Now I am implement a docker ci in github actions, first step build the docker image and push to remote repo like this:
- name: Build image push to aliyun
uses: docker/build-push-action#v1
with:
registry: ${{ secrets.ALI_DOCKER_HUB_REGISTRY }}
username: ${{ secrets.ALIYUN_DOCKER_REPO_USER_NAME }}
password: ${{ secrets.ALIYUN_DOCKER_REPO_USER_PASSWORD }}
tag_with_sha: true
repository: reddwarf-pro/dolphin-post
path: 'dolphin-post'
after pushed to remote repo, the next step I want to update my kubernetes cluster app using this newest image. I want do it like this:
- name: deploy to cluster
uses: steebchen/kubectl#v2.0.0
with: # defaults to latest kubectl binary version
config: ${{ secrets.KUBE_CONFIG_DATA }}
command: set image --record deployment/my-app container=${{ github.repository }}:${{ github.sha }}
- name: verify deployment
uses: steebchen/kubectl#v2.0.0
with:
config: ${{ secrets.KUBE_CONFIG_DATA }}
version: v1.21.0 # specify kubectl binary version explicitly
command: rollout status deployment/my-app
the github.sha represent the newest image sha code. But now I did not know how to get the github.sha value. Should I set into environment variable? How to set into environment variable? Where and How should I set the github.sha value?
do it like this:
- name: Build image push to aliyun
uses: docker/build-push-action#v1
with:
registry: ${{ secrets.ALI_DOCKER_HUB_REGISTRY }}
username: ${{ secrets.ALIYUN_DOCKER_REPO_USER_NAME }}
password: ${{ secrets.ALIYUN_DOCKER_REPO_USER_PASSWORD }}
tags: ${{ github.sha }}
repository: reddwarf-pro/dolphin-post
path: 'dolphin-post'
- name: deploy to cluster
uses: steebchen/kubectl#v2.0.0
with: # defaults to latest kubectl binary version
config: ${{ secrets.KUBE_CONFIG_DATA }}
command: set image --record deployment/dolphin-post-service dolphin-post-service=registry.cn-hangzhou.aliyuncs.com/reddwarf-pro/dolphin-post:${{ github.sha }} -n reddwarf-pro
Related
I built and pushed a image from the dockerfile using github actions, here is the worflow file
name: Create and publish a Docker image
on:
push:
branches: ['temp']
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout#v3
- name: Log in to the Container registry
uses: docker/login-action#f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action#98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
uses: docker/build-push-action#ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
Now when I go to the package, I get link saying
"install from command line -> docker pull ghcr.io/<OWNER_NAME>/<IMAGE_NAME>:"
However on using this command to actually pull the image, I get an error message saying I am not authorized.
NOTE: I am able to pull the image if I make the package public, but not once it is private
A quick google search tells me I need to use PAT to authenticate, I did that but still get the same error. For example on following this (https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry)
I get an error saying: Error response from daemon: Get "https://ghcr.io/v2/": denied: denied
I am not sure how to proceed now.
I'm trying to troubleshoot a Github actions issue, and it looks like Github and/or Docker is doing a cross-platform build for me when they shouldn't.
Using buildx, but specifying only linux/amd64 platform for the builder.
Not setting up Qemu explicitly.
Asking for linux/arm64,linux/ppc64le platforms for the image.
... and it builds! How?
I even added docker buildx inspect command, and it prints what I expect, e.g. only Intel platforms are listed.
Here's my test repo: https://github.com/haimgel/test-docker-build
Here's my action file from there:
name: TEST
on:
push:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action#v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- id: builder-github
uses: docker/setup-buildx-action#v2
with:
platforms: linux/amd64
- run: |
docker buildx ls
docker buildx inspect --bootstrap
- uses: docker/login-action#v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action#v3
with:
context: .
platforms: linux/arm64,linux/ppc64le
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
I'm using the below workflow code (found in the github documentation) to build and publish a docker image to the Github Container Registry.
name: Create and publish a Docker image
on:
push:
branches: ['release']
pull_request:
branches: ['release']
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout#v3
- name: Log in to the Container registry
uses: docker/login-action#f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action#98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
uses: docker/build-push-action#ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
This works and I now see a public docker image under "Packages" on the github repo. When I click on the image, I am directed to a github page with more information about the image (official docs here):
"Install from the command line:"
docker pull ghcr.io/OWNER/IMAGE_NAME:pr-75
And its Digest sha: sha256:04ea7757e34c4fae527bbe6fb56eb984f54543f2313775572f0817d696ecf48a
I want to add a new job to the same workflow, that pulls the image to a virtual machine using ssh.
deploy:
- name: Deploy to Digital Ocean droplet via SSH action
uses: appleboy/ssh-action#v0.1.4
with:
host: ${{ secrets.DO_HOST }}
username: root
key: ${{ secrets.DO_PRIVATE_SSHKEY }}
port: 22
script: |
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
This fails with:
err: invalid reference format: repository name must be lowercase (lowercasing it is not enough, read on)
Of course I cannot hard-code docker pull ghcr.io/OWNER/IMAGE_NAME:pr-75 or the Digest sha, because each new branch will increment in its PR number, so the pr-75 tag will change.
How can I deploy the image that was just published? Seems I can either use the tag value or the sha and how can I retrieve those values in real time?
There are two jobs in the above workflow:
"build-and-push-image"
"deploy"
The first one uses the docker/metadata-action to retrieve the tag name ghcr.io/OWNER/IMAGE_NAME:pr-75 which is used in the next step to name the image when docker/build-push-action is used.
I have simply used the docker/metadata-action again in the second job:
deploy:
needs: build-and-push-image
runs-on: ubuntu-latest
steps:
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action#69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Deploy to Digital Ocean droplet via SSH action
uses: appleboy/ssh-action#v0.1.4
with:
host: ${{ secrets.DO_HOST }}
username: root
key: ${{ secrets.DO_PRIVATE_SSHKEY }}
port: 22
script: |
docker pull ${{ steps.meta.outputs.tags }}
I would like to semantic versioning my docker images which are built and pushed to GitHub Container Registry by the GitHub Action.
I found a satisfying solution here: https://stackoverflow.com/a/69059228/12877180
According to the solution I reproduced the following YAML.
name: Docker CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
REGISTRY: ghcr.io
jobs:
build-push:
# needs: build-test
name: Buid and push Docker image to GitHub Container registry
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- name: Checkout the repository
uses: actions/checkout#v2
- name: Login to GitHub Container registry
uses: docker/login-action#v1
env:
USERNAME: ${{ github.actor }}
PASSWORD: ${{ secrets.GITHUB_TOKEN }}
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.USERNAME }}
password: ${{ env.PASSWORD }}
- name: Get lowercase repository name
run: |
echo "IMAGE=${REPOSITORY,,}">>${GITHUB_ENV}
env:
REPOSITORY: ${{ env.REGISTRY }}/${{ github.repository }}
- name: Build and export the image to Docker
uses: docker/build-push-action#v2
with:
context: .
file: ./docker/Dockerfile
target: final
push: true
tags: |
${{ env.IMAGE }}:${{ secrets.MAJOR }}.${{ secrets.MINOR }}
build-args: |
ENVIRONMENT=production
- name: Update Patch version
uses: hmanzur/actions-set-secret#v2.0.0
with:
name: 'MINOR'
value: $((${{ secrets.MINOR }} + 1))
repository: ${{ github.repository }}
token: ${{ secrets.GH_PAT }}
Unfortunately this does not work.
The initial value of the MINOR secret is 0. If the build-push job is executed very first time, the docker image is perfectly pushed to the GHCR with the ghcr.io/my-org/my-repo:0.0 syntax.
The purpose of the build-push job is then increment the MINOR secret by 1.
If the action job build-push is executed again after new event, I get error while trying to build docker image using the incremented tag.
/usr/bin/docker buildx build --build-arg ENVIRONMENT=production --tag ghcr.io/my-org/my-repo:***.*** --target final --iidfile /tmp/docker-build-push-HgjJR7/iidfile --metadata-file /tmp/docker-build-push-HgjJR7/metadata-file --file ./docker/Dockerfile --push .
error: invalid tag "ghcr.io/my-org/my-repo:***.***": invalid reference format
Error: buildx failed with: error: invalid tag "ghcr.io/my-org/my-repo:***.***": invalid reference format
You need to increment the version in a bash command like this:
- name: Autoincrement a new patch version
run: |
echo "NEW_PATCH_VERSION=$((${{ env.PATCH_VERSION }}+1))" >> $GITHUB_ENV
- name: Update patch version
uses: hmanzur/actions-set-secret#v2.0.0
with:
name: 'PATCH_VERSION'
value: ${{ env.NEW_PATCH_VERSION }}
repository: ${{ github.repository }}
token: ${{ secrets.REPO_ACCESS_TOKEN }}
I have setup a kubernetes cluster on AWS using kops.
I am trying to automate deployment with github actions.
name: Build and Deploy
on:
push:
branches:
- develop
jobs:
build_docker_image:
- uses: actions/checkout#v2
- name: Build the tagged Docker image
run: docker build --target dev -t org/customer-service-backend:la
push_docker_image_to_github-packages:
- uses: docker/build-push-action#v2
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: docker.pkg.github.com
repository: org/customer-service-backend:latest
tag_with_ref: true
deploy_to_kubernetes_cluster:
... what to do here?
I am able to built the image and push to gihub packages.
I have created deployment.yml in the root directory of the repository.
How can I deploy to kubernetes cluster?
Also, I am tagging the images with latest. Is it fine or I need to use GITHUB_REF for tagging?
Update
I am able to configure all the things. I only need to get kubeconfig to authenticate to existing cluster.
name: Build and Deploy
on:
push:
branches:
- develop
jobs:
build_docker_image:
- uses: actions/checkout#v2
- name: Build the tagged Docker image
run: docker build --target dev -t org/customer-service-backend:${{ github.sha }}
push_docker_image_to_github_packages:
needs: build_docker_image
- uses: docker/build-push-action#v2
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: docker.pkg.github.com
repository: org/customer-service-backend:${{ github.sha }}
tag_with_ref: true
deploy_to_kubernetes_cluster:
needs: push_docker_image_to_github_packages
name: Set Kubernetes Context
uses: azure/k8s-set-context#v1
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBE_CONFIG }} # Use secret (https://developer.github.com/actions/managing-workflows/storing-secrets/)
run: |
sed -i'' -e 's/IMAGE_LABEL/${{ github.sha }}/g' deployment.yml
kubectl apply -f deployment.yml
By looking your workflow config file, all the jobs running parallelly.
But, probably it's not what you want.
Pushing image needs a built image and deployment job needs an updated built image.
On Access kubernetes cluster, just access into your cluster and do,
cat $HOME/.kube/config
and copy the output.
Now, create a secret in github with KUBE_CONFIG as environment variable.
Notes - this is one method to access kubernetes cluster, there are other methods as well, choose one that suits your need
name: Build and Deploy
on:
push:
branches:
- develop
jobs:
build_docker_image:
name: Build Docker Image
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout#v2
- name: Build the tagged Docker image
run: docker build --target dev -t your_org/customer-service-backend:${{ github.sha }} .
push_docker_image_to_github_packages:
name: Push Docker Image to Github Packages
needs: build_docker_image
runs-on: ubuntu-latest
steps:
- name: Push Docker Image
uses: docker/build-push-action#v2
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: docker.pkg.github.com
repository: your_org/customer-service-backend:${{ github.sha }}
deploy_to_kubernetes_cluster:
name: Deploy to Kubernetes Cluster
needs: push_docker_image_to_github_packages
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout#v2
- name: Set Kubernetes Context
uses: azure/k8s-set-context#v1
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBE_CONFIG }} # Use secret (https://developer.github.com/actions/managing-workflows/storing-secrets/)
- name: Deploy to Cluster
run: |
sed -i'' -e 's/IMAGE_LABEL/${{ github.sha }}/g' deployment.yml
kubectl apply -f deployment.yml