A GitHub Action for invoking docker buildx build.
The GitHub Action performs:
- actions/checkout@v6
Can be skipped withskip-checkoutinput - docker/setup-qemu-action@v3
- docker/setup-buildx-action@v3
- docker/login-action@v3
Logs into a Docker registry (docker.iobeing the default) Can be skipped withlogin-to-dockerhubinput - aws-actions/configure-aws-credentials@v6
Configure credentials for ECR registry login
Skipped by default with
login-to-ecr - aws-actions/amazon-ecr-login@v2
Logs into an ECR registry (public or private based on
ecr-registry-type) Skipped by default withlogin-to-ecr - docker/build-push-action@v6
- anchore/sbom-action@v0.18.0
Skipped by default with
sign-image - actions/attest-build-provenance@v2
Skipped by default with
sign-image - actions/attest-sbom@v1
Skipped by default with
sign-image - sigstore/cosign-installer@v3
-
An example
.github/workflows/docker-build-container.yamlfile which verifies that the Docker image builds successfully:name: docker-build-container.yaml on: [push] jobs: docker-build-container: runs-on: ubuntu-latest steps: - name: Build docker image uses: Senzing/github-action-docker-buildx-build@v2 with: image-repository: senzing/test-ground image-tag: ${{ github.ref_name }} password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} username: ${{ secrets.DOCKERHUB_USERNAME }}
-
An example
.github/workflows/docker-push-container-to-dockerhub.yamlfile which builds Docker images and pushes them to DockerHub:name: docker-push-container-to-dockerhub.yaml on: push: tags: - "[0-9]+.[0-9]+.[0-9]+" jobs: docker-push-containers-to-dockerhub: runs-on: ubuntu-latest steps: - name: Build docker image and push to DockerHub uses: Senzing/github-action-docker-buildx-build@v2 with: image-repository: senzing/test-ground image-tag: ${{ github.ref_name }} password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} push: true username: ${{ secrets.DOCKERHUB_USERNAME }}
Notice the addition of the
pushinput. Used by thedocker/build-push-actionaction. -
An example
.github/workflows/docker-push-container-to-dockerhub.yamlfile which builds Docker images and pushes them to DockerHub with build-args:name: docker-push-container-to-dockerhub.yaml on: push: tags: - "[0-9]+.[0-9]+.[0-9]+" jobs: docker-push-containers-to-dockerhub: runs-on: ubuntu-latest steps: - name: Build docker image and push to DockerHub uses: Senzing/github-action-docker-buildx-build@v2 with: build-options: | SENZING_ACCEPT_EULA=I_ACCEPT_THE_SENZING_EULA ACCEPT_EULA=Y image-repository: senzing/test-ground image-tag: ${{ github.ref_name }} password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} push: true username: ${{ secrets.DOCKERHUB_USERNAME }}
Notice the addition of the
build-optionsinput. Used by thedocker/build-push-actionactionbuild-argsinput. -
An example
.github/workflows/docker-push-container-to-dockerhub.yamlfile which builds Docker images, pushes them to DockerHub, and adds signing and attestations:name: docker-push-container-to-dockerhub.yaml on: push: tags: - "[0-9]+.[0-9]+.[0-9]+" jobs: docker-push-containers-to-dockerhub: runs-on: ubuntu-latest steps: - name: Build docker image and push to DockerHub uses: Senzing/github-action-docker-buildx-build@v2 with: image-repository: senzing/test-ground image-tag: ${{ github.ref_name }} password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} push: true sign-image: true username: ${{ secrets.DOCKERHUB_USERNAME }}
See also inputs: section of action.yaml
- Optional parameter
- Default: "us-east-1"
- Only needed if using ECR login.
Command-line arguments passed directly to docker buildx build
- Optional parameter
- Default: "" (no build options)
- Note: Parameters should be provided as a List. List type is a newline-delimited string
The docker command's build context.
See Description.
- Optional parameter
- Default: "."
Path to the Dockerfile. Hint: If you have overridden the default context you likely need to set this.
- Optional parameter
- Default: "./Dockerfile"
The identifier of the Docker image.
- Required parameter
- Example:
senzing/senzingapi-runtime
The tag appended to the Docker image identifier.
Example: the 1.2.3 in senzing/senzingapi-runtime:1.2.3
- Optional parameter
- Default: "latest"
- Optional parameter
- Default: true
- Optional parameter
- Default: false
- Only needed if using ECR login.
The type of ECR registry to log into.
- Optional parameter
- Default: "public"
- Values: "public" or "private"
- Note: Public ECR (
public.ecr.aws) requiresaws-region: us-east-1. Private ECR works in any AWS region.
The access token or password for the user on the Docker registry server.
It is recommended to use an access token for login.
Refer to the respective registry provider documentation for additional login details.
The comma-separated list of platforms to build on.
To find candidates, run docker buildx ls
- Optional parameter
- Default: "linux/amd64,linux/arm64"
- Optional parameter
- Default: false
The Docker registry server.
- Optional parameter
- Default:
docker.io
- Optional parameter
- Only needed if using ECR login.
- See Configure AWS Credential action documentation for additional details
- Optional parameter
- Only needed if using ECR login.
- See Configure AWS Credential action documentation for additional details
- Optional parameter
- Only needed for signing and adding attestations. Should be limited to tag builds.
Skip the repository checkout step. Useful when you need to set up the build context yourself before calling this action, such as when build artifacts are downloaded from external sources (e.g., S3) and need to be included in the Docker build context.
- Optional parameter
- Default: false
The username on the Docker registry server.