Summary:
Github Actions allows using Docker containers to run jobs, but it doesn't seem to allow providing a dynamic value for this container image (using environment variables).
This works (not the desired solution):
jobs:
pytest-test:
container:
image: ghcr.io/ashrafgt/test:latest ...
This does not work (the desired solution):
jobs:
pytest-test:
container:
# env variables defined at the start of the workflow
image: ${{ env.REGISTRY_NAME }}/test:${{ env.IMAGE_TAG }}
...
Giving this error:
Invalid workflow file : .github/workflows/workflow.yaml
The workflow is not valid. Unrecognized named-value: 'env'. Located at position 1 within expression: env.REGISTRY_NAME
Are there any ways to do this besides doing a run: docker run ...?
Full Example:
In this example, I try to build and push a Docker image (tagged with the current commit SHA) then use the same image to run unit tests:
name: Main CI Pipeline
on: [push]
env:
REGISTRY_NAME: ghcr.io/${{ github.repository_owner }}
REGISTRY_USERNAME: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
IMAGE_TAG: ${{ github.sha }}
jobs:
docker-build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout#v2
- uses: docker/setup-buildx-action#v1
- uses: docker/login-action#v1
with:
registry: ${{ env.REGISTRY_NAME }}
username: ${{ env.REGISTRY_USERNAME }}
password: ${{ env.REGISTRY_PASSWORD }}
- uses: docker/build-push-action#v2
with:
tags: ${{ env.REGISTRY_NAME }}/test:${{ env.IMAGE_TAG }}
push: true
pytest-test:
needs: docker-build
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
container:
image: ${{ env.REGISTRY_NAME }}/test:${{ env.IMAGE_TAG }}
steps:
- uses: actions/checkout#v2
- run: pytest
Please find the full repository here.
The full error message is:
Invalid workflow file : .github/workflows/workflow.yaml#L38
The workflow is not valid. .github/workflows/workflow.yaml (Line: 38, Col: 14): Unrecognized named-value: 'env'. Located at position 1 within expression: env.REGISTRY_NAME
Please find the Github Actions run here.
Fix Attempts:
Using only container instead of container.image:
jobs:
pytest-test:
container: ${{ env.REGISTRY_NAME }}/test:${{ env.IMAGE_TAG }}
...
Using the docker:// syntax for a single step:
jobs:
pytest-test:
steps:
- uses: docker://${{ env.REGISTRY_NAME }}/test:${{ env.IMAGE_TAG }}
entrypoint: pytest
...
Both fix attempts failed with the same error as the original syntax.
Related
I have a github workflow to build a docker image. The workflow runs after another one that runs semantic release on the repository, so that the code version is updated and a new tag is created.
What I want to achieve is to build the docker image and push it to the registry both with the main tag and with the updated version tag (i.e., an image tag equal to the git tag).
I'm using the docker/metadata-action for this. I've read the documentation and other relevant (1, 2), but I can't understand how the tags parameter works.
What I tried is the following:
name: Build
on:
workflow_run:
workflows: ["Semantic Release"]
types:
- completed
env:
REGISTRY: <azure-registry>
IMAGE_NAME: ${{ github.repository }}
jobs:
build-app:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout#v3
- name: Log in to the Container registry
uses: docker/login-action#f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action#98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# Catching tag is not working
tags: |
type=ref,event=branch
type=semver,pattern={{raw}}
type=ref,event=tag
- name: Build and push Docker image
uses: docker/build-push-action#ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: true
file: docker/Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
The job is correctly running after the commit done by the semantic release action, so that I think that all needed information (branch main and latest version tag) are available for the build job, but the metadata-action doesn't catch the tag at all. The output of the relevant step is the following:
and the only tag that is created for the docker image is main.
Maybe it's a simple issue, but what am I missing?
Hi I am trying to push docker images to github packages using workflow. Below is my workflow.
- name: Log in to the Container registry
uses: docker/login-action#f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
This step passes and I am able to login. Below is my next step.
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action#98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
uses: docker/build-push-action#ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: ./CharteringExecutionPlatform/
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
In this step I am successfully able to build docker image and tag it. Workflow fails when pushing docker image to github package. I am getting below error
ERROR: denied: requested access to the resource is denied Error:
buildx call failed with: ERROR: denied: requested access to the
resource is denied
I am not sure what I am missing here. Can someone help me? Any help would be appreciated. Thank you
Solved by setting the correct tags in the extract metedata step
docker:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
matrix:
dotnet-version: ['6.0.x' ]
steps:
- uses: actions/checkout#v3
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action#98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Build and push Docker image
uses: docker/build-push-action#ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
file: subdir/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
I would like to semantic versioning my docker images which are built and pushed to GitHub Container Registry by the GitHub Action.
I found a satisfying solution here: https://stackoverflow.com/a/69059228/12877180
According to the solution I reproduced the following YAML.
name: Docker CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
REGISTRY: ghcr.io
jobs:
build-push:
# needs: build-test
name: Buid and push Docker image to GitHub Container registry
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- name: Checkout the repository
uses: actions/checkout#v2
- name: Login to GitHub Container registry
uses: docker/login-action#v1
env:
USERNAME: ${{ github.actor }}
PASSWORD: ${{ secrets.GITHUB_TOKEN }}
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.USERNAME }}
password: ${{ env.PASSWORD }}
- name: Get lowercase repository name
run: |
echo "IMAGE=${REPOSITORY,,}">>${GITHUB_ENV}
env:
REPOSITORY: ${{ env.REGISTRY }}/${{ github.repository }}
- name: Build and export the image to Docker
uses: docker/build-push-action#v2
with:
context: .
file: ./docker/Dockerfile
target: final
push: true
tags: |
${{ env.IMAGE }}:${{ secrets.MAJOR }}.${{ secrets.MINOR }}
build-args: |
ENVIRONMENT=production
- name: Update Patch version
uses: hmanzur/actions-set-secret#v2.0.0
with:
name: 'MINOR'
value: $((${{ secrets.MINOR }} + 1))
repository: ${{ github.repository }}
token: ${{ secrets.GH_PAT }}
Unfortunately this does not work.
The initial value of the MINOR secret is 0. If the build-push job is executed very first time, the docker image is perfectly pushed to the GHCR with the ghcr.io/my-org/my-repo:0.0 syntax.
The purpose of the build-push job is then increment the MINOR secret by 1.
If the action job build-push is executed again after new event, I get error while trying to build docker image using the incremented tag.
/usr/bin/docker buildx build --build-arg ENVIRONMENT=production --tag ghcr.io/my-org/my-repo:***.*** --target final --iidfile /tmp/docker-build-push-HgjJR7/iidfile --metadata-file /tmp/docker-build-push-HgjJR7/metadata-file --file ./docker/Dockerfile --push .
error: invalid tag "ghcr.io/my-org/my-repo:***.***": invalid reference format
Error: buildx failed with: error: invalid tag "ghcr.io/my-org/my-repo:***.***": invalid reference format
You need to increment the version in a bash command like this:
- name: Autoincrement a new patch version
run: |
echo "NEW_PATCH_VERSION=$((${{ env.PATCH_VERSION }}+1))" >> $GITHUB_ENV
- name: Update patch version
uses: hmanzur/actions-set-secret#v2.0.0
with:
name: 'PATCH_VERSION'
value: ${{ env.NEW_PATCH_VERSION }}
repository: ${{ github.repository }}
token: ${{ secrets.REPO_ACCESS_TOKEN }}
I want to build my image and push it to dockerhub using github actions.This is my repo
And this is how I want to do my job:
name: ci
on:
push:
branches:
- 'master'
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout#v2
-
name: Set up QEMU
uses: docker/setup-qemu-action#v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action#v1
-
name: Login to DockerHub
uses: docker/login-action#v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
name: Build and push
uses: docker/build-push-action#v2
with:
context: .
load: true
tags: shirzadi/ehsan:latest
-
name: Push it!
run: docker push ${{ env.IMAGE }}:${{ env.GIT_SHA }}
And this is the result:
You are using environment variables that don't exist. According to docker/build-push-action#v2 documentation it can build, tag and push your image in a single step:
jobs:
docker:
steps:
# ...
-
name: Build and push
uses: docker/build-push-action#v2
with:
context: .
push: true
tags: shirzadi/ehsan:latest,shirzadi/ehsan:${{ env.GITHUB_SHA }}
The tags key lists 2 tags and use the GITHUB_SHA environment variable. These tags will be pushed as the push key is set to true.
See:
Github Actions - Default environment variables
docker/build-push-action#v2 - customizing inputs
You are not having env.IMAGE data. Below piece of code should do the job.
- name: Build and push
run: docker build -t ${{ env.IMAGE }}:${{ github.sha }} .
env:
IMAGE: shirzadi/ehsan
- name: Push it!
run: docker push ${{ env.IMAGE }}:${{ github.sha }}
env:
IMAGE: shirzadi/ehsan
I'm trying to deploy my repository to a private Docker registry on every new release and everything works except for the version tagging. No matter what I've tried ${{ github.event.release.tag_name }} is always '', which cancels the workflow since docker tags can't be empty.
on:
release:
types: [published]
jobs:
push_to_registry:
name: Push Docker image to Docker Registry
runs-on: ubuntu-latest
steps:
-
name: Check out the repo
uses: actions/checkout#v2
-
name: Set up QEMU
uses: docker/setup-qemu-action#v1
-
name: Setup Docker Buildx
uses: docker/setup-buildx-action#v1
-
name: Log in to Docker Registry
uses: docker/login-action#v1
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: check tag
if: ${{ github.event.release.tag_name }} == ''
run: |
echo Epic fail
exit 1
-
name: Build and Push to Docker Registry
id: docker_build
uses: docker/build-push-action#v2
with:
push: true
tags: ${{ secrets.DOCKER_REGISTRY }}/repos:latest, ${{ secrets.DOCKER_REGISTRY }}/$repos:${{ github.event.release.tag_name }}
-
name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
The repository this is running on is private so that might have something to do with it but I haven't been able to figure out what.
Any suggestions?
I think the problem is that github.event.release.tag_name is only available if the tagging itself triggered the build (but I'm not sure)
I made it work using a separate action: https://github.com/dawidd6/action-get-tag
Here's my usage:
steps:
- uses: actions/checkout#v2
- name: Get git tag
id: tag
uses: dawidd6/action-get-tag#v1
- uses: docker/build-push-action#v2
with:
context: ./
file: ./Dockerfile
push: true
tags: locustio/locust:${{ steps.tag.outputs.tag }}