When I push a commit with a tag, a docker container is automatically built by the docker/build-push-action#v1 GitHub Actions. The tag indicates the version number, which I want to show in the application.
Here is my workflow:
- name: Push to Docker Hub - develop
uses: docker/build-push-action#v1
with:
repository: my_repo/my_image
path: frontend/
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
tags: develop
args: SOFTWARE_VERSION=${{ steps.vars.outputs.tag }}
At that moment the variable SOFTWARE_VERSION should be available in the Dockerfile, is that right?
In my Dockerfile I set:
ARG SOFTWARE_VERSION
ENV SOFTWARE_VERSION ${SOFTWARE_VERSION}
Inside the container, the variable has an empty value. How to do it properly?
I don't know if it matters, but I run the container using docker-compose.
You are using args to pass the arguments.
However, the #v1 of https://github.com/docker/build-push-action offers build_args and #v3 build-args.
You should choose accordingly for the version that you need to use. IMO, you should go for the latest one.
Go to your Settings->Secrets and Variables
Add two Secrets
DOCKERHUB_USERNAME your username on Dockerhub
DOCKERHUB_TOKEN this is the token,you can get it from DockerHub
You must add this to precede Build and Push
— name: Login to DockerHub
if: GitHub.event_name != 'pull_request'
uses: docker/login-action#v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Related
I want to be able to run a Github action that would build, automatically & uniquely tag and push an image to Docker hub.
I want it to also be that another Github action that deploys to the server will automatically know the image's tag and adds it to the image name to pull that specific image automatically.
Try the Publish Docker GitHub Action.
Example workflow that will trigger on new GH Release creation and will use the GH release version for tagging the Docker image:
name: Publish to Registry
on:
release:
types: [published]
jobs:
update:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- id: pre-step
shell: bash
run: echo "release-version=$(echo ${GITHUB_REF:10})" >> $GITHUB_OUTPUT
- name: Publish to Registry
uses: elgohr/Publish-Docker-Github-Action#v5
with:
name: myDocker/repository
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
tags: "latest,${{ steps.pre-step.outputs.release-version }}"
Also, you can use tag_names when you want to push tags/release by their git name (e.g. refs/tags/MY_TAG_NAME):
with:
name: myDocker/repository
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
tag_names: true
For more details visit the Usage section.
I have a repository that includes a container image build-and-publish workflow; the critical workflow steps looks like:
- name: Log in to the Container registry
uses: docker/login-action#v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
[...]
- name: Build and push Docker image
uses: docker/build-push-action#v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
I deleted the GitHub repository that contained this workflow, and then re-created it with the same name. After restoring the content in the repository, the above action is now failing with:
ERROR: denied: permission_denied: write_package
Error: buildx failed with: ERROR: denied: permission_denied: write_package
Additionally, using the registry API I can see that the corresponding image repository still exists and contains tagged images from the previous instance of the repository.
I would have expected the package repository to be deleted when I deleted the git repository, but it apparently persists and is linked to the prior authentication credentials.
I've been able to work around the permission problem by manually generating a github token, and then modifying the login action to use it:
- name: Log in to the Container registry
uses: docker/login-action#v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.OVERRIDE_GITHUB_TOKEN }}
That works, but the package repository is no longer linked to the git repository. Looking at the repository main page, we see:
Additionally, the workaround is messy and leads to maintenance issues (e.g. if the token expires the secrets need to be updated manually, which isn't an issue when using the default token).
Is there any way to restore package repository access for the default token and re-link the git repository to the package repository? I would be happy to simply delete the package repository, but it wasn't clear if that's possible.
tonight I stumbled across something I found really strange and I can't find a good answer to it. I'm building a docker image on my Raspberry Pi (where this is a dashboard acting as a home server). I'm still fairly new to using Github actions, but I use a Gitlab/Jenkins setup at work.
With the exact same code, building and pushing the docker image with the following took around 10 minutes. I ran into some further issues and it timed out, so I thought of building it manually as opposed to the "uses: docker/build-push-action" method.
I'm struggling to understand what's happening under the hood and why there is such a massive performance difference. Is there a reason why the "using" method might be preferred?
Raspberry Pi B3+, Ubuntu arm64
~10 Minutes. Sample run: https://github.com/helblingjoel/piserver/actions/runs/2332932188
- name: Login to DockerHub
uses: docker/login-action#v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action#v2
- name: Build and push
uses: docker/build-push-action#v2
with:
push: true
tags: helblingjoel/piserver:${{ steps.date.outputs.date }}
cache-from: type=registry,ref=helblingjoel/piserver:buildcache
cache-to: type=registry,ref=helblingjoel/piserver:buildcache,mode=max
~3 minutes. Sample run: https://github.com/helblingjoel/piserver/actions/runs/2334507767
- name: Login to DockerHub
uses: docker/login-action#v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.
- name: Build docker image
run: docker build -t helblingjoel/piserver:${{ steps.date.outputs.date }} .
- name: Push docker image
run: docker push helblingjoel/piserver:${{ steps.date.outputs.date }}
The Dockerfile used for those was identical.
Thank you in advance.
I am setting up a Github action to push a Docker image to Docker Hub following Github official README.md for docker/build-push-action#v2.
This is my action inside directory .github/workflows/
name: Publish Docker image
on:
push:
branches: master
jobs:
push_to_registry:
name: Push Docker image to Docker Hub
runs-on: ubuntu-latest
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action#v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action#v1
-
name: Login to DockerHub
uses: docker/login-action#v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
-
name: Build and push
id: docker_build
uses: docker/build-push-action#v2
with:
push: true
tags: user/app:latest
-
name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
Having tested the action worked in my fork branch I then merged the branch to the main repo. To my surprise the login step failed showing the following error inside Github actions log
Run docker/login-action#v1
with:
logout: true
Error: Username and password required
At first I thought I could have wrongly defined (or even not defined) the secrets inside the main repo but after a request with octokit I found out that they are there
{
total_count: 2,
secrets: [
{
name: 'DOCKER_PASSWORD',
created_at: '2020-11-04T15:28:55Z',
updated_at: '2020-11-16T13:11:27Z'
},
{
name: 'DOCKER_USERNAME',
created_at: '2020-11-04T15:28:55Z',
updated_at: '2020-11-16T13:11:27Z'
}
]
}
I guess that docker/login-action#v1 is not using username and password provided after the with: keyword. I am very puzzled by this as it did work on my fork branch and do not understand why with: is sending the keyword logout: true instead which I did not set.
Does someone have more insight into this ?
Could you check that in the repository's settings the secrets are there like this:
Also, when you say
Having tested the action worked in my fork branch I then merged the branch to the main repo.
does this mean the main repo is also yours?
Because secrets don't transfer between repos. If you've forked another user's repository and want to contribute workflow changes requiring secrets, the main repo's owner(s) will have to add secrets with the same name.
Additionally, secrets aren't used in Pull Requests workflow runs. Hence you'll only see if it's working after the changes have been merged into the repository.
I have run into the same issue please check where you are giving your secret, now GitHub has two types of secrets, you should use Actions as shown in the image. If you use depependabot.
For building images of my current project, I use the gradle task bootBuildImage. This task creates a OCI image using Cloud Native Buildpacks.
- name: Build image with Gradle
run: ./gradlew bootBuildImage
With the next step I'm trying to push this docker image to my private GitHub registry using build-push-action.
- name: Push image to Registry
uses: docker/build-push-action#v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
registry: docker.pkg.github.com
repository: sullrich84/wettkampfdb-backend
tags: latest
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
As I can tell from the logs, the problem with this step is that it seems to rely on a Dockerfile located in the workspaces root directory which does not exist.
unable to prepare context: unable to evaluate symlinks in Dockerfile path:
lstat /github/workspace/Dockerfile: no such file or directory
Is it possible to push the image created via bootBuildImage to my private GitHub registry without using/creating a dedicated Dockerfile?
If you are just looking for something to deal with docker push, you can just use the native docker command to do it.
Something like this.
- name: run docker push
run: |
#docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
#docker push $BUILD_TAG
#docker push $LATEST_TAG
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
The github-action you are using is not for pushing an image you define by repository and tag but rahter build and push https://github.com/docker/build-push-action#build-push-action
Builds and pushes Docker images and will log in to a Docker registry if required.
Specifically this is also related to https://github.com/docker/build-push-action/issues/17 - so just building without pushing is possible, not vice versa.
This github action does yet not allow just pushing.
This is for now very common for a lot of CI/CD solutions, where build and push are one task.
I use publishRegistry option of gradle bootBuildImage.
Set parameter in your build.gradle (below is gradle.kts)
tasks.bootBuildImage {
imageName = "${imageName}:${project.version}"
isPublish = true
docker {
publishRegistry {
url = dockerUrl
username = dockerUsername
password = dockerPassword
}
}
}
check this document