docker
/
build-push-action
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: docker:master
Branches Tags
docker:master
docker:releases/v5
docker:releases/v4
docker:releases/v3
docker:releases/v2
docker:releases/v1
docker:v6.7.0
docker:v6
docker:v6.6.1
docker:v6.6.0
docker:v6.5.0
docker:v6.4.1
docker:v6.4.0
docker:v6.3.0
docker:v6.2.0
docker:v6.1.0
docker:v6.0.2
docker:v6.0.1
docker:v6.0.0
docker:v5.4.0
docker:v5
docker:v5.3.0
docker:v5.2.0
docker:v5.1.0
docker:v5.0.0
docker:v4.2.1
docker:v4
docker:v4.2.0
docker:v4.1.1
docker:v4.1.0
docker:v4.0.0
docker:v3.3.1
docker:v3
docker:v3.3.0
docker:v3.2.0
docker:v3.1.1
docker:v3.1.0
docker:v3.0.0
docker:v2.10.0
docker:v2
docker:v2.9.0
docker:v2.8.0
docker:v2.7.0
docker:v2.6.1
docker:v2.6.0
docker:v2.5.0
docker:v2.4.0
docker:v2.3.0
docker:v2.2.2
docker:v2.2.1
docker:v2.2.0
docker:v2.1.0
docker:v2.0.1
docker:v1.1.2
docker:v1
docker:v2.0.0
docker:v1.1.1
docker:v1.1.0
docker:v1.0.1
docker:v1.0.0
docker:v1.0
..
compare: docker:releases/v1
Branches Tags
docker:master
docker:releases/v5
docker:releases/v4
docker:releases/v3
docker:releases/v2
docker:releases/v1
docker:v6.7.0
docker:v6
docker:v6.6.1
docker:v6.6.0
docker:v6.5.0
docker:v6.4.1
docker:v6.4.0
docker:v6.3.0
docker:v6.2.0
docker:v6.1.0
docker:v6.0.2
docker:v6.0.1
docker:v6.0.0
docker:v5.4.0
docker:v5
docker:v5.3.0
docker:v5.2.0
docker:v5.1.0
docker:v5.0.0
docker:v4.2.1
docker:v4
docker:v4.2.0
docker:v4.1.1
docker:v4.1.0
docker:v4.0.0
docker:v3.3.1
docker:v3
docker:v3.3.0
docker:v3.2.0
docker:v3.1.1
docker:v3.1.0
docker:v3.0.0
docker:v2.10.0
docker:v2
docker:v2.9.0
docker:v2.8.0
docker:v2.7.0
docker:v2.6.1
docker:v2.6.0
docker:v2.5.0
docker:v2.4.0
docker:v2.3.0
docker:v2.2.2
docker:v2.2.1
docker:v2.2.0
docker:v2.1.0
docker:v2.0.1
docker:v1.1.2
docker:v1
docker:v2.0.0
docker:v1.1.1
docker:v1.1.0
docker:v1.0.1
docker:v1.0.0
docker:v1.0

4 Commits
master ... releases/v

Author SHA1 Message Date
CrazyMax 3e7a4f6646
Merge pull request #197 from crazy-max/releases/v1 
Update deprecation message for v1
 2020-10-23 13:29:08 +02:00
CrazyMax 79bd2e083d
Update deprecation message for v1 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
 2020-10-22 20:32:36 +02:00
Tõnis Tiigi ab83648e2e
Merge pull request #106 from docker/deprecation-notice 
Add deprecation notice (v2 available)
 2020-09-08 14:11:29 -07:00
CrazyMax 35323d9aa4
Add deprecation notice (v2 available) 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
 2020-09-08 23:08:57 +02:00
70 changed files with 298 additions and 16653 deletions
Show Stats Expand all files Collapse all files

12
.dockerignore
View File

@ -1,12 +0,0 @@
/coverage
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*

15
.editorconfig
View File

@ -1,15 +0,0 @@
# This file is for unifying the coding style for different editors and IDEs.
# More information at http://editorconfig.org
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
[*.md]
trim_trailing_whitespace = false

3
.eslintignore
View File

@ -1,3 +0,0 @@
/dist/**
/coverage/**
/node_modules/**

24
.eslintrc.json
View File

@ -1,24 +0,0 @@
{
"env": {
"node": true,
"es6": true,
"jest": true
},
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/eslint-recommended",
"plugin:@typescript-eslint/recommended",
"plugin:jest/recommended",
"plugin:prettier/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 2023,
"sourceType": "module"
},
"plugins": [
"@typescript-eslint",
"jest",
"prettier"
]
}

4
.gitattributes vendored
View File

@ -1,4 +0,0 @@
/.yarn/releases/** binary
/.yarn/plugins/** binary
/dist/** linguist-generated=true
/lib/** linguist-generated=true

3
.github/CODE_OF_CONDUCT.md vendored
View File

@ -1,3 +0,0 @@
# Code of conduct
- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)

31
.github/CONTRIBUTING.md vendored
View File

@ -1,31 +0,0 @@
## Contributing
Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
Contributions to this project are [released](https://docs.github.com/en/github/site-policy/github-terms-of-service#6-contributions-under-repository-license)
to the public under the [project's open source license](LICENSE).
## Submitting a pull request
1. [Fork](https://github.com/docker/build-push-action/fork) and clone the repository
2. Configure and install the dependencies: `yarn install`
3. Create a new branch: `git checkout -b my-branch-name`
4. Make your changes
5. Make sure the tests pass: `docker buildx bake test`
6. Format code and build javascript artifacts: `docker buildx bake pre-checkin`
7. Validate all code has correctly formatted and built: `docker buildx bake validate`
8. Push to your fork and [submit a pull request](https://github.com/docker/build-push-action/compare)
9. Pat your self on the back and wait for your pull request to be reviewed and merged.
Here are a few things you can do that will increase the likelihood of your pull request being accepted:
- Make sure the `README.md` and any other relevant **documentation are kept up-to-date**.
- We try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option.
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as **separate pull requests**.
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
## Resources
- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
- [Using Pull Requests](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests)
- [GitHub Help](https://docs.github.com/en)

101
.github/ISSUE_TEMPLATE/bug.yml vendored
View File

@ -1,101 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
name: Bug Report
description: Report a bug
labels:
- status/triage
body:
- type: markdown
attributes:
value: |
Thank you for taking the time to report a bug!
If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
Before submitting a bug report, check out the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md).
- type: checkboxes
attributes:
label: Contributing guidelines
description: >
Make sure you've read the contributing guidelines before proceeding.
options:
- label: I've read the [contributing guidelines](https://github.com/docker/build-push-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
required: true
- type: checkboxes
attributes:
label: "I've found a bug, and:"
description: |
Make sure that your request fulfills all of the following requirements.
If one requirement cannot be satisfied, explain in detail why.
options:
- label: The documentation does not mention anything about my problem
- label: There are no open or closed issues that are related to my problem
- type: textarea
attributes:
label: Description
description: >
Provide a brief description of the bug in 1-2 sentences.
validations:
required: true
- type: textarea
attributes:
label: Expected behaviour
description: >
Describe precisely what you'd expect to happen.
validations:
required: true
- type: textarea
attributes:
label: Actual behaviour
description: >
Describe precisely what is actually happening.
validations:
required: true
- type: input
attributes:
label: Repository URL
description: >
Enter the URL of the repository where you are experiencing the
issue. If your repository is private, provide a link to a minimal
repository that reproduces the issue.
- type: input
attributes:
label: Workflow run URL
description: >
Enter the URL of the GitHub Action workflow run, if public.
- type: textarea
attributes:
label: YAML workflow
description: |
Provide the YAML of the workflow that's causing the issue.
Make sure to remove any sensitive information.
render: yaml
validations:
required: true
- type: textarea
attributes:
label: Workflow logs
description: >
[Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
and make sure to remove any sensitive information.
- type: textarea
attributes:
label: BuildKit logs
description: >
If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
render: text
- type: textarea
attributes:
label: Additional info
description: |
Provide any additional information that could be useful.

9
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -1,9 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
blank_issues_enabled: true
contact_links:
- name: Questions and Discussions
url: https://github.com/docker/build-push-action/discussions/new
about: Use Github Discussions to ask questions and/or open discussion topics.
- name: Documentation
url: https://docs.docker.com/build/ci/github-actions/
about: Read the documentation.

15
.github/ISSUE_TEMPLATE/feature.yml vendored
View File

@ -1,15 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
name: Feature request
description: Missing functionality? Come tell us about it!
labels:
- kind/enhancement
- status/triage
body:
- type: textarea
id: description
attributes:
label: Description
description: What is the feature you want to see?
validations:
required: true

12
.github/SECURITY.md vendored
View File

@ -1,12 +0,0 @@
# Reporting security issues
The project maintainers take security seriously. If you discover a security
issue, please bring it to their attention right away!
**Please _DO NOT_ file a public issue**, instead send your report privately to
[security@docker.com](mailto:security@docker.com).
Security reports are greatly appreciated, and we will publicly thank you for it.
We also like to send gifts&mdash;if you'd like Docker swag, make sure to let
us know. We currently do not offer a paid security bounty program, but are not
ruling it out in the future.

BIN
.github/build-push-action.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 19 KiB

BIN
.github/build-push-summary.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 81 KiB

19
.github/dependabot.yml vendored
View File

@ -1,19 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
labels:
- "dependencies"
- "bot"
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
versioning-strategy: "increase"
allow:
- dependency-type: "production"
labels:
- "dependencies"
- "bot"

5
.github/e2e/distribution/env vendored
View File

@ -1,5 +0,0 @@
REGISTRY_FQDN=localhost:8080
REGISTRY_SLUG=localhost:8080/test-docker-action
DISTRIBUTION_HOST=localhost
DISTRIBUTION_PORT=8080

13
.github/e2e/distribution/install.sh vendored
View File

@ -1,13 +0,0 @@
#!/usr/bin/env bash
set -eu
: "${DISTRIBUTION_VERSION:=2}"
: "${DISTRIBUTION_HOST:=localhost}"
: "${DISTRIBUTION_PORT:=8080}"
echo "::group::Starting registry:${DISTRIBUTION_VERSION}"
(
set -x
docker run -d --name registry -p "${DISTRIBUTION_PORT}:5000" "registry:${DISTRIBUTION_VERSION}"
)
echo "::endgroup::"

8
.github/e2e/harbor/env vendored
View File

@ -1,8 +0,0 @@
REGISTRY_FQDN=localhost:8081
REGISTRY_USER=admin
REGISTRY_PASSWORD=Harbor12345
REGISTRY_SLUG=localhost:8081/test-docker-action/test-docker-action
HARBOR_HOST=localhost
HARBOR_PORT=8081
HARBOR_PROJECT=test-docker-action

79
.github/e2e/harbor/install.sh vendored
View File

@ -1,79 +0,0 @@
#!/usr/bin/env bash
set -eu
: "${HARBOR_VERSION:=v2.7.0}"
: "${HARBOR_HOST:=localhost}"
: "${HARBOR_PORT:=49154}"
: "${REGISTRY_USER:=admin}"
: "${REGISTRY_PASSWORD:=Harbor12345}"
: "${HARBOR_PROJECT:=test-docker-action}"
project_post_data() {
cat <<EOF
{
"project_name": "$HARBOR_PROJECT",
"public": true
}
EOF
}
export TERM=xterm
# download
echo "::group::Downloading Harbor $HARBOR_VERSION"
(
cd /tmp
set -x
wget -q "https://github.com/goharbor/harbor/releases/download/${HARBOR_VERSION}/harbor-offline-installer-${HARBOR_VERSION}.tgz" -O harbor-online-installer.tgz
tar xvf harbor-online-installer.tgz
)
echo "::endgroup::"
# config
echo "::group::Configuring Harbor"
(
cd /tmp/harbor
set -x
cp harbor.yml.tmpl harbor.yml
harborConfig="$(harborHost="$HARBOR_HOST" harborPort="$HARBOR_PORT" harborPwd="$REGISTRY_PASSWORD" yq --no-colors '.hostname = env(harborHost) | .http.port = env(harborPort) | .harbor_admin_password = env(harborPwd) | del(.https)' harbor.yml)"
tee harbor.yml <<<"$harborConfig" >/dev/null
yq --no-colors harbor.yml
)
echo "::endgroup::"
# install and start
echo "::group::Installing Harbor"
(
cd /tmp/harbor
set -x
./install.sh
sleep 10
netstat -aptn
)
echo "::endgroup::"
# compose config
echo "::group::Compose config"
(
cd /tmp/harbor
set -x
docker compose config
)
echo "::endgroup::"
# create project
echo "::group::Creating project"
(
set -x
curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H "Content-Type: application/json" -d "$(project_post_data)" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects"
)
echo "::endgroup::"
# list projects
echo "::group::List projects"
(
set -x
curl --fail -s -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -H "Content-Type: application/json" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects" | jq
)
echo "::endgroup::"

8
.github/e2e/nexus/docker-compose.yml vendored
View File

@ -1,8 +0,0 @@
services:
nexus:
image: sonatype/nexus3:${NEXUS_VERSION:-latest}
volumes:
- "./data:/nexus-data"
ports:
- "8081:8081"
- "8082:8082"

9
.github/e2e/nexus/env vendored
View File

@ -1,9 +0,0 @@
REGISTRY_FQDN=localhost:8082
REGISTRY_USER=admin
REGISTRY_PASSWORD=Nexus12345
REGISTRY_SLUG=localhost:8082/test-docker-action
NEXUS_HOST=localhost
NEXUS_PORT=8081
NEXUS_REGISTRY_PORT=8082
NEXUS_REPO=test-docker-action

93
.github/e2e/nexus/install.sh vendored
View File

@ -1,93 +0,0 @@
#!/usr/bin/env bash
set -eu
SCRIPT_DIR=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
: "${NEXUS_VERSION:=3.47.1}"
: "${NEXUS_HOST:=localhost}"
: "${NEXUS_PORT:=8081}"
: "${NEXUS_REGISTRY_PORT:=8082}"
: "${REGISTRY_USER:=admin}"
: "${REGISTRY_PASSWORD:=Nexus12345}"
: "${NEXUS_REPO:=test-docker-action}"
createrepo_post_data() {
cat <<EOF
{
"name": "${NEXUS_REPO}",
"online": true,
"storage": {
"blobStoreName": "default",
"strictContentTypeValidation": true,
"writePolicy": "ALLOW"
},
"docker": {
"v1Enabled": false,
"forceBasicAuth": true,
"httpPort": ${NEXUS_REGISTRY_PORT},
"httpsPort": null,
"subdomain": null
}
}
EOF
}
export NEXUS_VERSION
mkdir -p /tmp/nexus/data
chown 200:200 /tmp/nexus/data
cp "${SCRIPT_DIR}/docker-compose.yml" /tmp/nexus/docker-compose.yml
echo "::group::Pulling Nexus $NEXUS_VERSION"
(
cd /tmp/nexus
set -x
docker compose pull
)
echo "::endgroup::"
echo "::group::Compose config"
(
cd /tmp/nexus
set -x
docker compose config
)
echo "::endgroup::"
echo "::group::Running Nexus"
(
cd /tmp/nexus
set -x
docker compose up -d
)
echo "::endgroup::"
echo "::group::Running Nexus"
(
cd /tmp/nexus
set -x
docker compose up -d
)
echo "::endgroup::"
echo "::group::Waiting for Nexus to be ready"
until $(curl --output /dev/null --silent --head --fail "http://$NEXUS_HOST:$NEXUS_PORT"); do
printf '.'
sleep 5
done
echo "::endgroup::"
echo "::group::Change user's password"
(
set -x
curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$(cat /tmp/nexus/data/admin.password)" -X PUT -H 'Content-Type: text/plain' -d "$REGISTRY_PASSWORD" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/security/users/$REGISTRY_USER/change-password"
)
echo "::endgroup::"
echo "::group::Create Docker repository"
(
set -x
curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H 'Content-Type: application/json' -d "$(createrepo_post_data)" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/repositories/docker/hosted"
)
echo "::endgroup::"

130
.github/workflows/.e2e-run.yml vendored
View File

@ -1,130 +0,0 @@
# reusable workflow
name: .e2e-run
on:
workflow_call:
inputs:
id:
required: false
type: string
type:
required: true
type: string
name:
required: true
type: string
registry:
required: false
type: string
slug:
required: false
type: string
username_secret:
required: false
type: string
password_secret:
required: false
type: string
env:
HARBOR_VERSION: v2.7.0
NEXUS_VERSION: 3.47.1
DISTRIBUTION_VERSION: 2.8.1
jobs:
run:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
-
buildx_version: latest
buildkit_image: moby/buildkit:buildx-stable-1
-
buildx_version: https://github.com/docker/buildx.git#master
buildkit_image: moby/buildkit:master
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up env
if: inputs.type == 'local'
run: |
cat ./.github/e2e/${{ inputs.id }}/env >> $GITHUB_ENV
-
name: Set up BuildKit config
run: |
touch /tmp/buildkitd.toml
if [ "${{ inputs.type }}" = "local" ]; then
echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
fi
-
name: Set up Docker daemon
if: inputs.type == 'local'
run: |
if [ ! -e /etc/docker/daemon.json ]; then
echo '{}' | tee /etc/docker/daemon.json >/dev/null
fi
DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
sudo service docker restart
-
name: Install ${{ inputs.name }}
if: inputs.type == 'local'
run: |
sudo -E bash ./.github/e2e/${{ inputs.id }}/install.sh
sudo chown $(id -u):$(id -g) -R ~/.docker
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_SLUG || inputs.slug }}
tags: |
type=ref,event=branch,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
type=ref,event=tag,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
type=raw,gh-runid-${{ github.run_id }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ matrix.buildx_version }}
buildkitd-config: /tmp/buildkitd.toml
buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
driver-opts: |
image=${{ matrix.buildkit_image }}
network=host
-
name: Login to Registry
if: github.event_name != 'pull_request' && (env.REGISTRY_USER || inputs.username_secret) != ''
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
username: ${{ env.REGISTRY_USER || secrets[inputs.username_secret] }}
password: ${{ env.REGISTRY_PASSWORD || secrets[inputs.password_secret] }}
-
name: Build and push
uses: ./
with:
context: ./test
file: ./test/multi.Dockerfile
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || inputs.slug }}:master
cache-to: type=inline
-
name: Inspect image
run: |
docker pull ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
-
name: Check manifest
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'

1513
.github/workflows/ci.yml vendored
View File

File diff suppressed because it is too large Load Diff

114
.github/workflows/e2e.yml vendored
View File

@ -1,114 +0,0 @@
name: e2e
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
schedule:
- cron: '0 10 * * *'
push:
branches:
- 'master'
tags:
- 'v*'
jobs:
build:
uses: ./.github/workflows/.e2e-run.yml
strategy:
fail-fast: false
matrix:
include:
-
name: Distribution
id: distribution
type: local
-
name: Docker Hub
registry: ''
slug: ghactionstest/ghactionstest
username_secret: DOCKERHUB_USERNAME
password_secret: DOCKERHUB_TOKEN
type: remote
-
name: GitHub
registry: ghcr.io
slug: ghcr.io/docker-ghactiontest/test
username_secret: GHCR_USERNAME
password_secret: GHCR_PAT
type: remote
-
name: GitLab
registry: registry.gitlab.com
slug: registry.gitlab.com/test1716/test
username_secret: GITLAB_USERNAME
password_secret: GITLAB_TOKEN
type: remote
-
name: AWS ECR
registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com
slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action
username_secret: AWS_ACCESS_KEY_ID
password_secret: AWS_SECRET_ACCESS_KEY
type: remote
-
name: AWS ECR Public
registry: public.ecr.aws
slug: public.ecr.aws/q3b5f1u4/test-docker-action
username_secret: AWS_ACCESS_KEY_ID
password_secret: AWS_SECRET_ACCESS_KEY
type: remote
-
name: Google Artifact Registry
registry: us-east4-docker.pkg.dev
slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action
username_secret: GAR_USERNAME
password_secret: GAR_JSON_KEY
type: remote
-
name: Google Container Registry
registry: gcr.io
slug: gcr.io/sandbox-298914/test-docker-action
username_secret: GCR_USERNAME
password_secret: GCR_JSON_KEY
type: remote
-
name: Azure Container Registry
registry: officialgithubactions.azurecr.io
slug: officialgithubactions.azurecr.io/test-docker-action
username_secret: AZURE_CLIENT_ID
password_secret: AZURE_CLIENT_SECRET
type: remote
-
name: Quay
registry: quay.io
slug: quay.io/docker_build_team/ghactiontest
username_secret: QUAY_USERNAME
password_secret: QUAY_TOKEN
type: remote
-
name: Artifactory
registry: infradock.jfrog.io
slug: infradock.jfrog.io/test-ghaction/build-push-action
username_secret: ARTIFACTORY_USERNAME
password_secret: ARTIFACTORY_TOKEN
type: remote
-
name: Harbor
id: harbor
type: local
-
name: Nexus
id: nexus
type: local
with:
id: ${{ matrix.id }}
type: ${{ matrix.type }}
name: ${{ matrix.name }}
registry: ${{ matrix.registry }}
slug: ${{ matrix.slug }}
username_secret: ${{ matrix.username_secret }}
password_secret: ${{ matrix.password_secret }}
secrets: inherit

37
.github/workflows/main.yml vendored Normal file
View File

@ -0,0 +1,37 @@
name: CI
on:
push:
branches:
- master
tags:
- '*'
pull_request:
jobs:
build:
name: build
runs-on: ubuntu-latest
timeout-minutes: 3
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run local registry
run: docker run -d -p 5000:5000 registry:2
- name: Build and push image
uses: ./
env:
DOCKER_BUILDKIT: 1
with:
registry: localhost:5000
repository: temp/workflow
tags: foo
- name: Remove local image
run: docker image rm localhost:5000/temp/workflow:foo
- name: Run image from registry
run: docker run localhost:5000/temp/workflow:foo

31
.github/workflows/test.yml vendored
View File

@ -1,31 +0,0 @@
name: test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- 'master'
- 'releases/v*'
pull_request:
jobs:
test:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Test
uses: docker/bake-action@v5
with:
targets: test
-
name: Upload coverage
uses: codecov/codecov-action@v4
with:
file: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }}

45
.github/workflows/validate.yml vendored
View File

@ -1,45 +0,0 @@
name: validate
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- 'master'
- 'releases/v*'
pull_request:
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.targets.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Targets matrix
id: targets
run: |
echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
validate:
runs-on: ubuntu-latest
needs:
- prepare
strategy:
fail-fast: false
matrix:
target: ${{ fromJson(needs.prepare.outputs.targets) }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Validate
uses: docker/bake-action@v5
with:
targets: ${{ matrix.target }}

53
.gitignore vendored
View File

@ -1,53 +0,0 @@
# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Coverage directory used by tools like istanbul
coverage
*.lcov
# Dependency directories
node_modules/
jspm_packages/
# TypeScript cache
*.tsbuildinfo
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Yarn Integrity file
.yarn-integrity
# dotenv environment variable files
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*

6
.prettierignore
View File

@ -1,6 +0,0 @@
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/

11
.prettierrc.json
View File

@ -1,11 +0,0 @@
{
"printWidth": 240,
"tabWidth": 2,
"useTabs": false,
"semi": true,
"singleQuote": true,
"trailingComma": "none",
"bracketSpacing": false,
"arrowParens": "avoid",
"parser": "typescript"
}

541
.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs vendored
View File

File diff suppressed because one or more lines are too long

13
.yarnrc.yml
View File

@ -1,13 +0,0 @@
logFilters:
- code: YN0013
level: discard
- code: YN0019
level: discard
- code: YN0076
level: discard
nodeLinker: node-modules
plugins:
- path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
spec: "@yarnpkg/plugin-interactive-tools"

3
Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM alpine:3
ENTRYPOINT ["echo", "docker github actions"]

440
README.md
View File

@ -1,273 +1,243 @@
[![GitHub release](https://img.shields.io/github/release/docker/build-push-action.svg?style=flat-square)](https://github.com/docker/build-push-action/releases/latest)
[![GitHub marketplace](https://img.shields.io/badge/marketplace-build--and--push--docker--images-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/build-and-push-docker-images)
[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=ci)
[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
[![Codecov](https://img.shields.io/codecov/c/github/docker/build-push-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/build-push-action)
# build-push-action
## About
Builds and pushes Docker images and will log in to a Docker registry if required.
GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx)
with full support of the features provided by [Moby BuildKit](https://github.com/moby/buildkit)
builder toolkit. This includes multi-platform build, secrets, remote cache, etc.
and different builder deployment/namespacing options.
Suggestions and issues can be posted on the repositories [issues page](https://github.com/docker/build-push-action/issues).
![Screenshot](.github/build-push-action.png)
[Inputs](#Inputs)
* [repository](#repository)
* [username](#username)
* [password](#password)
* [registry](#registry)
* [tags](#tags)
* [tag_with_ref](#tag_with_ref)
* [tag_with_sha](#tag_with_sha)
* [path](#path)
* [dockerfile](#dockerfile)
* [target](#target)
* [always_pull](#always_pull)
* [build_args](#build_args)
* [cache_froms](#cache_froms)
* [labels](#labels)
* [add_git_labels](#add_git_labels)
* [push](#push)
___
[Example usage](#Example-usage)
* [Usage](#usage)
* [Git context](#git-context)
* [Path context](#path-context)
* [Examples](#examples)
* [Summaries](#summaries)
* [Customizing](#customizing)
* [inputs](#inputs)
* [outputs](#outputs)
* [environment variables](#environment-variables)
* [Troubleshooting](#troubleshooting)
* [Contributing](#contributing)
## Inputs
## Usage
### `repository`
In the examples below we are also using 3 other actions:
**Required** Docker repository to tag the image with.
* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will
create and boot a builder using by default the [`docker-container` driver](https://docs.docker.com/build/building/drivers/docker-container/).
This is **not required but recommended** using it to be able to build
multi-platform images, export cache, etc.
* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be
useful if you want to add emulation support with QEMU to be able to build
against more platforms.
* [`login`](https://github.com/docker/login-action) action will take care to
log in against a Docker registry.
### `username`
### Git context
Username used to log in to a Docker registry. If not set then no login will occur.
By default, this action uses the [Git context](https://docs.docker.com/engine/reference/commandline/build/#git-repositories),
so you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
action to check out the repository as this will be done directly by [BuildKit](https://github.com/moby/buildkit).
### `password`
The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
Password or personal access token used to log in to a Docker registry. If not set then no login will occur.
### `registry`
Server address of Docker registry. If not set then will default to Docker Hub.
### `tags`
Comma-delimited list of tags. These will be added to the registry/repository to form the image's tags.
Example:
```yaml
name: ci
on:
push:
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v6
with:
push: true
tags: user/app:latest
tags: tag1,tag2
```
Be careful because **any file mutation in the steps that precede the build step
will be ignored, including processing of the `.dockerignore` file** since
the context is based on the Git reference. However, you can use the
[Path context](#path-context) using the [`context` input](#inputs) alongside
the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
this restriction.
### `tag_with_ref`
Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
to the default Git context:
Boolean value. Defaults to `false`.
Automatically tags the built image with the git reference. The format of the tag depends on the type of git reference with all forward slashes replaced with `-`.
For pushes to a branch the reference will be `refs/heads/{branch-name}` and the tag will be `{branch-name}`. If `{branch-name}` is master then the tag will be `latest`.
For pull requests the reference will be `refs/pull/{pull-request}` and the tag will be `pr-{pull-request}`.
For git tags the reference will be `refs/tags/{git-tag}` and the tag will be `{git-tag}`.
Examples:
|Git Reference|Image tag|
|---|---|
|`refs/heads/master`|`latest`|
|`refs/heads/mybranch`|`mybranch`|
|`refs/heads/my/branch`|`my-branch`|
|`refs/pull/2/merge`|`pr-2-merge`|
|`refs/tags/v1.0.0`|`v1.0.0`|
### `tag_with_sha`
Boolean value. Defaults to `false`.
Automatically tags the built image with the git short SHA prefixed with `sha-`.
Example:
|Git SHA|Image tag|
|---|---|
|`676cae2f85471aeff6776463c72881ebd902dcf9`|`sha-676cae2`|
### `path`
Path to the build context. Defaults to `.`
### `dockerfile`
Path to the Dockerfile. Defaults to `{path}/Dockerfile`
Note when set this path is **not** relative to the `path` input but is instead relative to the current working directory.
### `target`
Sets the target stage to build.
### `always_pull`
Boolean value. Defaults to `false`.
Always attempt to pull a newer version of the image.
### `build_args`
Comma-delimited list of build-time variables.
Example:
```yaml
-
name: Build and push
uses: docker/build-push-action@v6
with:
context: "{{defaultContext}}:mysubdir"
push: true
tags: user/app:latest
build_args: arg1=value1,arg2=value2
```
Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
so it does not need to be passed. If you want to authenticate against another
private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets)
named `GIT_AUTH_TOKEN` to be able to authenticate against it with Buildx:
### `cache_froms`
Comma-delimited list of images to consider as cache sources.
Example:
```yaml
cache_froms: myorg/baseimage:latest
```
### `labels`
Comma-delimited list of labels to add to the built image.
Example:
```yaml
-
name: Build and push
uses: docker/build-push-action@v6
with:
push: true
tags: user/app:latest
secrets: |
GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}
labels: label_name_1=label_value_1,label_name_2=label_value_2
```
### Path context
### `add_git_labels`
Boolean value. Defaults to `false`.
Adds labels with git repository information to the built image based on the standards set out in https://github.com/opencontainers/image-spec/blob/master/annotations.md.
The labels are:
|Label key|Example value|Description|
|---|---|---|
|`org.opencontainers.image.created`|`2020-03-06T23:00:00Z`|Date and time on which the image was built (string, date-time as defined by RFC 3339).|
|`org.opencontainers.image.source`|`https://github.com/myorg/myrepository`|URL to the GitHub repository.|
|`org.opencontainers.image.revision`|`676cae2f85471aeff6776463c72881ebd902dcf9`|The full git SHA of this commit.|
### `push`
Boolean value. Defaults to `true`.
Whether to push the built image.
## Example usage
The following will build the root Dockerfile, tag the image as `myorg/myrepository:latest`, log in to Docker Hub using GitHub secrets, and push the image to the Docker Hub repository `myorg/myrepository`:
```yaml
name: ci
steps:
- name: Checkout code
uses: actions/checkout@v2
on:
push:
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: user/app:latest
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
tags: latest
```
## Examples
The following will build the root Dockerfile, tag the image with the git reference and SHA as described above, log in to Docker Hub using GitHub secrets, and push the image to the Docker Hub repository `myorg/myrepository`:
* [Multi-platform image](https://docs.docker.com/build/ci/github-actions/multi-platform/)
* [Secrets](https://docs.docker.com/build/ci/github-actions/secrets/)
* [Push to multi-registries](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)
* [Manage tags and labels](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)
* [Cache management](https://docs.docker.com/build/ci/github-actions/cache/)
* [Export to Docker](https://docs.docker.com/build/ci/github-actions/export-docker/)
* [Test before push](https://docs.docker.com/build/ci/github-actions/test-before-push/)
* [Local registry](https://docs.docker.com/build/ci/github-actions/local-registry/)
* [Share built image between jobs](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)
* [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
* [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
* [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
* [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/)
* [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/)
* [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/)
```yaml
steps:
- name: Checkout code
uses: actions/checkout@v2
## Summaries
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
tag_with_ref: true
tag_with_sha: true
```
This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)
that provides a detailed overview of the build execution. The summary shows an
overview of all the steps executed during the build, including the build inputs
and eventual errors.
The following will only push the image when the event that kicked off the workflow was a push of a git tag:
![build-push-action job summary](./.github/build-push-summary.png)
```yaml
steps:
- name: Checkout code
uses: actions/checkout@v2
The summary also includes a link for downloading the build record with
additional details about the build, including build stats, logs, outputs, and
more. The build record can be imported to Docker Desktop for inspecting the
build in greater detail.
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
tag_with_ref: true
push: ${{ startsWith(github.ref, 'refs/tags/') }}
```
Summaries are enabled by default, but can be disabled with the
`DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
The following builds the `mytarget` stage and pushes that:
```yaml
steps:
- name: Checkout code
uses: actions/checkout@v2
For more information about summaries, refer to the
[documentation](https://docs.docker.com/go/build-summary/).
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
tag_with_ref: true
target: mytarget
```
## Customizing
The following will build the root Dockerfile, tag the image as `myorg/myrepository:latest`, log in to Google Container Registry using GitHub secrets (where `DOCKER_PASSWORD` is a [JSON key](https://cloud.google.com/container-registry/docs/advanced-authentication#json-key)), and push the image to the GCR repository `myorg/myrepository`:
```yaml
steps:
- name: Checkout code
uses: actions/checkout@v2
### inputs
The following inputs can be used as `step.with` keys:
> `List` type is a newline-delimited string
> ```yaml
> cache-from: |
> user/app:cache
> type=local,src=path/to/dir
> ```
> `CSV` type is a comma-delimited string
> ```yaml
> tags: name/app:latest,name/app:1.0.0
> ```
| Name | Type | Description |
|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) |
| `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) |
| `annotations` | List | List of annotation to set to the image |
| `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) |
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `build-args` | List | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg) |
| `build-contexts` | List | List of additional [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., `name=path`) |
| `cache-from` | List | List of [external cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from) (e.g., `type=local,src=path/to/dir`) |
| `cache-to` | List | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`) |
| `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build |
| `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
| `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) |
| `labels` | List | List of metadata for an image |
| `load` | Bool | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`) |
| `network` | String | Set the networking mode for the `RUN` instructions during build |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `no-cache-filters` | List/CSV | Do not cache specified stages |
| `outputs` | List | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`) |
| `platforms` | List/CSV | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build |
| `provenance` | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`) |
| `pull` | Bool | Always attempt to pull all referenced images (default `false`) |
| `push` | Bool | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`) |
| `sbom` | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`) |
| `secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
| `secret-envs` | List/CSV | List of [secret env vars](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=envname`, `MY_SECRET=MY_ENV_VAR`) |
| `secret-files` | List | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
| `shm-size` | String | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`) |
| `ssh` | List | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build |
| `tags` | List/CSV | List of tags |
| `target` | String | Sets the target stage to build |
| `ulimit` | List | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`) |
| `github-token` | String | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) |
### outputs
The following outputs are available:
| Name | Type | Description |
|------------|---------|-----------------------|
| `imageid` | String | Image ID |
| `digest` | String | Image digest |
| `metadata` | JSON | Build result metadata |
### environment variables
| Name | Type | Default | Description |
|--------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `DOCKER_BUILD_CHECKS_ANNOTATIONS` | Bool | `true` | If `false`, GitHub annotations are not generated for [build checks](https://docs.docker.com/build/checks/) |
| `DOCKER_BUILD_SUMMARY` | Bool | `true` | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled |
| `DOCKER_BUILD_RECORD_UPLOAD` | Bool | `true` | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled |
| `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number | | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
## Troubleshooting
See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)
## Contributing
Want to contribute? Awesome! You can find information about contributing to
this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: _json_key
password: ${{ secrets.DOCKER_PASSWORD }}
registry: gcr.io
repository: myorg/myrepository
tags: latest
```

164
TROUBLESHOOTING.md
View File

@ -1,164 +0,0 @@
# Troubleshooting
* [Cannot push to a registry](#cannot-push-to-a-registry)
* [BuildKit container logs](#buildkit-container-logs)
* [With containerd](#with-containerd)
* [`repository name must be lowercase`](#repository-name-must-be-lowercase)
* [Image not loaded](#image-not-loaded)
## Cannot push to a registry
While pushing to a registry, you may encounter these kinds of issues:
* `failed commit on ref "layer-sha256:...": invalid content digest in response: invalid checksum digest format`
* `failed commit on ref "layer-sha256:...": no response`
* `failed commit on ref "manifest-sha256:...": unexpected status: 400 Bad Request`
* `failed commit on ref "manifest-sha256:...": unexpected status: 401 Unauthorized`
* `unexpected response: 401 Unauthorized`
These issues are not directly related to this action but are rather linked to
[Buildx](https://github.com/docker/buildx), [BuildKit](https://github.com/moby/buildkit),
[containerd](https://github.com/containerd/containerd) or the registry on which
you're pushing your image. The quality of error message depends on the registry
and are usually not very informative.
### BuildKit container logs
To help you solve this, you have to [enable debugging in the setup-buildx](https://github.com/docker/setup-buildx-action#buildkit-container-logs)
action step and attach BuildKit container logs to your issue.
### With containerd
Next you can test pushing with [containerd action](https://github.com/crazy-max/ghaction-setup-containerd)
using the following workflow. If it works then open an issue on [BuildKit](https://github.com/moby/buildkit)
repository.
```yaml
name: containerd
on:
push:
jobs:
containerd:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: --debug
-
name: Set up containerd
uses: crazy-max/ghaction-setup-containerd@v2
-
name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
tags: docker.io/user/app:latest
outputs: type=oci,dest=/tmp/image.tar
-
name: Import image in containerd
run: |
sudo ctr i import --base-name docker.io/user/app --digests --all-platforms /tmp/image.tar
-
name: Push image with containerd
run: |
sudo ctr --debug i push --user "${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}" docker.io/user/app:latest
```
## `repository name must be lowercase`
You may encounter this issue if you're using `github.repository` as a repo slug
in your tag:
```
#6 exporting to image
#6 exporting layers
#6 exporting layers 1.2s done
#6 exporting manifest sha256:b47f7dfb97b89ccd5de553af3c8cd94c4795884cbe5693e93946b1d95a7b1d12 0.0s done
#6 exporting config sha256:995e93fab8196893192f08a38deea6769dc4d98f86cf705eccc24ec96a3e271c 0.0s done
#6 ERROR: invalid reference format: repository name must be lowercase
------
> exporting to image:
------
error: failed to solve: invalid reference format: repository name must be lowercase
```
or a cache reference:
```
#10 importing cache manifest from ghcr.io/My-Org/repo:main
#10 ERROR: invalid reference format: repository name must be lowercase
```
To fix this issue you can use our [metadata action](https://github.com/docker/metadata-action)
to generate sanitized tags:
```yaml
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ github.repository }}
tags: latest
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
```
Or a dedicated step to sanitize the slug:
```yaml
- name: Sanitize repo slug
uses: actions/github-script@v6
id: repo_slug
with:
result-encoding: string
script: return 'ghcr.io/${{ github.repository }}'.toLowerCase()
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.repo_slug.outputs.result }}:latest
```
## Image not loaded
Sometimes when your workflows are heavy consumers of disk storage, it can happen that build-push-action declares that the built image is loaded, but then not found in the following workflow steps.
- You can use the following solution as workaround, to free space on disk before building docker image using the following workflow step
```yaml
# Free disk space
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android
sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
```
- Another workaround can be to call `docker/setup-buildx-action` with docker driver
```yaml
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: docker
```
More details in the [related issue](https://github.com/docker/build-push-action/issues/321)

207
__mocks__/@actions/github.ts
View File

@ -1,207 +0,0 @@
import {jest} from '@jest/globals';
export const context = {
repo: {
owner: 'docker',
repo: 'build-push-action'
},
ref: 'refs/heads/master',
runId: 123456789,
payload: {
after: '860c1904a1ce19322e91ac35af1ab07466440c37',
base_ref: null,
before: '5f3331d7f7044c18ca9f12c77d961c4d7cf3276a',
commits: [
{
author: {
email: 'crazy-max@users.noreply.github.com',
name: 'CrazyMax',
username: 'crazy-max'
},
committer: {
email: 'crazy-max@users.noreply.github.com',
name: 'CrazyMax',
username: 'crazy-max'
},
distinct: true,
id: '860c1904a1ce19322e91ac35af1ab07466440c37',
message: 'hello dev',
timestamp: '2022-04-19T11:27:24+02:00',
tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
}
],
compare: 'https://github.com/docker/test-docker-action/compare/5f3331d7f704...860c1904a1ce',
created: false,
deleted: false,
forced: false,
head_commit: {
author: {
email: 'crazy-max@users.noreply.github.com',
name: 'CrazyMax',
username: 'crazy-max'
},
committer: {
email: 'crazy-max@users.noreply.github.com',
name: 'CrazyMax',
username: 'crazy-max'
},
distinct: true,
id: '860c1904a1ce19322e91ac35af1ab07466440c37',
message: 'hello dev',
timestamp: '2022-04-19T11:27:24+02:00',
tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
},
organization: {
avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
description: 'Docker helps developers bring their ideas to life by conquering the complexity of app development.',
events_url: 'https://api.github.com/orgs/docker/events',
hooks_url: 'https://api.github.com/orgs/docker/hooks',
id: 5429470,
issues_url: 'https://api.github.com/orgs/docker/issues',
login: 'docker',
members_url: 'https://api.github.com/orgs/docker/members{/member}',
node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
public_members_url: 'https://api.github.com/orgs/docker/public_members{/member}',
repos_url: 'https://api.github.com/orgs/docker/repos',
url: 'https://api.github.com/orgs/docker'
},
pusher: {
email: 'github@crazymax.dev',
name: 'crazy-max'
},
ref: 'refs/heads/dev',
repository: {
allow_forking: true,
archive_url: 'https://api.github.com/repos/docker/test-docker-action/{archive_format}{/ref}',
archived: false,
assignees_url: 'https://api.github.com/repos/docker/test-docker-action/assignees{/user}',
blobs_url: 'https://api.github.com/repos/docker/test-docker-action/git/blobs{/sha}',
branches_url: 'https://api.github.com/repos/docker/test-docker-action/branches{/branch}',
clone_url: 'https://github.com/docker/test-docker-action.git',
collaborators_url: 'https://api.github.com/repos/docker/test-docker-action/collaborators{/collaborator}',
comments_url: 'https://api.github.com/repos/docker/test-docker-action/comments{/number}',
commits_url: 'https://api.github.com/repos/docker/test-docker-action/commits{/sha}',
compare_url: 'https://api.github.com/repos/docker/test-docker-action/compare/{base}...{head}',
contents_url: 'https://api.github.com/repos/docker/test-docker-action/contents/{+path}',
contributors_url: 'https://api.github.com/repos/docker/test-docker-action/contributors',
created_at: 1596792180,
default_branch: 'master',
deployments_url: 'https://api.github.com/repos/docker/test-docker-action/deployments',
description: 'Test "Docker" Actions',
disabled: false,
downloads_url: 'https://api.github.com/repos/docker/test-docker-action/downloads',
events_url: 'https://api.github.com/repos/docker/test-docker-action/events',
fork: false,
forks: 1,
forks_count: 1,
forks_url: 'https://api.github.com/repos/docker/test-docker-action/forks',
full_name: 'docker/test-docker-action',
git_commits_url: 'https://api.github.com/repos/docker/test-docker-action/git/commits{/sha}',
git_refs_url: 'https://api.github.com/repos/docker/test-docker-action/git/refs{/sha}',
git_tags_url: 'https://api.github.com/repos/docker/test-docker-action/git/tags{/sha}',
git_url: 'git://github.com/docker/test-docker-action.git',
has_downloads: true,
has_issues: true,
has_pages: false,
has_projects: true,
has_wiki: true,
homepage: '',
hooks_url: 'https://api.github.com/repos/docker/test-docker-action/hooks',
html_url: 'https://github.com/docker/test-docker-action',
id: 285789493,
is_template: false,
issue_comment_url: 'https://api.github.com/repos/docker/test-docker-action/issues/comments{/number}',
issue_events_url: 'https://api.github.com/repos/docker/test-docker-action/issues/events{/number}',
issues_url: 'https://api.github.com/repos/docker/test-docker-action/issues{/number}',
keys_url: 'https://api.github.com/repos/docker/test-docker-action/keys{/key_id}',
labels_url: 'https://api.github.com/repos/docker/test-docker-action/labels{/name}',
language: 'JavaScript',
languages_url: 'https://api.github.com/repos/docker/test-docker-action/languages',
license: {
key: 'mit',
name: 'MIT License',
node_id: 'MDc6TGljZW5zZTEz',
spdx_id: 'MIT',
url: 'https://api.github.com/licenses/mit'
},
master_branch: 'master',
merges_url: 'https://api.github.com/repos/docker/test-docker-action/merges',
milestones_url: 'https://api.github.com/repos/docker/test-docker-action/milestones{/number}',
mirror_url: null,
name: 'test-docker-action',
node_id: 'MDEwOlJlcG9zaXRvcnkyODU3ODk0OTM=',
notifications_url: 'https://api.github.com/repos/docker/test-docker-action/notifications{?since,all,participating}',
open_issues: 6,
open_issues_count: 6,
organization: 'docker',
owner: {
avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
email: 'info@docker.com',
events_url: 'https://api.github.com/users/docker/events{/privacy}',
followers_url: 'https://api.github.com/users/docker/followers',
following_url: 'https://api.github.com/users/docker/following{/other_user}',
gists_url: 'https://api.github.com/users/docker/gists{/gist_id}',
gravatar_id: '',
html_url: 'https://github.com/docker',
id: 5429470,
login: 'docker',
name: 'docker',
node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
organizations_url: 'https://api.github.com/users/docker/orgs',
received_events_url: 'https://api.github.com/users/docker/received_events',
repos_url: 'https://api.github.com/users/docker/repos',
site_admin: false,
starred_url: 'https://api.github.com/users/docker/starred{/owner}{/repo}',
subscriptions_url: 'https://api.github.com/users/docker/subscriptions',
type: 'Organization',
url: 'https://api.github.com/users/docker'
},
private: true,
pulls_url: 'https://api.github.com/repos/docker/test-docker-action/pulls{/number}',
pushed_at: 1650360446,
releases_url: 'https://api.github.com/repos/docker/test-docker-action/releases{/id}',
size: 796,
ssh_url: 'git@github.com:docker/test-docker-action.git',
stargazers: 0,
stargazers_count: 0,
stargazers_url: 'https://api.github.com/repos/docker/test-docker-action/stargazers',
statuses_url: 'https://api.github.com/repos/docker/test-docker-action/statuses/{sha}',
subscribers_url: 'https://api.github.com/repos/docker/test-docker-action/subscribers',
subscription_url: 'https://api.github.com/repos/docker/test-docker-action/subscription',
svn_url: 'https://github.com/docker/test-docker-action',
tags_url: 'https://api.github.com/repos/docker/test-docker-action/tags',
teams_url: 'https://api.github.com/repos/docker/test-docker-action/teams',
topics: [],
trees_url: 'https://api.github.com/repos/docker/test-docker-action/git/trees{/sha}',
updated_at: '2022-04-19T09:05:09Z',
url: 'https://github.com/docker/test-docker-action',
visibility: 'private',
watchers: 0,
watchers_count: 0
},
sender: {
avatar_url: 'https://avatars.githubusercontent.com/u/1951866?v=4',
events_url: 'https://api.github.com/users/crazy-max/events{/privacy}',
followers_url: 'https://api.github.com/users/crazy-max/followers',
following_url: 'https://api.github.com/users/crazy-max/following{/other_user}',
gists_url: 'https://api.github.com/users/crazy-max/gists{/gist_id}',
gravatar_id: '',
html_url: 'https://github.com/crazy-max',
id: 1951866,
login: 'crazy-max',
node_id: 'MDQ6VXNlcjE5NTE4NjY=',
organizations_url: 'https://api.github.com/users/crazy-max/orgs',
received_events_url: 'https://api.github.com/users/crazy-max/received_events',
repos_url: 'https://api.github.com/users/crazy-max/repos',
site_admin: false,
starred_url: 'https://api.github.com/users/crazy-max/starred{/owner}{/repo}',
subscriptions_url: 'https://api.github.com/users/crazy-max/subscriptions',
type: 'User',
url: 'https://api.github.com/users/crazy-max'
}
}
};
export const getOctokit = jest.fn();

826
__tests__/context.test.ts
View File

@ -1,826 +0,0 @@
import {beforeEach, describe, expect, jest, test} from '@jest/globals';
import * as fs from 'fs';
import * as path from 'path';
import {Builder} from '@docker/actions-toolkit/lib/buildx/builder';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
import {Context} from '@docker/actions-toolkit/lib/context';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github';
import * as context from '../src/context';
const tmpDir = path.join('/tmp', '.docker-build-push-jest');
const tmpName = path.join(tmpDir, '.tmpname-jest');
import repoFixture from './fixtures/github-repo.json';
jest.spyOn(GitHub.prototype, 'repoData').mockImplementation((): Promise<GitHubRepo> => {
return <Promise<GitHubRepo>>(repoFixture as unknown);
});
jest.spyOn(Context, 'tmpDir').mockImplementation((): string => {
if (!fs.existsSync(tmpDir)) {
fs.mkdirSync(tmpDir, {recursive: true});
}
return tmpDir;
});
jest.spyOn(Context, 'tmpName').mockImplementation((): string => {
return tmpName;
});
jest.spyOn(Docker, 'isAvailable').mockImplementation(async (): Promise<boolean> => {
return true;
});
const metadataJson = path.join(tmpDir, 'metadata.json');
jest.spyOn(Build.prototype, 'getMetadataFilePath').mockImplementation((): string => {
return metadataJson;
});
const imageIDFilePath = path.join(tmpDir, 'iidfile.txt');
jest.spyOn(Build.prototype, 'getImageIDFilePath').mockImplementation((): string => {
return imageIDFilePath;
});
jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<BuilderInfo> => {
return {
name: 'builder2',
driver: 'docker-container',
lastActivity: new Date('2023-01-16 09:45:23 +0000 UTC'),
nodes: [
{
buildkit: 'v0.11.0',
'buildkitd-flags': '--debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host',
'driver-opts': ['BUILDKIT_STEP_LOG_MAX_SIZE=10485760', 'BUILDKIT_STEP_LOG_MAX_SPEED=10485760', 'JAEGER_TRACE=localhost:6831', 'image=moby/buildkit:latest', 'network=host'],
endpoint: 'unix:///var/run/docker.sock',
name: 'builder20',
platforms: 'linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6',
status: 'running'
}
]
};
});
describe('getArgs', () => {
beforeEach(() => {
process.env = Object.keys(process.env).reduce((object, key) => {
if (!key.startsWith('INPUT_')) {
object[key] = process.env[key];
}
return object;
}, {});
});
// prettier-ignore
test.each([
[
0,
'0.4.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'.'
]
],
[
1,
'0.4.2',
new Map<string, string>([
['build-args', `MY_ARG=val1,val2,val3
ARG=val
"MULTILINE=aaaa
bbbb
ccc"`],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--build-arg', 'MY_ARG=val1,val2,val3',
'--build-arg', 'ARG=val',
'--build-arg', `MULTILINE=aaaa\nbbbb\nccc`,
'--iidfile', imageIDFilePath,
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
2,
'0.4.2',
new Map<string, string>([
['tags', 'name/app:7.4, name/app:latest'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--tag', 'name/app:7.4',
'--tag', 'name/app:latest',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
3,
'0.4.2',
new Map<string, string>([
['context', '.'],
['labels', 'org.opencontainers.image.title=buildkit\norg.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--label', 'org.opencontainers.image.title=buildkit',
'--label', 'org.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit',
'--output', 'type=local,dest=./release-out',
'.'
]
],
[
4,
'0.4.1',
new Map<string, string>([
['context', '.'],
['platforms', 'linux/amd64,linux/arm64'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--platform', 'linux/amd64,linux/arm64',
'.'
]
],
[
5,
'0.4.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'.'
]
],
[
6,
'0.4.2',
new Map<string, string>([
['context', '.'],
['secrets', 'GIT_AUTH_TOKEN=abcdefghijklmno=0123456789'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'.'
]
],
[
7,
'0.4.2',
new Map<string, string>([
['github-token', 'abcdefghijklmno0123456789'],
['outputs', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--output', '.',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
8,
'0.4.2',
new Map<string, string>([
['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
['tag', 'localhost:5000/name/app:latest'],
['platforms', 'linux/amd64,linux/arm64'],
['secrets', 'GIT_AUTH_TOKEN=abcdefghijklmno=0123456789'],
['file', './test/Dockerfile'],
['builder', 'builder-git-context-2'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--platform', 'linux/amd64,linux/arm64',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--builder', 'builder-git-context-2',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
9,
'0.4.2',
new Map<string, string>([
['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
['tag', 'localhost:5000/name/app:latest'],
['platforms', 'linux/amd64,linux/arm64'],
['secrets', `GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
"MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc"
FOO=bar
"EMPTYLINE=aaaa
bbbb
ccc"`],
['file', './test/Dockerfile'],
['builder', 'builder-git-context-2'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--platform', 'linux/amd64,linux/arm64',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--secret', `id=MYSECRET,src=${tmpName}`,
'--secret', `id=FOO,src=${tmpName}`,
'--secret', `id=EMPTYLINE,src=${tmpName}`,
'--builder', 'builder-git-context-2',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
10,
'0.4.2',
new Map<string, string>([
['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
['tag', 'localhost:5000/name/app:latest'],
['platforms', 'linux/amd64,linux/arm64'],
['secrets', `GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc
FOO=bar
EMPTYLINE=aaaa
bbbb
ccc`],
['file', './test/Dockerfile'],
['builder', 'builder-git-context-2'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--platform', 'linux/amd64,linux/arm64',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--secret', `id=MYSECRET,src=${tmpName}`,
'--secret', `id=FOO,src=${tmpName}`,
'--secret', `id=EMPTYLINE,src=${tmpName}`,
'--builder', 'builder-git-context-2',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
11,
'0.5.1',
new Map<string, string>([
['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
['tag', 'localhost:5000/name/app:latest'],
['secret-files', `MY_SECRET=${path.join(__dirname, 'fixtures', 'secret.txt')}`],
['file', './test/Dockerfile'],
['builder', 'builder-git-context-2'],
['network', 'host'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--secret', `id=MY_SECRET,src=${tmpName}`,
'--builder', 'builder-git-context-2',
'--network', 'host',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
12,
'0.4.2',
new Map<string, string>([
['context', '.'],
['labels', 'org.opencontainers.image.title=filter_results_top_n\norg.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--label', 'org.opencontainers.image.title=filter_results_top_n',
'--label', 'org.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"',
'--output', 'type=local,dest=./release-out',
'.'
]
],
[
13,
'0.6.0',
new Map<string, string>([
['context', '.'],
['tag', 'localhost:5000/name/app:latest'],
['file', './test/Dockerfile'],
['add-hosts', 'docker:10.180.0.1,foo:10.0.0.1'],
['network', 'host'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--add-host', 'docker:10.180.0.1',
'--add-host', 'foo:10.0.0.1',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--metadata-file', metadataJson,
'--network', 'host',
'--push',
'.'
]
],
[
14,
'0.7.0',
new Map<string, string>([
['context', '.'],
['file', './test/Dockerfile'],
['add-hosts', 'docker:10.180.0.1\nfoo:10.0.0.1'],
['cgroup-parent', 'foo'],
['shm-size', '2g'],
['ulimit', `nofile=1024:1024
nproc=3`],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--add-host', 'docker:10.180.0.1',
'--add-host', 'foo:10.0.0.1',
'--cgroup-parent', 'foo',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--shm-size', '2g',
'--ulimit', 'nofile=1024:1024',
'--ulimit', 'nproc=3',
'--metadata-file', metadataJson,
'.'
]
],
[
15,
'0.7.0',
new Map<string, string>([
['context', '{{defaultContext}}:docker'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--metadata-file', metadataJson,
'https://github.com/docker/build-push-action.git#refs/heads/master:docker'
]
],
[
16,
'0.8.2',
new Map<string, string>([
['github-token', 'abcdefghijklmno0123456789'],
['context', '{{defaultContext}}:subdir'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--metadata-file', metadataJson,
'https://github.com/docker/build-push-action.git#refs/heads/master:subdir'
]
],
[
17,
'0.8.2',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'true'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--metadata-file', metadataJson,
'.'
]
],
[
18,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
19,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'true'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
20,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'mode=max'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
21,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', 'type=provenance,disabled=true',
'--metadata-file', metadataJson,
'.'
]
],
[
22,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'builder-id=foo'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', 'type=provenance,builder-id=foo',
'--metadata-file', metadataJson,
'.'
]
],
[
23,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['outputs', 'type=docker'],
]),
[
'build',
'--iidfile', imageIDFilePath,
"--output", 'type=docker',
'--metadata-file', metadataJson,
'.'
]
],
[
24,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'true'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
25,
'0.10.0',
new Map<string, string>([
['context', '.'],
['build-args', `FOO=bar#baz`],
['load', 'true'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--build-arg', 'FOO=bar#baz',
'--iidfile', imageIDFilePath,
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
26,
'0.10.0',
new Map<string, string>([
['context', '.'],
['no-cache', 'false'],
['load', 'true'],
['push', 'false'],
['pull', 'false'],
['secret-envs', `MY_SECRET=MY_SECRET_ENV
ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
]),
[
'build',
'--secret', 'id=MY_SECRET,env=MY_SECRET_ENV',
'--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV',
'--iidfile', imageIDFilePath,
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
27,
'0.10.0',
new Map<string, string>([
['context', '.'],
['no-cache', 'false'],
['load', 'true'],
['push', 'false'],
['pull', 'false'],
['secret-envs', 'MY_SECRET=MY_SECRET_ENV,ANOTHER_SECRET=ANOTHER_SECRET_ENV']
]),
[
'build',
'--secret', 'id=MY_SECRET,env=MY_SECRET_ENV',
'--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV',
'--iidfile', imageIDFilePath,
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
28,
'0.11.0',
new Map<string, string>([
['context', '.'],
['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--output', 'type=local,dest=./release-out',
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
29,
'0.12.0',
new Map<string, string>([
['context', '.'],
['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--annotation', 'example1=www',
'--annotation', 'index:example2=xxx',
'--annotation', 'manifest:example3=yyy',
'--annotation', 'manifest-descriptor[linux/amd64]:example4=zzz',
'--output', 'type=local,dest=./release-out',
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
30,
'0.12.0',
new Map<string, string>([
['context', '.'],
['outputs', `type=image,"name=localhost:5000/name/app:latest,localhost:5000/name/app:foo",push-by-digest=true,name-canonical=true,push=true`],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
"--output", `type=image,"name=localhost:5000/name/app:latest,localhost:5000/name/app:foo",push-by-digest=true,name-canonical=true,push=true`,
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
31,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'mode=max'],
['sbom', 'true'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--attest', `type=sbom,disabled=false`,
'--metadata-file', metadataJson,
'.'
]
],
[
32,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['attests', 'type=provenance,mode=min'],
['provenance', 'mode=max'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
33,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['attests', 'type=provenance,mode=min'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=min,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
])(
'[%d] given %p with %p as inputs, returns %p',
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
inputs.forEach((value: string, name: string) => {
setInput(name, value);
});
const toolkit = new Toolkit();
jest.spyOn(Buildx.prototype, 'version').mockImplementation(async (): Promise<string> => {
return buildxVersion;
});
const inp = await context.getInputs();
const res = await context.getArgs(inp, toolkit);
expect(res).toEqual(expected);
}
);
});
// See: https://github.com/actions/toolkit/blob/a1b068ec31a042ff1e10a522d8fdf0b8869d53ca/packages/core/src/core.ts#L89
function getInputName(name: string): string {
return `INPUT_${name.replace(/ /g, '_').toUpperCase()}`;
}
function setInput(name: string, value: string): void {
process.env[getInputName(name)] = value;
}

362
__tests__/fixtures/github-repo.json
View File

@ -1,362 +0,0 @@
{
"id": 1296269,
"node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
"name": "Hello-World",
"full_name": "octocat/Hello-World",
"owner": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"private": false,
"html_url": "https://github.com/octocat/Hello-World",
"description": "This your first repo!",
"fork": false,
"url": "https://api.github.com/repos/octocat/Hello-World",
"archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
"assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
"blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
"branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
"collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
"comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
"commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
"compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
"contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
"contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
"deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
"downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
"events_url": "http://api.github.com/repos/octocat/Hello-World/events",
"forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
"git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
"git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
"git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
"git_url": "git:github.com/octocat/Hello-World.git",
"issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
"issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
"issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
"keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
"labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
"languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
"merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
"milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
"notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
"pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
"releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
"ssh_url": "git@github.com:octocat/Hello-World.git",
"stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
"statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
"subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
"subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
"tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
"teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
"trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
"clone_url": "https://github.com/octocat/Hello-World.git",
"mirror_url": "git:git.example.com/octocat/Hello-World",
"hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
"svn_url": "https://svn.github.com/octocat/Hello-World",
"homepage": "https://github.com",
"language": null,
"forks_count": 9,
"stargazers_count": 80,
"watchers_count": 80,
"size": 108,
"default_branch": "master",
"open_issues_count": 0,
"is_template": true,
"topics": [
"octocat",
"atom",
"electron",
"api"
],
"has_issues": true,
"has_projects": true,
"has_wiki": true,
"has_pages": false,
"has_downloads": true,
"archived": false,
"disabled": false,
"visibility": "public",
"pushed_at": "2011-01-26T19:06:43Z",
"created_at": "2011-01-26T19:01:12Z",
"updated_at": "2011-01-26T19:14:43Z",
"permissions": {
"pull": true,
"triage": true,
"push": false,
"maintain": false,
"admin": false
},
"allow_rebase_merge": true,
"template_repository": null,
"temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
"allow_squash_merge": true,
"delete_branch_on_merge": true,
"allow_merge_commit": true,
"subscribers_count": 42,
"network_count": 0,
"license": {
"key": "mit",
"name": "MIT License",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit",
"node_id": "MDc6TGljZW5zZW1pdA=="
},
"organization": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "Organization",
"site_admin": false
},
"parent": {
"id": 1296269,
"node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
"name": "Hello-World",
"full_name": "octocat/Hello-World",
"owner": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"private": false,
"html_url": "https://github.com/octocat/Hello-World",
"description": "This your first repo!",
"fork": false,
"url": "https://api.github.com/repos/octocat/Hello-World",
"archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
"assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
"blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
"branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
"collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
"comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
"commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
"compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
"contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
"contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
"deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
"downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
"events_url": "http://api.github.com/repos/octocat/Hello-World/events",
"forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
"git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
"git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
"git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
"git_url": "git:github.com/octocat/Hello-World.git",
"issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
"issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
"issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
"keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
"labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
"languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
"merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
"milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
"notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
"pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
"releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
"ssh_url": "git@github.com:octocat/Hello-World.git",
"stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
"statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
"subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
"subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
"tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
"teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
"trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
"clone_url": "https://github.com/octocat/Hello-World.git",
"mirror_url": "git:git.example.com/octocat/Hello-World",
"hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
"svn_url": "https://svn.github.com/octocat/Hello-World",
"homepage": "https://github.com",
"language": null,
"forks_count": 9,
"stargazers_count": 80,
"watchers_count": 80,
"size": 108,
"default_branch": "master",
"open_issues_count": 0,
"is_template": true,
"topics": [
"octocat",
"atom",
"electron",
"api"
],
"has_issues": true,
"has_projects": true,
"has_wiki": true,
"has_pages": false,
"has_downloads": true,
"archived": false,
"disabled": false,
"visibility": "public",
"pushed_at": "2011-01-26T19:06:43Z",
"created_at": "2011-01-26T19:01:12Z",
"updated_at": "2011-01-26T19:14:43Z",
"permissions": {
"admin": false,
"push": false,
"pull": true
},
"allow_rebase_merge": true,
"template_repository": null,
"temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
"allow_squash_merge": true,
"delete_branch_on_merge": true,
"allow_merge_commit": true,
"subscribers_count": 42,
"network_count": 0
},
"source": {
"id": 1296269,
"node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
"name": "Hello-World",
"full_name": "octocat/Hello-World",
"owner": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"private": false,
"html_url": "https://github.com/octocat/Hello-World",
"description": "This your first repo!",
"fork": false,
"url": "https://api.github.com/repos/octocat/Hello-World",
"archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
"assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
"blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
"branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
"collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
"comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
"commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
"compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
"contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
"contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
"deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
"downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
"events_url": "http://api.github.com/repos/octocat/Hello-World/events",
"forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
"git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
"git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
"git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
"git_url": "git:github.com/octocat/Hello-World.git",
"issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
"issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
"issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
"keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
"labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
"languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
"merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
"milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
"notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
"pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
"releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
"ssh_url": "git@github.com:octocat/Hello-World.git",
"stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
"statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
"subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
"subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
"tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
"teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
"trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
"clone_url": "https://github.com/octocat/Hello-World.git",
"mirror_url": "git:git.example.com/octocat/Hello-World",
"hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
"svn_url": "https://svn.github.com/octocat/Hello-World",
"homepage": "https://github.com",
"language": null,
"forks_count": 9,
"stargazers_count": 80,
"watchers_count": 80,
"size": 108,
"default_branch": "master",
"open_issues_count": 0,
"is_template": true,
"topics": [
"octocat",
"atom",
"electron",
"api"
],
"has_issues": true,
"has_projects": true,
"has_wiki": true,
"has_pages": false,
"has_downloads": true,
"archived": false,
"disabled": false,
"visibility": "public",
"pushed_at": "2011-01-26T19:06:43Z",
"created_at": "2011-01-26T19:01:12Z",
"updated_at": "2011-01-26T19:14:43Z",
"permissions": {
"admin": false,
"push": false,
"pull": true
},
"allow_rebase_merge": true,
"template_repository": null,
"temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
"allow_squash_merge": true,
"delete_branch_on_merge": true,
"allow_merge_commit": true,
"subscribers_count": 42,
"network_count": 0
}
}

1
__tests__/fixtures/secret.txt
View File

@ -1 +0,0 @@
bar

162
action.yml
View File

@ -1,123 +1,67 @@
# https://help.github.com/en/articles/metadata-syntax-for-github-actions
name: Build and push Docker images
description: Build and push Docker images with Buildx
author: docker
description: Builds and pushes Docker images and will log in to a Docker registry if required
author: Docker
branding:
icon: 'anchor'
color: 'blue'
runs:
using: docker
image: docker://docker/github-actions:v1
args:
- build-push
inputs:
add-hosts:
description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
username:
description: Username used to log in to a Docker registry. If not set then no login will occur
required: false
allow:
description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
password:
description: Password or personal access token used to log in to a Docker registry. If not set then no login will occur
required: false
annotations:
description: "List of annotation to set to the image"
required: false
attests:
description: "List of attestation parameters (e.g., type=sbom,generator=image)"
required: false
build-args:
description: "List of build-time variables"
required: false
build-contexts:
description: "List of additional build contexts (e.g., name=path)"
required: false
builder:
description: "Builder instance"
required: false
cache-from:
description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
required: false
cache-to:
description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
required: false
cgroup-parent:
description: "Optional parent cgroup for the container used in the build"
required: false
context:
description: "Build's context is the set of files located in the specified PATH or URL"
required: false
file:
description: "Path to the Dockerfile"
required: false
labels:
description: "List of metadata for an image"
required: false
load:
description: "Load is a shorthand for --output=type=docker"
required: false
default: 'false'
network:
description: "Set the networking mode for the RUN instructions during build"
required: false
no-cache:
description: "Do not use cache when building the image"
required: false
default: 'false'
no-cache-filters:
description: "Do not cache specified stages"
required: false
outputs:
description: "List of output destinations (format: type=local,dest=path)"
required: false
platforms:
description: "List of target platforms for build"
required: false
provenance:
description: "Generate provenance attestation for the build (shorthand for --attest=type=provenance)"
required: false
pull:
description: "Always attempt to pull all referenced images"
required: false
default: 'false'
push:
description: "Push is a shorthand for --output=type=registry"
required: false
default: 'false'
sbom:
description: "Generate SBOM attestation for the build (shorthand for --attest=type=sbom)"
required: false
secrets:
description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
required: false
secret-envs:
description: "List of secret env vars to expose to the build (e.g., key=envname, MY_SECRET=MY_ENV_VAR)"
required: false
secret-files:
description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
required: false
shm-size:
description: "Size of /dev/shm (e.g., 2g)"
required: false
ssh:
description: "List of SSH agent socket or keys to expose to the build"
registry:
description: Server address of Docker registry. If not set then will default to Docker Hub
required: false
repository:
deprecationMessage: 'v2 is now available through docker/build-push-action@v2'
description: Docker repository to tag the image with
required: true
tags:
description: "List of tags"
description: Comma-delimited list of tags. These will be added to the registry/repository to form the image's tags
required: false
tag_with_ref:
description: Automatically tags the built image with the git reference as per the readme
required: false
default: false
tag_with_sha:
description: Automatically tags the built image with the git short SHA as per the readme
required: false
default: false
path:
description: Path to the build context
required: false
default: "."
dockerfile:
description: Path to the Dockerfile (Default is '{path}/Dockerfile')
required: false
target:
description: "Sets the target stage to build"
description: Sets the target stage to build
required: false
ulimit:
description: "Ulimit options (e.g., nofile=1024:1024)"
always_pull:
description: Always attempt to pull a newer version of the image
required: false
github-token:
description: "GitHub Token used to authenticate against a repository for Git context"
default: ${{ github.token }}
default: false
build_args:
description: Comma-delimited list of build-time variables
required: false
outputs:
imageid:
description: 'Image ID'
digest:
description: 'Image digest'
metadata:
description: 'Build result metadata'
runs:
using: 'node20'
main: 'dist/index.js'
post: 'dist/index.js'
cache_froms:
description: Comma-delimited list of images to consider as cache sources
required: false
labels:
description: Comma-delimited list of labels to add to the built image
required: false
add_git_labels:
description: Adds labels with git repository information to the built image
required: false
default: false
push:
description: Whether to push the image
required: false
default: true

3
codecov.yml
View File

@ -1,3 +0,0 @@
comment: false
github_checks:
annotations: false

80
dev.Dockerfile
View File

@ -1,80 +0,0 @@
# syntax=docker/dockerfile:1
ARG NODE_VERSION=20
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git
WORKDIR /src
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache <<EOT
corepack enable
yarn --version
yarn config set --home enableTelemetry 0
EOT
FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update
COPY --from=deps /vendor /
FROM deps AS vendor-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock
exit 1
fi
EOT
FROM deps AS build
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run build && mkdir /out && cp -Rf dist /out/
FROM scratch AS build-update
COPY --from=build /out /
FROM build AS build-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist
exit 1
fi
EOT
FROM deps AS format
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run format \
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
FROM scratch AS format-update
COPY --from=format /out /
FROM deps AS lint
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run lint
FROM deps AS test
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run test --coverage --coverageDirectory=/tmp/coverage
FROM scratch AS test-coverage
COPY --from=test /tmp/coverage /

103
dist/index.js vendored
View File

File diff suppressed because one or more lines are too long

1
dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

3930
dist/licenses.txt vendored
View File

File diff suppressed because it is too large Load Diff

1
dist/sourcemap-register.js vendored
View File

File diff suppressed because one or more lines are too long

53
docker-bake.hcl
View File

@ -1,53 +0,0 @@
group "default" {
targets = ["build"]
}
group "pre-checkin" {
targets = ["vendor", "format", "build"]
}
group "validate" {
targets = ["lint", "build-validate", "vendor-validate"]
}
target "build" {
dockerfile = "dev.Dockerfile"
target = "build-update"
output = ["."]
}
target "build-validate" {
dockerfile = "dev.Dockerfile"
target = "build-validate"
output = ["type=cacheonly"]
}
target "format" {
dockerfile = "dev.Dockerfile"
target = "format-update"
output = ["."]
}
target "lint" {
dockerfile = "dev.Dockerfile"
target = "lint"
output = ["type=cacheonly"]
}
target "vendor" {
dockerfile = "dev.Dockerfile"
target = "vendor-update"
output = ["."]
}
target "vendor-validate" {
dockerfile = "dev.Dockerfile"
target = "vendor-validate"
output = ["type=cacheonly"]
}
target "test" {
dockerfile = "dev.Dockerfile"
target = "test-coverage"
output = ["./coverage"]
}

30
jest.config.ts
View File

@ -1,30 +0,0 @@
import fs from 'fs';
import os from 'os';
import path from 'path';
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-action-'));
process.env = Object.assign({}, process.env, {
TEMP: tmpDir,
GITHUB_REPOSITORY: 'docker/build-push-action',
RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
}) as {
[key: string]: string;
};
module.exports = {
clearMocks: false,
testEnvironment: 'node',
moduleFileExtensions: ['js', 'ts'],
testMatch: ['**/*.test.ts'],
transform: {
'^.+\\.ts$': 'ts-jest'
},
moduleNameMapper: {
'^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
},
collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__mocks__/', '__tests__/'],
verbose: true
};

48
package.json
View File

@ -1,48 +0,0 @@
{
"name": "docker-build-push",
"description": "Build and push Docker images",
"main": "src/main.ts",
"scripts": {
"build": "ncc build --source-map --minify --license licenses.txt",
"lint": "yarn run prettier && yarn run eslint",
"format": "yarn run prettier:fix && yarn run eslint:fix",
"eslint": "eslint --max-warnings=0 .",
"eslint:fix": "eslint --fix .",
"prettier": "prettier --check \"./**/*.ts\"",
"prettier:fix": "prettier --write \"./**/*.ts\"",
"test": "jest"
},
"repository": {
"type": "git",
"url": "git+https://github.com/docker/build-push-action.git"
},
"keywords": [
"actions",
"docker",
"build",
"push"
],
"author": "Docker Inc.",
"license": "Apache-2.0",
"packageManager": "yarn@3.6.3",
"dependencies": {
"@actions/core": "^1.10.1",
"@docker/actions-toolkit": "0.37.1",
"handlebars": "^4.7.7"
},
"devDependencies": {
"@types/node": "^20.12.12",
"@typescript-eslint/eslint-plugin": "^7.9.0",
"@typescript-eslint/parser": "^7.9.0",
"@vercel/ncc": "^0.38.1",
"eslint": "^8.57.0",
"eslint-config-prettier": "^9.1.0",
"eslint-plugin-jest": "^28.5.0",
"eslint-plugin-prettier": "^5.1.3",
"jest": "^29.7.0",
"prettier": "^3.2.5",
"ts-jest": "^29.1.2",
"ts-node": "^10.9.2",
"typescript": "^5.4.5"
}
}

285
src/context.ts
View File

@ -1,285 +0,0 @@
import * as core from '@actions/core';
import * as handlebars from 'handlebars';
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
import {Context} from '@docker/actions-toolkit/lib/context';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {Util} from '@docker/actions-toolkit/lib/util';
export interface Inputs {
'add-hosts': string[];
allow: string[];
annotations: string[];
attests: string[];
'build-args': string[];
'build-contexts': string[];
builder: string;
'cache-from': string[];
'cache-to': string[];
'cgroup-parent': string;
context: string;
file: string;
labels: string[];
load: boolean;
network: string;
'no-cache': boolean;
'no-cache-filters': string[];
outputs: string[];
platforms: string[];
provenance: string;
pull: boolean;
push: boolean;
sbom: string;
secrets: string[];
'secret-envs': string[];
'secret-files': string[];
'shm-size': string;
ssh: string[];
tags: string[];
target: string;
ulimit: string[];
'github-token': string;
}
export async function getInputs(): Promise<Inputs> {
return {
'add-hosts': Util.getInputList('add-hosts'),
allow: Util.getInputList('allow'),
annotations: Util.getInputList('annotations', {ignoreComma: true}),
attests: Util.getInputList('attests', {ignoreComma: true}),
'build-args': Util.getInputList('build-args', {ignoreComma: true}),
'build-contexts': Util.getInputList('build-contexts', {ignoreComma: true}),
builder: core.getInput('builder'),
'cache-from': Util.getInputList('cache-from', {ignoreComma: true}),
'cache-to': Util.getInputList('cache-to', {ignoreComma: true}),
'cgroup-parent': core.getInput('cgroup-parent'),
context: core.getInput('context') || Context.gitContext(),
file: core.getInput('file'),
labels: Util.getInputList('labels', {ignoreComma: true}),
load: core.getBooleanInput('load'),
network: core.getInput('network'),
'no-cache': core.getBooleanInput('no-cache'),
'no-cache-filters': Util.getInputList('no-cache-filters'),
outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}),
platforms: Util.getInputList('platforms'),
provenance: Build.getProvenanceInput('provenance'),
pull: core.getBooleanInput('pull'),
push: core.getBooleanInput('push'),
sbom: core.getInput('sbom'),
secrets: Util.getInputList('secrets', {ignoreComma: true}),
'secret-envs': Util.getInputList('secret-envs'),
'secret-files': Util.getInputList('secret-files', {ignoreComma: true}),
'shm-size': core.getInput('shm-size'),
ssh: Util.getInputList('ssh'),
tags: Util.getInputList('tags'),
target: core.getInput('target'),
ulimit: Util.getInputList('ulimit', {ignoreComma: true}),
'github-token': core.getInput('github-token')
};
}
export function sanitizeInputs(inputs: Inputs) {
const res = {};
for (const key of Object.keys(inputs)) {
if (key === 'github-token') {
continue;
}
const value: string | string[] | boolean = inputs[key];
if (typeof value === 'boolean' && value === false) {
continue;
} else if (Array.isArray(value) && value.length === 0) {
continue;
} else if (!value) {
continue;
}
res[key] = value;
}
return res;
}
export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
const context = handlebars.compile(inputs.context)({
defaultContext: Context.gitContext()
});
// prettier-ignore
return [
...await getBuildArgs(inputs, context, toolkit),
...await getCommonArgs(inputs, toolkit),
context
];
}
async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = ['build'];
await Util.asyncForEach(inputs['add-hosts'], async addHost => {
args.push('--add-host', addHost);
});
if (inputs.allow.length > 0) {
args.push('--allow', inputs.allow.join(','));
}
if (await toolkit.buildx.versionSatisfies('>=0.12.0')) {
await Util.asyncForEach(inputs.annotations, async annotation => {
args.push('--annotation', annotation);
});
} else if (inputs.annotations.length > 0) {
core.warning("Annotations are only supported by buildx >= 0.12.0; the input 'annotations' is ignored.");
}
await Util.asyncForEach(inputs['build-args'], async buildArg => {
args.push('--build-arg', buildArg);
});
if (await toolkit.buildx.versionSatisfies('>=0.8.0')) {
await Util.asyncForEach(inputs['build-contexts'], async buildContext => {
args.push('--build-context', buildContext);
});
} else if (inputs['build-contexts'].length > 0) {
core.warning("Build contexts are only supported by buildx >= 0.8.0; the input 'build-contexts' is ignored.");
}
await Util.asyncForEach(inputs['cache-from'], async cacheFrom => {
args.push('--cache-from', cacheFrom);
});
await Util.asyncForEach(inputs['cache-to'], async cacheTo => {
args.push('--cache-to', cacheTo);
});
if (inputs['cgroup-parent']) {
args.push('--cgroup-parent', inputs['cgroup-parent']);
}
await Util.asyncForEach(inputs['secret-envs'], async secretEnv => {
try {
args.push('--secret', Build.resolveSecretEnv(secretEnv));
} catch (err) {
core.warning(err.message);
}
});
if (inputs.file) {
args.push('--file', inputs.file);
}
if (!Build.hasLocalExporter(inputs.outputs) && !Build.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
args.push('--iidfile', toolkit.buildxBuild.getImageIDFilePath());
}
await Util.asyncForEach(inputs.labels, async label => {
args.push('--label', label);
});
await Util.asyncForEach(inputs['no-cache-filters'], async noCacheFilter => {
args.push('--no-cache-filter', noCacheFilter);
});
await Util.asyncForEach(inputs.outputs, async output => {
args.push('--output', output);
});
if (inputs.platforms.length > 0) {
args.push('--platform', inputs.platforms.join(','));
}
if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
args.push(...(await getAttestArgs(inputs, toolkit)));
} else {
core.warning("Attestations are only supported by buildx >= 0.10.0; the inputs 'attests', 'provenance' and 'sbom' are ignored.");
}
await Util.asyncForEach(inputs.secrets, async secret => {
try {
args.push('--secret', Build.resolveSecretString(secret));
} catch (err) {
core.warning(err.message);
}
});
await Util.asyncForEach(inputs['secret-files'], async secretFile => {
try {
args.push('--secret', Build.resolveSecretFile(secretFile));
} catch (err) {
core.warning(err.message);
}
});
if (inputs['github-token'] && !Build.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
args.push('--secret', Build.resolveSecretString(`GIT_AUTH_TOKEN=${inputs['github-token']}`));
}
if (inputs['shm-size']) {
args.push('--shm-size', inputs['shm-size']);
}
await Util.asyncForEach(inputs.ssh, async ssh => {
args.push('--ssh', ssh);
});
await Util.asyncForEach(inputs.tags, async tag => {
args.push('--tag', tag);
});
if (inputs.target) {
args.push('--target', inputs.target);
}
await Util.asyncForEach(inputs.ulimit, async ulimit => {
args.push('--ulimit', ulimit);
});
return args;
}
async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = [];
if (inputs.builder) {
args.push('--builder', inputs.builder);
}
if (inputs.load) {
args.push('--load');
}
if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
args.push('--metadata-file', toolkit.buildxBuild.getMetadataFilePath());
}
if (inputs.network) {
args.push('--network', inputs.network);
}
if (inputs['no-cache']) {
args.push('--no-cache');
}
if (inputs.pull) {
args.push('--pull');
}
if (inputs.push) {
args.push('--push');
}
return args;
}
async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = [];
// check if provenance attestation is set in attests input
let hasAttestProvenance = false;
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (Build.hasAttestationType('provenance', attest)) {
hasAttestProvenance = true;
}
});
let provenanceSet = false;
let sbomSet = false;
if (inputs.provenance) {
args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
provenanceSet = true;
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
// if provenance not specified in provenance or attests inputs and BuildKit
// version compatible for attestation, set default provenance. Also needs
// to make sure user doesn't want to explicitly load the image to docker.
if (GitHub.context.payload.repository?.private ?? false) {
// if this is a private repository, we set the default provenance
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
} else {
// for a public repository, we set max provenance mode.
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`);
}
}
if (inputs.sbom) {
args.push('--attest', Build.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
sbomSet = true;
}
// set attests but check if provenance or sbom types already set as
// provenance and sbom inputs take precedence over attests input.
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (!Build.hasAttestationType('provenance', attest) && !Build.hasAttestationType('sbom', attest)) {
args.push('--attest', Build.resolveAttestationAttrs(attest));
} else if (!provenanceSet && Build.hasAttestationType('provenance', attest)) {
args.push('--attest', Build.resolveProvenanceAttrs(attest));
} else if (!sbomSet && Build.hasAttestationType('sbom', attest)) {
args.push('--attest', attest);
}
});
return args;
}

284
src/main.ts
View File

@ -1,284 +0,0 @@
import * as fs from 'fs';
import * as path from 'path';
import * as stateHelper from './state-helper';
import * as core from '@actions/core';
import * as actionsToolkit from '@docker/actions-toolkit';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
import {History as BuildxHistory} from '@docker/actions-toolkit/lib/buildx/history';
import {Context} from '@docker/actions-toolkit/lib/context';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
import {Exec} from '@docker/actions-toolkit/lib/exec';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {Util} from '@docker/actions-toolkit/lib/util';
import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker/docker';
import {UploadArtifactResponse} from '@docker/actions-toolkit/lib/types/github';
import * as context from './context';
actionsToolkit.run(
// main
async () => {
const startedTime = new Date();
const inputs: context.Inputs = await context.getInputs();
core.debug(`inputs: ${JSON.stringify(inputs)}`);
stateHelper.setInputs(inputs);
const toolkit = new Toolkit();
await core.group(`GitHub Actions runtime token ACs`, async () => {
try {
await GitHub.printActionsRuntimeTokenACs();
} catch (e) {
core.warning(e.message);
}
});
await core.group(`Docker info`, async () => {
try {
await Docker.printVersion();
await Docker.printInfo();
} catch (e) {
core.info(e.message);
}
});
await core.group(`Proxy configuration`, async () => {
let dockerConfig: ConfigFile | undefined;
let dockerConfigMalformed = false;
try {
dockerConfig = await Docker.configFile();
} catch (e) {
dockerConfigMalformed = true;
core.warning(`Unable to parse config file ${path.join(Docker.configDir, 'config.json')}: ${e}`);
}
if (dockerConfig && dockerConfig.proxies) {
for (const host in dockerConfig.proxies) {
let prefix = '';
if (Object.keys(dockerConfig.proxies).length > 1) {
prefix = ' ';
core.info(host);
}
for (const key in dockerConfig.proxies[host]) {
core.info(`${prefix}${key}: ${dockerConfig.proxies[host][key]}`);
}
}
} else if (!dockerConfigMalformed) {
core.info('No proxy configuration found');
}
});
if (!(await toolkit.buildx.isAvailable())) {
core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
return;
}
stateHelper.setTmpDir(Context.tmpDir());
await core.group(`Buildx version`, async () => {
await toolkit.buildx.printVersion();
});
let builder: BuilderInfo;
await core.group(`Builder info`, async () => {
builder = await toolkit.builder.inspect(inputs.builder);
core.info(JSON.stringify(builder, null, 2));
});
const args: string[] = await context.getArgs(inputs, toolkit);
core.debug(`context.getArgs: ${JSON.stringify(args)}`);
const buildCmd = await toolkit.buildx.getCommand(args);
core.debug(`buildCmd.command: ${buildCmd.command}`);
core.debug(`buildCmd.args: ${JSON.stringify(buildCmd.args)}`);
let err: Error | undefined;
await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
ignoreReturnCode: true,
env: Object.assign({}, process.env, {
BUILDX_METADATA_WARNINGS: 'true'
}) as {
[key: string]: string;
}
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
err = Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
}
});
const imageID = toolkit.buildxBuild.resolveImageID();
const metadata = toolkit.buildxBuild.resolveMetadata();
const digest = toolkit.buildxBuild.resolveDigest(metadata);
if (imageID) {
await core.group(`ImageID`, async () => {
core.info(imageID);
core.setOutput('imageid', imageID);
});
}
if (digest) {
await core.group(`Digest`, async () => {
core.info(digest);
core.setOutput('digest', digest);
});
}
if (metadata) {
await core.group(`Metadata`, async () => {
const metadatadt = JSON.stringify(metadata, null, 2);
core.info(metadatadt);
core.setOutput('metadata', metadatadt);
});
}
let ref: string | undefined;
await core.group(`Reference`, async () => {
ref = await buildRef(toolkit, startedTime, inputs.builder);
if (ref) {
core.info(ref);
stateHelper.setBuildRef(ref);
} else {
core.info('No build reference found');
}
});
if (buildChecksAnnotationsEnabled()) {
const warnings = toolkit.buildxBuild.resolveWarnings(metadata);
if (ref && warnings && warnings.length > 0) {
const annotations = await Buildx.convertWarningsToGitHubAnnotations(warnings, [ref]);
core.debug(`annotations: ${JSON.stringify(annotations, null, 2)}`);
if (annotations && annotations.length > 0) {
await core.group(`Generating GitHub annotations (${annotations.length} build checks found)`, async () => {
for (const annotation of annotations) {
core.warning(annotation.message, annotation);
}
});
}
}
}
await core.group(`Check build summary support`, async () => {
if (!buildSummaryEnabled()) {
core.info('Build summary disabled');
} else if (GitHub.isGHES) {
core.info('Build summary is not yet supported on GHES');
} else if (!(await toolkit.buildx.versionSatisfies('>=0.13.0'))) {
core.info('Build summary requires Buildx >= 0.13.0');
} else if (builder && builder.driver === 'cloud') {
core.info('Build summary is not yet supported with Docker Build Cloud');
} else if (!ref) {
core.info('Build summary requires a build reference');
} else {
core.info('Build summary supported!');
stateHelper.setSummarySupported();
}
});
if (err) {
throw err;
}
},
// post
async () => {
if (stateHelper.isSummarySupported) {
await core.group(`Generating build summary`, async () => {
try {
const recordUploadEnabled = buildRecordUploadEnabled();
let recordRetentionDays: number | undefined;
if (recordUploadEnabled) {
recordRetentionDays = buildRecordRetentionDays();
}
const buildxHistory = new BuildxHistory();
const exportRes = await buildxHistory.export({
refs: stateHelper.buildRef ? [stateHelper.buildRef] : []
});
core.info(`Build record written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
let uploadRes: UploadArtifactResponse | undefined;
if (recordUploadEnabled) {
uploadRes = await GitHub.uploadArtifact({
filename: exportRes.dockerbuildFilename,
mimeType: 'application/gzip',
retentionDays: recordRetentionDays
});
}
await GitHub.writeBuildSummary({
exportRes: exportRes,
uploadRes: uploadRes,
inputs: stateHelper.inputs
});
} catch (e) {
core.warning(e.message);
}
});
}
if (stateHelper.tmpDir.length > 0) {
await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
fs.rmSync(stateHelper.tmpDir, {recursive: true});
});
}
}
);
async function buildRef(toolkit: Toolkit, since: Date, builder?: string): Promise<string> {
// get ref from metadata file
const ref = toolkit.buildxBuild.resolveRef();
if (ref) {
return ref;
}
// otherwise, look for the very first build ref since the build has started
if (!builder) {
const currentBuilder = await toolkit.builder.inspect();
builder = currentBuilder.name;
}
const refs = Buildx.refs({
dir: Buildx.refsDir,
builderName: builder,
since: since
});
return Object.keys(refs).length > 0 ? Object.keys(refs)[0] : '';
}
function buildChecksAnnotationsEnabled(): boolean {
if (process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS) {
return Util.parseBool(process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS);
}
return true;
}
function buildSummaryEnabled(): boolean {
if (process.env.DOCKER_BUILD_NO_SUMMARY) {
core.warning('DOCKER_BUILD_NO_SUMMARY is deprecated. Set DOCKER_BUILD_SUMMARY to false instead.');
return !Util.parseBool(process.env.DOCKER_BUILD_NO_SUMMARY);
} else if (process.env.DOCKER_BUILD_SUMMARY) {
return Util.parseBool(process.env.DOCKER_BUILD_SUMMARY);
}
return true;
}
function buildRecordUploadEnabled(): boolean {
if (process.env.DOCKER_BUILD_RECORD_UPLOAD) {
return Util.parseBool(process.env.DOCKER_BUILD_RECORD_UPLOAD);
}
return true;
}
function buildRecordRetentionDays(): number | undefined {
let val: string | undefined;
if (process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS) {
core.warning('DOCKER_BUILD_EXPORT_RETENTION_DAYS is deprecated. Use DOCKER_BUILD_RECORD_RETENTION_DAYS instead.');
val = process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS;
} else if (process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS) {
val = process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS;
}
if (val) {
const res = parseInt(val);
if (isNaN(res)) {
throw Error(`Invalid build record retention days: ${val}`);
}
return res;
}
}

24
src/state-helper.ts
View File

@ -1,24 +0,0 @@
import * as core from '@actions/core';
import {Inputs, sanitizeInputs} from './context';
export const tmpDir = process.env['STATE_tmpDir'] || '';
export const inputs = process.env['STATE_inputs'] ? JSON.parse(process.env['STATE_inputs']) : undefined;
export const buildRef = process.env['STATE_buildRef'] || '';
export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
export function setTmpDir(tmpDir: string) {
core.saveState('tmpDir', tmpDir);
}
export function setInputs(inputs: Inputs) {
core.saveState('inputs', JSON.stringify(sanitizeInputs(inputs)));
}
export function setBuildRef(buildRef: string) {
core.saveState('buildRef', buildRef);
}
export function setSummarySupported() {
core.saveState('isSummarySupported', 'true');
}

3
test/Dockerfile
View File

@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN echo "Hello world!"

3
test/addhost.Dockerfile
View File

@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN cat /etc/hosts

3
test/cgroup.Dockerfile
View File

@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN cat /proc/self/cgroup

19
test/go/Dockerfile
View File

@ -1,19 +0,0 @@
# syntax=docker/dockerfile:1
FROM golang:alpine AS base
ENV CGO_ENABLED=0
RUN apk add --no-cache file git
WORKDIR /src
FROM base AS build
RUN --mount=type=bind,target=/src \
--mount=type=cache,target=/root/.cache/go-build \
go build -ldflags "-s -w" -o /usr/bin/app .
FROM scratch AS binary
COPY --from=build /usr/bin/app /bin/app
FROM alpine AS image
COPY --from=build /usr/bin/app /bin/app
EXPOSE 8080
ENTRYPOINT ["/bin/app"]

3
test/go/go.mod
View File

@ -1,3 +0,0 @@
module github.com/docker/build-push-action/test/go
go 1.18

14
test/go/main.go
View File

@ -1,14 +0,0 @@
package main
import (
"fmt"
"log"
"net/http"
)
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, Go!")
})
log.Fatal(http.ListenAndServe(":8080", nil))
}

12
test/lint.Dockerfile
View File

@ -1,12 +0,0 @@
frOM busybox as base
cOpy lint.Dockerfile .
from scratch
MAINTAINER moby@example.com
COPy --from=base \
/lint.Dockerfile \
/
CMD [ "echo", "Hello, Norway!" ]
CMD [ "echo", "Hello, Sweden!" ]
ENTRYPOINT my-program start

20
test/multi-sudo.Dockerfile
View File

@ -1,20 +0,0 @@
# syntax=docker/dockerfile:1
FROM --platform=$BUILDPLATFORM golang:alpine AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" > /log
RUN apk --update --no-cache add \
shadow \
sudo \
&& addgroup -g 1200 buildx \
&& adduser -u 1200 -G buildx -s /sbin/nologin -D buildx \
&& echo 'buildx ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
&& rm -rf /tmp/* /var/cache/apk/*
USER buildx
RUN sudo chown buildx. /log
USER root
FROM alpine
COPY --from=build /log /log
RUN ls -al /log

9
test/multi.Dockerfile
View File

@ -1,9 +0,0 @@
# syntax=docker/dockerfile:1
FROM --platform=$BUILDPLATFORM golang:alpine AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" > /log
FROM alpine
COPY --from=build /log /log

4
test/named-context-base.Dockerfile
View File

@ -1,4 +0,0 @@
# syntax=docker/dockerfile:1
FROM debian
RUN echo "Hello debian!"

4
test/named-context.Dockerfile
View File

@ -1,4 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN cat /etc/*release

9
test/nocachefilter.Dockerfile
View File

@ -1,9 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox AS base
RUN echo "Hello world!" > /hello
FROM alpine AS build
COPY --from=base /hello /hello
RUN uname -a
FROM build

9
test/proxy.Dockerfile
View File

@ -1,9 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN apk add --no-cache curl net-tools
ARG HTTP_PROXY
ARG HTTPS_PROXY
RUN printenv HTTP_PROXY
RUN printenv HTTPS_PROXY
RUN netstat -aptn
RUN curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy $HTTP_PROXY -v --insecure --head https://www.google.com

4
test/secret.Dockerfile
View File

@ -1,4 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN --mount=type=secret,id=MYSECRET \
echo "MYSECRET=$(cat /run/secrets/MYSECRET)"

3
test/shmsize.Dockerfile
View File

@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN mount | grep /dev/shm

3
test/ulimit.Dockerfile
View File

@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN ulimit -a

22
tsconfig.json
View File

@ -1,22 +0,0 @@
{
"compilerOptions": {
"esModuleInterop": true,
"target": "es6",
"module": "commonjs",
"strict": true,
"newLine": "lf",
"outDir": "./lib",
"rootDir": "./src",
"forceConsistentCasingInFileNames": true,
"noImplicitAny": false,
"resolveJsonModule": true,
"useUnknownInCatchVariables": false,
},
"exclude": [
"./__mocks__/**/*",
"./__tests__/**/*",
"./lib/**/*",
"node_modules",
"jest.config.ts"
]
}

6843
yarn.lock
View File

File diff suppressed because it is too large Load Diff