args.push('--builder', inputs.builder);
}
if (inputs.load) {
args.push('--load');
}
if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
args.push('--metadata-file', toolkit.buildxBuild.getMetadataFilePath());
}
if (inputs.network) {
args.push('--network', inputs.network);
}
if (inputs['no-cache']) {
args.push('--no-cache');
}
if (inputs.pull) {
args.push('--pull');
}
if (inputs.load) {
args.push('--load');
}
if (inputs.push) {
args.push('--push');
}
return args;
}
async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = [];
export async function getInputList(name: string, ignoreComma?: boolean): Promise<string[]> {
let res: Array<string> = [];
// check if provenance attestation is set in attests input
let hasAttestProvenance = false;
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (Build.hasAttestationType('provenance', attest)) {
hasAttestProvenance = true;
const items = core.getInput(name);
if (items == '') {
return res;
}
});
let provenanceSet = false;
let sbomSet = false;
if (inputs.provenance) {
args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
provenanceSet = true;
} else if (!hasAttestProvenance && !noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
// if provenance not specified in provenance or attests inputs and BuildKit
// version compatible for attestation, set default provenance. Also needs
// to make sure user doesn't want to explicitly load the image to docker.
if (GitHub.context.payload.repository?.private ?? false) {
// if this is a private repository, we set the default provenance
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
} else {
// for a public repository, we set max provenance mode.
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`);
}
}
if (inputs.sbom) {
args.push('--attest', Build.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
sbomSet = true;
for (let output of (await csvparse(items, {
columns: false,
relaxColumnCount: true,
skipLinesWithEmptyValues: true
})) as Array<string[]>) {
if (output.length == 1) {
res.push(output[0]);
continue;
} else if (!ignoreComma) {
res.push(...output);
continue;
}
res.push(output.join(','));
}
// set attests but check if provenance or sbom types already set as
// provenance and sbom inputs take precedence over attests input.
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (!Build.hasAttestationType('provenance', attest) && !Build.hasAttestationType('sbom', attest)) {
args.push('--attest', Build.resolveAttestationAttrs(attest));
} else if (!provenanceSet && Build.hasAttestationType('provenance', attest)) {
args.push('--attest', Build.resolveProvenanceAttrs(attest));
} else if (!sbomSet && Build.hasAttestationType('sbom', attest)) {
args.push('--attest', attest);
return res.filter(item => item);
}
});
return args;
}
function noDefaultAttestations(): boolean {
if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
}
return false;
export const asyncForEach = async (array, callback) => {
for (let index = 0; index < array.length; index++) {
await callback(array[index], index, array);
}
};

7
src/docker.ts
Unescape Escape View File

@ -0,0 +1,7 @@
import * as exec from './exec';
export async function isDaemonRunning(): Promise<boolean> {
return await exec.exec(`docker`, ['version', '--format', '{{.Server.Os}}'], true).then(res => {
return !res.stdout.includes(' ') && res.success;
});
}

34
src/exec.ts
Unescape Escape View File

@ -0,0 +1,34 @@
import * as aexec from '@actions/exec';
import {ExecOptions} from '@actions/exec';
export interface ExecResult {
success: boolean;
stdout: string;
stderr: string;
}
export const exec = async (command: string, args: string[] = [], silent?: boolean): Promise<ExecResult> => {
let stdout: string = '';
let stderr: string = '';
const options: ExecOptions = {
silent: silent,
ignoreReturnCode: true
};
options.listeners = {
stdout: (data: Buffer) => {
stdout += data.toString();
},
stderr: (data: Buffer) => {
stderr += data.toString();
}
};
const returnCode: number = await aexec.exec(command, args, options);
return {
success: returnCode === 0,
stdout: stdout.trim(),
stderr: stderr.trim()
};
};

314
src/main.ts
Unescape Escape View File

@ -1,306 +1,56 @@
import * as fs from 'fs';
import * as path from 'path';
import * as os from 'os';
import * as buildx from './buildx';
import * as context from './context';
import * as exec from './exec';
import * as stateHelper from './state-helper';
import * as core from '@actions/core';
import * as actionsToolkit from '@docker/actions-toolkit';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
import {History as BuildxHistory} from '@docker/actions-toolkit/lib/buildx/history';
import {Context} from '@docker/actions-toolkit/lib/context';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
import {Exec} from '@docker/actions-toolkit/lib/exec';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {Util} from '@docker/actions-toolkit/lib/util';
import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker/docker';
import {UploadArtifactResponse} from '@docker/actions-toolkit/lib/types/github';
import * as context from './context';
actionsToolkit.run(
// main
async () => {
const startedTime = new Date();
const inputs: context.Inputs = await context.getInputs();
stateHelper.setSummaryInputs(inputs);
core.debug(`inputs: ${JSON.stringify(inputs)}`);
const toolkit = new Toolkit();
await core.group(`GitHub Actions runtime token ACs`, async () => {
async function run(): Promise<void> {
try {
await GitHub.printActionsRuntimeTokenACs();
} catch (e) {
core.warning(e.message);
if (os.platform() !== 'linux') {
throw new Error(`Only supported on linux platform`);
}
});
await core.group(`Docker info`, async () => {
try {
await Docker.printVersion();
await Docker.printInfo();
} catch (e) {
core.info(e.message);
if (!(await buildx.isAvailable())) {
throw new Error(`Buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
}
});
stateHelper.setTmpDir(context.tmpDir());
await core.group(`Proxy configuration`, async () => {
let dockerConfig: ConfigFile | undefined;
let dockerConfigMalformed = false;
try {
dockerConfig = await Docker.configFile();
} catch (e) {
dockerConfigMalformed = true;
core.warning(`Unable to parse config file ${path.join(Docker.configDir, 'config.json')}: ${e}`);
}
if (dockerConfig && dockerConfig.proxies) {
for (const host in dockerConfig.proxies) {
let prefix = '';
if (Object.keys(dockerConfig.proxies).length > 1) {
prefix = ' ';
core.info(host);
}
for (const key in dockerConfig.proxies[host]) {
core.info(`${prefix}${key}: ${dockerConfig.proxies[host][key]}`);
}
}
} else if (!dockerConfigMalformed) {
core.info('No proxy configuration found');
}
});
if (!(await toolkit.buildx.isAvailable())) {
core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
return;
}
const buildxVersion = await buildx.getVersion();
core.info(`📣 Buildx version: ${buildxVersion}`);
stateHelper.setTmpDir(Context.tmpDir());
await core.group(`Buildx version`, async () => {
await toolkit.buildx.printVersion();
});
const defContext = context.defaultContext();
let inputs: context.Inputs = await context.getInputs(defContext);
let builder: BuilderInfo;
await core.group(`Builder info`, async () => {
builder = await toolkit.builder.inspect(inputs.builder);
stateHelper.setBuilderDriver(builder.driver ?? '');
stateHelper.setBuilderEndpoint(builder.nodes?.[0]?.endpoint ?? '');
core.info(JSON.stringify(builder, null, 2));
});
const args: string[] = await context.getArgs(inputs, toolkit);
core.debug(`context.getArgs: ${JSON.stringify(args)}`);
const buildCmd = await toolkit.buildx.getCommand(args);
core.debug(`buildCmd.command: ${buildCmd.command}`);
core.debug(`buildCmd.args: ${JSON.stringify(buildCmd.args)}`);
let err: Error | undefined;
await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
ignoreReturnCode: true,
env: Object.assign({}, process.env, {
BUILDX_METADATA_WARNINGS: 'true'
}) as {
[key: string]: string;
}
}).then(res => {
if (res.exitCode != 0) {
if (inputs.call && inputs.call === 'check' && res.stdout.length > 0) {
// checks warnings are printed to stdout: https://github.com/docker/buildx/pull/2647
// take the first line with the message summaryzing the warnings
err = new Error(res.stdout.split('\n')[0]?.trim());
} else if (res.stderr.length > 0) {
err = new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
}
core.info(`🏃 Starting build...`);
const args: string[] = await context.getArgs(inputs, defContext, buildxVersion);
await exec.exec('docker', args).then(res => {
if (res.stderr != '' && !res.success) {
throw new Error(`buildx call failed with: ${res.stderr.match(/(.*)\s*$/)![0]}`);
}
});
const imageID = toolkit.buildxBuild.resolveImageID();
const metadata = toolkit.buildxBuild.resolveMetadata();
const digest = toolkit.buildxBuild.resolveDigest(metadata);
const imageID = await buildx.getImageID();
if (imageID) {
await core.group(`ImageID`, async () => {
core.info(imageID);
core.setOutput('imageid', imageID);
});
}
if (digest) {
await core.group(`Digest`, async () => {
core.info(digest);
core.setOutput('digest', digest);
});
}
if (metadata) {
await core.group(`Metadata`, async () => {
const metadatadt = JSON.stringify(metadata, null, 2);
core.info(metadatadt);
core.setOutput('metadata', metadatadt);
});
}
let ref: string | undefined;
await core.group(`Reference`, async () => {
ref = await buildRef(toolkit, startedTime, inputs.builder);
if (ref) {
core.info(ref);
stateHelper.setBuildRef(ref);
} else {
core.info('No build reference found');
}
});
if (buildChecksAnnotationsEnabled()) {
const warnings = toolkit.buildxBuild.resolveWarnings(metadata);
if (ref && warnings && warnings.length > 0) {
const annotations = await Buildx.convertWarningsToGitHubAnnotations(warnings, [ref]);
core.debug(`annotations: ${JSON.stringify(annotations, null, 2)}`);
if (annotations && annotations.length > 0) {
await core.group(`Generating GitHub annotations (${annotations.length} build checks found)`, async () => {
for (const annotation of annotations) {
core.warning(annotation.message, annotation);
}
});
core.info('🛒 Extracting digest...');
core.info(`${imageID}`);
core.setOutput('digest', imageID);
}
} catch (error) {
core.setFailed(error.message);
}
}
await core.group(`Check build summary support`, async () => {
if (!buildSummaryEnabled()) {
core.info('Build summary disabled');
} else if (inputs.call && inputs.call !== 'build') {
core.info(`Build summary skipped for ${inputs.call} subrequest`);
} else if (GitHub.isGHES) {
core.info('Build summary is not yet supported on GHES');
} else if (!(await toolkit.buildx.versionSatisfies('>=0.13.0'))) {
core.info('Build summary requires Buildx >= 0.13.0');
} else if (!ref) {
core.info('Build summary requires a build reference');
} else {
core.info('Build summary supported!');
stateHelper.setSummarySupported();
}
});
if (err) {
throw err;
}
},
// post
async () => {
if (stateHelper.isSummarySupported) {
await core.group(`Generating build summary`, async () => {
try {
const recordUploadEnabled = buildRecordUploadEnabled();
let recordRetentionDays: number | undefined;
if (recordUploadEnabled) {
recordRetentionDays = buildRecordRetentionDays();
}
const buildxHistory = new BuildxHistory();
const exportRes = await buildxHistory.export({
refs: stateHelper.buildRef ? [stateHelper.buildRef] : [],
useContainer: buildExportLegacy()
});
core.info(`Build record written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
let uploadRes: UploadArtifactResponse | undefined;
if (recordUploadEnabled) {
uploadRes = await GitHub.uploadArtifact({
filename: exportRes.dockerbuildFilename,
mimeType: 'application/gzip',
retentionDays: recordRetentionDays
});
}
await GitHub.writeBuildSummary({
exportRes: exportRes,
uploadRes: uploadRes,
inputs: stateHelper.summaryInputs,
driver: stateHelper.builderDriver,
endpoint: stateHelper.builderEndpoint
});
} catch (e) {
core.warning(e.message);
}
});
}
async function cleanup(): Promise<void> {
if (stateHelper.tmpDir.length > 0) {
await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
try {
fs.rmSync(stateHelper.tmpDir, {recursive: true});
} catch (e) {
core.warning(`Failed to remove temp folder ${stateHelper.tmpDir}`);
}
});
}
core.info(`🚿 Removing temp folder ${stateHelper.tmpDir}`);
fs.rmdirSync(stateHelper.tmpDir, {recursive: true});
}
);
async function buildRef(toolkit: Toolkit, since: Date, builder?: string): Promise<string> {
// get ref from metadata file
const ref = toolkit.buildxBuild.resolveRef();
if (ref) {
return ref;
}
// otherwise, look for the very first build ref since the build has started
if (!builder) {
const currentBuilder = await toolkit.builder.inspect();
builder = currentBuilder.name;
}
const refs = Buildx.refs({
dir: Buildx.refsDir,
builderName: builder,
since: since
});
return Object.keys(refs).length > 0 ? Object.keys(refs)[0] : '';
}
function buildChecksAnnotationsEnabled(): boolean {
if (process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS) {
return Util.parseBool(process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS);
}
return true;
}
function buildSummaryEnabled(): boolean {
if (process.env.DOCKER_BUILD_NO_SUMMARY) {
core.warning('DOCKER_BUILD_NO_SUMMARY is deprecated. Set DOCKER_BUILD_SUMMARY to false instead.');
return !Util.parseBool(process.env.DOCKER_BUILD_NO_SUMMARY);
} else if (process.env.DOCKER_BUILD_SUMMARY) {
return Util.parseBool(process.env.DOCKER_BUILD_SUMMARY);
}
return true;
}
function buildRecordUploadEnabled(): boolean {
if (process.env.DOCKER_BUILD_RECORD_UPLOAD) {
return Util.parseBool(process.env.DOCKER_BUILD_RECORD_UPLOAD);
}
return true;
}
function buildRecordRetentionDays(): number | undefined {
let val: string | undefined;
if (process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS) {
core.warning('DOCKER_BUILD_EXPORT_RETENTION_DAYS is deprecated. Use DOCKER_BUILD_RECORD_RETENTION_DAYS instead.');
val = process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS;
} else if (process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS) {
val = process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS;
}
if (val) {
const res = parseInt(val);
if (isNaN(res)) {
throw new Error(`Invalid build record retention days: ${val}`);
}
return res;
}
}
function buildExportLegacy(): boolean {
if (process.env.DOCKER_BUILD_EXPORT_LEGACY) {
return Util.parseBool(process.env.DOCKER_BUILD_EXPORT_LEGACY);
}
return false;
if (!stateHelper.IsPost) {
run();
} else {
cleanup();
}

64
src/state-helper.ts
Unescape Escape View File

@ -1,70 +1,12 @@
import * as core from '@actions/core';
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
import {Inputs} from './context';
export const IsPost = !!process.env['STATE_isPost'];
export const tmpDir = process.env['STATE_tmpDir'] || '';
export const builderDriver = process.env['STATE_builderDriver'] || '';
export const builderEndpoint = process.env['STATE_builderEndpoint'] || '';
export const summaryInputs = process.env['STATE_summaryInputs'] ? JSON.parse(process.env['STATE_summaryInputs']) : undefined;
export const buildRef = process.env['STATE_buildRef'] || '';
export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
export function setTmpDir(tmpDir: string) {
core.saveState('tmpDir', tmpDir);
}
export function setBuilderDriver(builderDriver: string) {
core.saveState('builderDriver', builderDriver);
}
export function setBuilderEndpoint(builderEndpoint: string) {
core.saveState('builderEndpoint', builderEndpoint);
}
export function setBuildRef(buildRef: string) {
core.saveState('buildRef', buildRef);
}
export function setSummarySupported() {
core.saveState('isSummarySupported', 'true');
}
export function setSummaryInputs(inputs: Inputs) {
const res = {};
for (const key of Object.keys(inputs)) {
if (key === 'github-token') {
continue;
}
const value: string | string[] | boolean = inputs[key];
if (typeof value === 'boolean' && !value) {
continue;
} else if (Array.isArray(value)) {
if (value.length === 0) {
continue;
} else if (key === 'secrets' && value.length > 0) {
const secretKeys: string[] = [];
for (const secret of value) {
try {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const [skey, _] = Build.parseSecretKvp(secret, true);
secretKeys.push(skey);
} catch (err) {
// ignore invalid secret
}
}
if (secretKeys.length > 0) {
res[key] = secretKeys;
}
continue;
}
} else if (!value) {
continue;
}
res[key] = value;
}
core.saveState('summaryInputs', JSON.stringify(res));
if (!IsPost) {
core.saveState('isPost', 'true');
}

2
test/Dockerfile
Unescape Escape View File

@ -1,3 +1,3 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN echo "Hello world!"

1
test/multi.Dockerfile → test/Dockerfile-multi
Unescape Escape View File

@ -1,4 +1,3 @@
# syntax=docker/dockerfile:1
FROM --platform=$BUILDPLATFORM golang:alpine AS build
ARG TARGETPLATFORM

7
test/multi-sudo.Dockerfile → test/Dockerfile-multi-sudo
Unescape Escape View File

@ -1,9 +1,9 @@
# syntax=docker/dockerfile:1
FROM --platform=$BUILDPLATFORM golang:alpine AS build
FROM --platform=$BUILDPLATFORM alpine AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" > /log
RUN apk --update --no-cache add \
shadow \
sudo \
@ -13,9 +13,10 @@ RUN apk --update --no-cache add \
&& rm -rf /tmp/* /var/cache/apk/*
USER buildx
RUN sudo chown buildx: /log
RUN sudo chown buildx. /log
USER root
FROM alpine
COPY --from=build /log /log
RUN ls -al /log

3
test/addhost.Dockerfile
Unescape Escape View File

@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN cat /etc/hosts

3
test/cgroup.Dockerfile
Unescape Escape View File

@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN cat /proc/self/cgroup

19
test/go/Dockerfile
Unescape Escape View File

@ -1,19 +0,0 @@
# syntax=docker/dockerfile:1
FROM golang:alpine AS base
ENV CGO_ENABLED=0
RUN apk add --no-cache file git
WORKDIR /src
FROM base AS build
RUN --mount=type=bind,target=/src \
--mount=type=cache,target=/root/.cache/go-build \
go build -ldflags "-s -w" -o /usr/bin/app .
FROM scratch AS binary
COPY --from=build /usr/bin/app /bin/app
FROM alpine AS image
COPY --from=build /usr/bin/app /bin/app
EXPOSE 8080
ENTRYPOINT ["/bin/app"]

3
test/go/go.mod
Unescape Escape View File

@ -1,3 +0,0 @@
module github.com/docker/build-push-action/test/go
go 1.18

14
test/go/main.go
Unescape Escape View File

@ -1,14 +0,0 @@
package main
import (
"fmt"
"log"
"net/http"
)
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, Go!")
})
log.Fatal(http.ListenAndServe(":8080", nil))
}

12
test/lint.Dockerfile
Unescape Escape View File

@ -1,12 +0,0 @@
frOM busybox as base
cOpy lint.Dockerfile .
from scratch
MAINTAINER moby@example.com
COPy --from=base \
/lint.Dockerfile \
/
CMD [ "echo", "Hello, Norway!" ]
CMD [ "echo", "Hello, Sweden!" ]
ENTRYPOINT my-program start

4
test/named-context-base.Dockerfile
Unescape Escape View File

@ -1,4 +0,0 @@
# syntax=docker/dockerfile:1
FROM debian
RUN echo "Hello debian!"

4
test/named-context.Dockerfile
Unescape Escape View File

@ -1,4 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN cat /etc/*release

9
test/nocachefilter.Dockerfile
Unescape Escape View File

@ -1,9 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox AS base
RUN echo "Hello world!" > /hello
FROM alpine AS build
COPY --from=base /hello /hello
RUN uname -a
FROM build

9
test/proxy.Dockerfile
Unescape Escape View File

@ -1,9 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN apk add --no-cache curl net-tools
ARG HTTP_PROXY
ARG HTTPS_PROXY
RUN printenv HTTP_PROXY
RUN printenv HTTPS_PROXY
RUN netstat -aptn
RUN curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy $HTTP_PROXY -v --insecure --head https://www.google.com

4
test/secret.Dockerfile
Unescape Escape View File

@ -1,4 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN --mount=type=secret,id=MYSECRET \
echo "MYSECRET=$(cat /run/secrets/MYSECRET)"

3
test/shmsize.Dockerfile
Unescape Escape View File

@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN mount | grep /dev/shm

3
test/ulimit.Dockerfile
Unescape Escape View File

@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN ulimit -a

17
tsconfig.json
Unescape Escape View File

@ -1,22 +1,21 @@
{
"compilerOptions": {
"esModuleInterop": true,
"target": "es6",
"module": "commonjs",
"strict": true,
"lib": [
"es6",
"dom"
],
"newLine": "lf",
"outDir": "./lib",
"rootDir": "./src",
"forceConsistentCasingInFileNames": true,
"strict": true,
"noImplicitAny": false,
"resolveJsonModule": true,
"useUnknownInCatchVariables": false,
"esModuleInterop": true,
"sourceMap": true
},
"exclude": [
"./__mocks__/**/*",
"./__tests__/**/*",
"./lib/**/*",
"node_modules",
"jest.config.ts"
"**/*.test.ts"
]
}

10830
yarn.lock
View File

File diff suppressed because it is too large Load Diff
Write Preview
Loading…
Cancel
Save