actions/build-push-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: actions:master
Branches Tags
actions:master
actions:releases/v5
actions:releases/v4
actions:releases/v3
actions:releases/v2
actions:releases/v1
actions:v6.3.0
actions:v6
actions:v6.2.0
actions:v6.1.0
actions:v6.0.2
actions:v6.0.1
actions:v6.0.0
actions:v5.4.0
actions:v5
actions:v5.3.0
actions:v5.2.0
actions:v5.1.0
actions:v5.0.0
actions:v4.2.1
actions:v4
actions:v4.2.0
actions:v4.1.1
actions:v4.1.0
actions:v4.0.0
actions:v3.3.1
actions:v3
actions:v3.3.0
actions:v3.2.0
actions:v3.1.1
actions:v3.1.0
actions:v3.0.0
actions:v2.10.0
actions:v2
actions:v2.9.0
actions:v2.8.0
actions:v2.7.0
actions:v2.6.1
actions:v2.6.0
actions:v2.5.0
actions:v2.4.0
actions:v2.3.0
actions:v2.2.2
actions:v2.2.1
actions:v2.2.0
actions:v2.1.0
actions:v2.0.1
actions:v1.1.2
actions:v1
actions:v2.0.0
actions:v1.1.1
actions:v1.1.0
actions:v1.0.1
actions:v1.0.0
actions:v1.0
..
compare: actions:v4.1.0
Branches Tags
actions:master
actions:releases/v5
actions:releases/v4
actions:releases/v3
actions:releases/v2
actions:releases/v1
actions:v6.3.0
actions:v6
actions:v6.2.0
actions:v6.1.0
actions:v6.0.2
actions:v6.0.1
actions:v6.0.0
actions:v5.4.0
actions:v5
actions:v5.3.0
actions:v5.2.0
actions:v5.1.0
actions:v5.0.0
actions:v4.2.1
actions:v4
actions:v4.2.0
actions:v4.1.1
actions:v4.1.0
actions:v4.0.0
actions:v3.3.1
actions:v3
actions:v3.3.0
actions:v3.2.0
actions:v3.1.1
actions:v3.1.0
actions:v3.0.0
actions:v2.10.0
actions:v2
actions:v2.9.0
actions:v2.8.0
actions:v2.7.0
actions:v2.6.1
actions:v2.6.0
actions:v2.5.0
actions:v2.4.0
actions:v2.3.0
actions:v2.2.2
actions:v2.2.1
actions:v2.2.0
actions:v2.1.0
actions:v2.0.1
actions:v1.1.2
actions:v1
actions:v2.0.0
actions:v1.1.1
actions:v1.1.0
actions:v1.0.1
actions:v1.0.0
actions:v1.0

No commits in common. "master" and "v4.1.0" have entirely different histories.
master ... v4.1.0

51 changed files with 4329 additions and 11800 deletions
Show Stats Expand all files Collapse all files

12
.dockerignore
View File

@ -1,12 +1,2 @@
/coverage /coverage
/node_modules
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*

3
.eslintignore
View File

@ -1,3 +0,0 @@
/dist/**
/coverage/**
/node_modules/**

5
.eslintrc.json
View File

@ -1,19 +1,18 @@
{ {
"env": { "env": {
"node": true, "node": true,
"es6": true, "es2021": true,
"jest": true "jest": true
}, },
"extends": [ "extends": [
"eslint:recommended", "eslint:recommended",
"plugin:@typescript-eslint/eslint-recommended",
"plugin:@typescript-eslint/recommended", "plugin:@typescript-eslint/recommended",
"plugin:jest/recommended", "plugin:jest/recommended",
"plugin:prettier/recommended" "plugin:prettier/recommended"
], ],
"parser": "@typescript-eslint/parser", "parser": "@typescript-eslint/parser",
"parserOptions": { "parserOptions": {
"ecmaVersion": 2023, "ecmaVersion": "latest",
"sourceType": "module" "sourceType": "module"
}, },
"plugins": [ "plugins": [

2
.gitattributes vendored
View File

@ -1,4 +1,2 @@
/.yarn/releases/** binary
/.yarn/plugins/** binary
/dist/** linguist-generated=true /dist/** linguist-generated=true
/lib/** linguist-generated=true /lib/** linguist-generated=true

1
.github/CODEOWNERS vendored Normal file
View File

@ -0,0 +1 @@
* @crazy-max

3
.github/CODE_OF_CONDUCT.md vendored
View File

@ -1,3 +0,0 @@
# Code of conduct
- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)

101
.github/ISSUE_TEMPLATE/bug.yml vendored
View File

@ -1,101 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
name: Bug Report
description: Report a bug
labels:
- status/triage
body:
- type: markdown
attributes:
value: |
Thank you for taking the time to report a bug!
If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
Before submitting a bug report, check out the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md).
- type: checkboxes
attributes:
label: Contributing guidelines
description: >
Make sure you've read the contributing guidelines before proceeding.
options:
- label: I've read the [contributing guidelines](https://github.com/docker/build-push-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
required: true
- type: checkboxes
attributes:
label: "I've found a bug, and:"
description: |
Make sure that your request fulfills all of the following requirements.
If one requirement cannot be satisfied, explain in detail why.
options:
- label: The documentation does not mention anything about my problem
- label: There are no open or closed issues that are related to my problem
- type: textarea
attributes:
label: Description
description: >
Provide a brief description of the bug in 1-2 sentences.
validations:
required: true
- type: textarea
attributes:
label: Expected behaviour
description: >
Describe precisely what you'd expect to happen.
validations:
required: true
- type: textarea
attributes:
label: Actual behaviour
description: >
Describe precisely what is actually happening.
validations:
required: true
- type: input
attributes:
label: Repository URL
description: >
Enter the URL of the repository where you are experiencing the
issue. If your repository is private, provide a link to a minimal
repository that reproduces the issue.
- type: input
attributes:
label: Workflow run URL
description: >
Enter the URL of the GitHub Action workflow run, if public.
- type: textarea
attributes:
label: YAML workflow
description: |
Provide the YAML of the workflow that's causing the issue.
Make sure to remove any sensitive information.
render: yaml
validations:
required: true
- type: textarea
attributes:
label: Workflow logs
description: >
[Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
and make sure to remove any sensitive information.
- type: textarea
attributes:
label: BuildKit logs
description: >
If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
render: text
- type: textarea
attributes:
label: Additional info
description: |
Provide any additional information that could be useful.

37
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@ -0,0 +1,37 @@
---
name: Bug report
about: Create a report to help us improve
---
### Troubleshooting
Before submitting a bug report please read the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md).
### Behaviour
#### Steps to reproduce this issue
1.
2.
3.
#### Expected behaviour
> Tell us what should happen
#### Actual behaviour
> Tell us what happens instead
### Configuration
* Repository URL (if public):
* Build URL (if public):
```yml
# paste your YAML workflow file here and remove sensitive data
```
### Logs
> Download the [log file of your build](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs) and [attach it](https://docs.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.

9
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -1,9 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
blank_issues_enabled: true
contact_links:
- name: Questions and Discussions
url: https://github.com/docker/build-push-action/discussions/new
about: Use Github Discussions to ask questions and/or open discussion topics.
- name: Documentation
url: https://docs.docker.com/build/ci/github-actions/
about: Read the documentation.

15
.github/ISSUE_TEMPLATE/feature.yml vendored
View File

@ -1,15 +0,0 @@
# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
name: Feature request
description: Missing functionality? Come tell us about it!
labels:
- kind/enhancement
- status/triage
body:
- type: textarea
id: description
attributes:
label: Description
description: What is the feature you want to see?
validations:
required: true

12
.github/SECURITY.md vendored
View File

@ -1,12 +0,0 @@
# Reporting security issues
The project maintainers take security seriously. If you discover a security
issue, please bring it to their attention right away!
**Please _DO NOT_ file a public issue**, instead send your report privately to
[security@docker.com](mailto:security@docker.com).
Security reports are greatly appreciated, and we will publicly thank you for it.
We also like to send gifts—if you'd like Docker swag, make sure to let
us know. We currently do not offer a paid security bounty program, but are not
ruling it out in the future.

31
.github/SUPPORT.md vendored Normal file
View File

@ -0,0 +1,31 @@
# Support [![](https://isitmaintained.com/badge/resolution/docker/build-push-action.svg)](https://isitmaintained.com/project/docker/build-push-action)
First, [be a good guy](https://github.com/kossnocorp/etiquette/blob/master/README.md).
## Reporting an issue
Please do a search in [open issues](https://github.com/docker/build-push-action/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed.
If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment.
:+1: - upvote
:-1: - downvote
If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
## Writing good bug reports and feature requests
File a single issue per problem and feature request.
* Do not enumerate multiple bugs or feature requests in the same issue.
* Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
You are now ready to [create a new issue](https://github.com/docker/build-push-action/issues/new/choose)!
## Closure policy
* Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
* Issues that go a week without a response from original poster are subject to closure at our discretion.

BIN
.github/build-push-summary.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 81 KiB

1
.github/dependabot.yml vendored
View File

@ -11,7 +11,6 @@ updates:
directory: "/" directory: "/"
schedule: schedule:
interval: "daily" interval: "daily"
versioning-strategy: "increase"
allow: allow:
- dependency-type: "production" - dependency-type: "production"
labels: labels:

130
.github/workflows/.e2e-run.yml vendored
View File

@ -1,130 +0,0 @@
# reusable workflow
name: .e2e-run
on:
workflow_call:
inputs:
id:
required: false
type: string
type:
required: true
type: string
name:
required: true
type: string
registry:
required: false
type: string
slug:
required: false
type: string
username_secret:
required: false
type: string
password_secret:
required: false
type: string
env:
HARBOR_VERSION: v2.7.0
NEXUS_VERSION: 3.47.1
DISTRIBUTION_VERSION: 2.8.1
jobs:
run:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
-
buildx_version: latest
buildkit_image: moby/buildkit:buildx-stable-1
-
buildx_version: https://github.com/docker/buildx.git#master
buildkit_image: moby/buildkit:master
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up env
if: inputs.type == 'local'
run: |
cat ./.github/e2e/${{ inputs.id }}/env >> $GITHUB_ENV
-
name: Set up BuildKit config
run: |
touch /tmp/buildkitd.toml
if [ "${{ inputs.type }}" = "local" ]; then
echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
fi
-
name: Set up Docker daemon
if: inputs.type == 'local'
run: |
if [ ! -e /etc/docker/daemon.json ]; then
echo '{}' | tee /etc/docker/daemon.json >/dev/null
fi
DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
sudo service docker restart
-
name: Install ${{ inputs.name }}
if: inputs.type == 'local'
run: |
sudo -E bash ./.github/e2e/${{ inputs.id }}/install.sh
sudo chown $(id -u):$(id -g) -R ~/.docker
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_SLUG || inputs.slug }}
tags: |
type=ref,event=branch,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
type=ref,event=tag,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
type=raw,gh-runid-${{ github.run_id }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ matrix.buildx_version }}
buildkitd-config: /tmp/buildkitd.toml
buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
driver-opts: |
image=${{ matrix.buildkit_image }}
network=host
-
name: Login to Registry
if: github.event_name != 'pull_request' && (env.REGISTRY_USER || inputs.username_secret) != ''
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
username: ${{ env.REGISTRY_USER || secrets[inputs.username_secret] }}
password: ${{ env.REGISTRY_PASSWORD || secrets[inputs.password_secret] }}
-
name: Build and push
uses: ./
with:
context: ./test
file: ./test/multi.Dockerfile
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || inputs.slug }}:master
cache-to: type=inline
-
name: Inspect image
run: |
docker pull ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
-
name: Check manifest
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'

642
.github/workflows/ci.yml vendored
View File

@ -1,9 +1,5 @@
name: ci name: ci
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on: on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
@ -33,12 +29,12 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
with: with:
path: action path: action
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -59,16 +55,16 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
with: with:
path: action path: action
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
id: buildx id: buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -108,16 +104,16 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
with: with:
path: action path: action
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
id: buildx id: buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -167,14 +163,14 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
id: buildx id: buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -216,11 +212,11 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Docker meta name: Docker meta
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v4
with: with:
images: ${{ env.DOCKER_IMAGE }} images: ${{ env.DOCKER_IMAGE }}
tags: | tags: |
@ -233,7 +229,7 @@ jobs:
type=sha type=sha
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -272,11 +268,11 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Stop docker name: Stop docker
run: | run: |
sudo systemctl stop docker docker.socket sudo systemctl stop docker
- -
name: Build name: Build
id: docker_build id: docker_build
@ -299,13 +295,13 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -340,7 +336,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Build name: Build
id: docker_build id: docker_build
@ -356,7 +352,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Build name: Build
uses: ./ uses: ./
@ -375,10 +371,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -393,40 +389,15 @@ jobs:
MYSECRET=foo MYSECRET=foo
INVALID_SECRET= INVALID_SECRET=
secret-envs:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
env:
ENV_SECRET: foo
with:
context: .
file: ./test/secret.Dockerfile
secret-envs: |
MYSECRET=ENV_SECRET
INVALID_SECRET=
network: network:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -447,10 +418,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -469,10 +440,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -494,10 +465,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -517,10 +488,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -542,10 +513,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -576,10 +547,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ matrix.buildx }} version: ${{ matrix.buildx }}
driver-opts: | driver-opts: |
@ -598,31 +569,19 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
include: attrs:
- target: image - ''
output: type=image,name=localhost:5000/name/app:latest,push=true - mode=max
attr: mode=max - builder-id=foo
- target: image - false
output: type=image,name=localhost:5000/name/app:latest,push=true - true
attr: ''
- target: binary
output: /tmp/buildx-build
attr: mode=max
- target: binary
output: /tmp/buildx-build
attr: ''
services:
registry:
image: registry:2
ports:
- 5000:5000
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -634,24 +593,11 @@ jobs:
with: with:
context: ./test/go context: ./test/go
file: ./test/go/Dockerfile file: ./test/go/Dockerfile
target: ${{ matrix.target }} target: binary
outputs: ${{ matrix.output }} outputs: type=oci,dest=/tmp/build.tar
provenance: ${{ matrix.attr }} provenance: ${{ matrix.attrs }}
- cache-from: type=gha,scope=provenance
name: Inspect Provenance cache-to: type=gha,scope=provenance,mode=max
if: matrix.target == 'image'
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .Provenance}}'
-
name: Check output folder
if: matrix.target == 'binary'
run: |
tree /tmp/buildx-build
-
name: Print local Provenance
if: matrix.target == 'binary'
run: |
cat /tmp/buildx-build/provenance.json | jq
sbom: sbom:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -671,10 +617,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -692,17 +638,22 @@ jobs:
cache-from: type=gha,scope=attests-${{ matrix.target }} cache-from: type=gha,scope=attests-${{ matrix.target }}
cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max
- -
name: Inspect SBOM name: Inspect image
if: matrix.target == 'image' if: matrix.target == 'image'
run: | run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .SBOM}}' docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
- -
name: Check output folder name: Check output folder
if: matrix.target == 'binary' if: matrix.target == 'binary'
run: | run: |
tree /tmp/buildx-build tree /tmp/buildx-build
- -
name: Print local SBOM name: Print provenance
if: matrix.target == 'binary'
run: |
cat /tmp/buildx-build/provenance.json | jq
-
name: Print SBOM
if: matrix.target == 'binary' if: matrix.target == 'binary'
run: | run: |
cat /tmp/buildx-build/sbom.spdx.json | jq cat /tmp/buildx-build/sbom.spdx.json | jq
@ -723,14 +674,14 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
id: buildx id: buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -784,6 +735,12 @@ jobs:
- driver: docker-container - driver: docker-container
load: true load: true
push: true push: true
- driver: docker
load: false
push: false
- driver: docker-container
load: false
push: false
services: services:
registry: registry:
image: registry:2 image: registry:2
@ -792,10 +749,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver: ${{ matrix.driver }} driver: ${{ matrix.driver }}
@ -817,13 +774,9 @@ jobs:
docker image ls --no-trunc docker image ls --no-trunc
- -
name: Check digest name: Check digest
if: ${{ matrix.push }}
run: | run: |
if [[ "${{ matrix.driver }}" = "docker-container" ]] && [[ "${{ matrix.load }}" = "false" ]] && [[ "${{ matrix.push }}" = "false" ]]; then if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
if [ -n "${{ steps.docker_build.outputs.digest }}" ]; then
echo "::error::Digest should be empty"
exit 1
fi
elif [[ "${{ matrix.push }}" = "true" ]] && [[ -z "${{ steps.docker_build.outputs.digest }}" ]]; then
echo "::error::Digest should not be empty" echo "::error::Digest should not be empty"
exit 1 exit 1
fi fi
@ -836,12 +789,7 @@ jobs:
- -
name: Check image ID name: Check image ID
run: | run: |
if [[ "${{ matrix.driver }}" = "docker-container" ]] && [[ "${{ matrix.load }}" = "false" ]] && [[ "${{ matrix.push }}" = "false" ]]; then if [ -z "${{ steps.docker_build.outputs.imageid }}" ]; then
if [ -n "${{ steps.docker_build.outputs.imageid }}" ]; then
echo "::error::Image ID should be empty"
exit 1
fi
elif [ -z "${{ steps.docker_build.outputs.imageid }}" ]; then
echo "::error::Image ID should not be empty" echo "::error::Image ID should not be empty"
exit 1 exit 1
fi fi
@ -862,13 +810,13 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -911,13 +859,13 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -942,80 +890,19 @@ jobs:
run: | run: |
docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'
local-cache:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Cache Build
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-local-test-${{ github.sha }}
restore-keys: |
${{ runner.os }}-local-test-
-
name: Build and push
uses: ./
with:
context: ./test
file: ./test/multi.Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
localhost:5000/name/app:latest
localhost:5000/name/app:1.0.0
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
-
name: Inspect
run: |
docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'
-
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
standalone: standalone:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Uninstall docker cli name: Uninstall moby cli
run: | run: |
if dpkg -s "docker-ce" >/dev/null 2>&1; then sudo apt-get purge -y moby-cli moby-buildx
sudo dpkg -r --force-depends docker-ce-cli docker-buildx-plugin
else
sudo apt-get purge -y moby-cli moby-buildx
fi
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -1033,10 +920,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -1055,10 +942,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver: docker driver: docker
@ -1089,10 +976,10 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: | driver-opts: |
@ -1114,352 +1001,3 @@ jobs:
file: ./test/named-context.Dockerfile file: ./test/named-context.Dockerfile
build-contexts: | build-contexts: |
alpine=docker-image://localhost:5000/my-base-image:latest alpine=docker-image://localhost:5000/my-base-image:latest
docker-config-malformed:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set malformed docker config
run: |
mkdir -p ~/.docker
echo 'foo_bar' >> ~/.docker/config.json
-
name: Build
uses: ./
with:
context: ./test
proxy-docker-config:
runs-on: ubuntu-latest
services:
squid-proxy:
image: ubuntu/squid:latest
ports:
- 3128:3128
steps:
-
name: Check proxy
run: |
netstat -aptn
curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
-
name: Checkout
uses: actions/checkout@v4
-
name: Set proxy config
run: |
mkdir -p ~/.docker
echo '{"proxies":{"default":{"httpProxy":"http://127.0.0.1:3128","httpsProxy":"http://127.0.0.1:3128"}}}' > ~/.docker/config.json
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
network=host
buildkitd-flags: --debug
-
name: Build
uses: ./
with:
context: ./test
file: ./test/proxy.Dockerfile
proxy-buildkitd:
runs-on: ubuntu-latest
services:
squid-proxy:
image: ubuntu/squid:latest
ports:
- 3128:3128
steps:
-
name: Check proxy
run: |
netstat -aptn
curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
network=host
env.http_proxy=http://127.0.0.1:3128
env.https_proxy=http://127.0.0.1:3128
buildkitd-flags: --debug
-
name: Build
uses: ./
with:
context: ./test
file: ./test/Dockerfile
annotations:
runs-on: ubuntu-latest
env:
DOCKER_IMAGE: localhost:5000/name/app
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKER_IMAGE }}
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build and push to local registry
uses: ./
with:
context: ./test
file: ./test/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
annotations: |
index:com.example.key=value
index:com.example.key2=value2
manifest:com.example.key3=value3
-
name: Check manifest
run: |
docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} --format '{{json .}}'
multi-output:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Build
uses: ./
with:
context: ./test
file: ./test/Dockerfile
outputs: |
type=image,name=localhost:5000/name/app:latest,push=true
type=docker,name=app:local
type=oci,dest=/tmp/oci.tar
-
name: Check registry
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
-
name: Check docker
run: |
docker image inspect app:local
-
name: Check oci
run: |
set -ex
mkdir -p /tmp/oci-out
tar xf /tmp/oci.tar -C /tmp/oci-out
tree -nh /tmp/oci-out
load-and-push:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Build
uses: ./
with:
context: ./test
file: ./test/Dockerfile
load: true
push: true
tags: localhost:5000/name/app:latest
-
name: Check registry
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
-
name: Check docker
run: |
docker image inspect localhost:5000/name/app:latest
summary-disable:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: action
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./action
with:
file: ./test/Dockerfile
env:
DOCKER_BUILD_SUMMARY: false
summary-disable-deprecated:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: action
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./action
with:
file: ./test/Dockerfile
env:
DOCKER_BUILD_NO_SUMMARY: true
summary-not-supported:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: action
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: v0.12.1
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./action
with:
file: ./test/Dockerfile
record-upload-disable:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: action
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./action
with:
file: ./test/Dockerfile
env:
DOCKER_BUILD_RECORD_UPLOAD: false
record-retention-days:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
days:
- 2
- 0
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: action
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./action
with:
file: ./test/Dockerfile
env:
DOCKER_BUILD_RECORD_RETENTION_DAYS: ${{ matrix.days }}

121
.github/workflows/e2e.yml vendored
View File

@ -1,11 +1,19 @@
name: e2e name: e2e
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on: on:
workflow_dispatch: workflow_dispatch:
inputs:
buildx-version:
description: 'Buildx version or Git context'
default: 'latest'
required: false
buildkit-image:
description: 'BuildKit image'
default: 'moby/buildkit:buildx-stable-1'
required: false
tag:
description: 'Additional tag to push'
required: false
schedule: schedule:
- cron: '0 10 * * *' - cron: '0 10 * * *'
push: push:
@ -14,9 +22,16 @@ on:
tags: tags:
- 'v*' - 'v*'
env:
BUILDX_VERSION: latest
BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
HARBOR_VERSION: v2.7.0
NEXUS_VERSION: 3.47.1
DISTRIBUTION_VERSION: 2.8.1
jobs: jobs:
build: build:
uses: ./.github/workflows/.e2e-run.yml runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -90,8 +105,8 @@ jobs:
type: remote type: remote
- -
name: Artifactory name: Artifactory
registry: infradock.jfrog.io registry: buildkitghactiontests.jfrog.io
slug: infradock.jfrog.io/test-ghaction/build-push-action slug: buildkitghactiontests.jfrog.io/ghactiontest/test-docker-action
username_secret: ARTIFACTORY_USERNAME username_secret: ARTIFACTORY_USERNAME
password_secret: ARTIFACTORY_TOKEN password_secret: ARTIFACTORY_TOKEN
type: remote type: remote
@ -103,12 +118,86 @@ jobs:
name: Nexus name: Nexus
id: nexus id: nexus
type: local type: local
with: steps:
id: ${{ matrix.id }} -
type: ${{ matrix.type }} name: Checkout
name: ${{ matrix.name }} uses: actions/checkout@v3
registry: ${{ matrix.registry }} -
slug: ${{ matrix.slug }} name: Set up env
username_secret: ${{ matrix.username_secret }} if: matrix.type == 'local'
password_secret: ${{ matrix.password_secret }} run: |
secrets: inherit cat ./.github/e2e/${{ matrix.id }}/env >> $GITHUB_ENV
-
name: Set up BuildKit config
run: |
touch /tmp/buildkitd.toml
if [ "${{ matrix.type }}" = "local" ]; then
echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
fi
-
name: Set up Docker daemon
if: matrix.type == 'local'
run: |
if [ ! -e /etc/docker/daemon.json ]; then
echo '{}' | tee /etc/docker/daemon.json >/dev/null
fi
DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
sudo service docker restart
-
name: Install ${{ matrix.name }}
if: matrix.type == 'local'
run: |
sudo -E bash ./.github/e2e/${{ matrix.id }}/install.sh
-
name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY_SLUG || matrix.slug }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
config: /tmp/buildkitd.toml
buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
network=host
-
name: Login to Registry
if: github.event_name != 'pull_request' && (env.REGISTRY_USER || matrix.username_secret) != ''
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY_FQDN || matrix.registry }}
username: ${{ env.REGISTRY_USER || secrets[matrix.username_secret] }}
password: ${{ env.REGISTRY_PASSWORD || secrets[matrix.password_secret] }}
-
name: Build and push
uses: ./
with:
context: ./test
file: ./test/multi.Dockerfile
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || matrix.slug }}:master
cache-to: type=inline
-
name: Inspect image
run: |
docker pull ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
-
name: Check manifest
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'

11
.github/workflows/test.yml vendored
View File

@ -1,9 +1,5 @@
name: test name: test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on: on:
push: push:
branches: branches:
@ -17,15 +13,14 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Test name: Test
uses: docker/bake-action@v5 uses: docker/bake-action@v3
with: with:
targets: test targets: test
- -
name: Upload coverage name: Upload coverage
uses: codecov/codecov-action@v4 uses: codecov/codecov-action@v3
with: with:
file: ./coverage/clover.xml file: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }}

10
.github/workflows/validate.yml vendored
View File

@ -1,9 +1,5 @@
name: validate name: validate
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on: on:
push: push:
branches: branches:
@ -19,7 +15,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Targets matrix name: Targets matrix
id: targets id: targets
@ -37,9 +33,9 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Validate name: Validate
uses: docker/bake-action@v5 uses: docker/bake-action@v3
with: with:
targets: ${{ matrix.target }} targets: ${{ matrix.target }}

66
.gitignore vendored
View File

@ -1,5 +1,7 @@
# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore node_modules
lib
# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs # Logs
logs logs
*.log *.log
@ -7,7 +9,6 @@ npm-debug.log*
yarn-debug.log* yarn-debug.log*
yarn-error.log* yarn-error.log*
lerna-debug.log* lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html) # Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@ -18,14 +19,34 @@ pids
*.seed *.seed
*.pid.lock *.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul # Coverage directory used by tools like istanbul
coverage coverage
*.lcov *.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories # Dependency directories
node_modules/
jspm_packages/ jspm_packages/
# TypeScript v1 declaration files
typings/
# TypeScript cache # TypeScript cache
*.tsbuildinfo *.tsbuildinfo
@ -35,19 +56,36 @@ jspm_packages/
# Optional eslint cache # Optional eslint cache
.eslintcache .eslintcache
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file # Yarn Integrity file
.yarn-integrity .yarn-integrity
# dotenv environment variable files # dotenv environment variables file
.env .env
.env.development.local .env.test
.env.test.local
.env.production.local
.env.local
# yarn v2 # parcel-bundler cache (https://parceljs.org/)
.yarn/cache .cache
.yarn/unplugged
.yarn/build-state.yml # next.js build output
.yarn/install-state.gz .next
.pnp.*
# nuxt.js build output
.nuxt
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/

6
.prettierignore
View File

@ -1,6 +0,0 @@
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/

541
.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs vendored
View File

File diff suppressed because one or more lines are too long

13
.yarnrc.yml
View File

@ -1,13 +0,0 @@
logFilters:
- code: YN0013
level: discard
- code: YN0019
level: discard
- code: YN0076
level: discard
nodeLinker: node-modules
plugins:
- path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
spec: "@yarnpkg/plugin-interactive-tools"

96
README.md
View File

@ -19,11 +19,21 @@ ___
* [Git context](#git-context) * [Git context](#git-context)
* [Path context](#path-context) * [Path context](#path-context)
* [Examples](#examples) * [Examples](#examples)
* [Summaries](#summaries) * [Multi-platform image](https://docs.docker.com/build/ci/github-actions/multi-platform/)
* [Secrets](https://docs.docker.com/build/ci/github-actions/secrets/)
* [Push to multi-registries](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)
* [Manage tags and labels](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)
* [Cache management](https://docs.docker.com/build/ci/github-actions/cache/)
* [Export to Docker](https://docs.docker.com/build/ci/github-actions/export-docker/)
* [Test before push](https://docs.docker.com/build/ci/github-actions/test-before-push/)
* [Local registry](https://docs.docker.com/build/ci/github-actions/local-registry/)
* [Share built image between jobs](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)
* [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
* [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
* [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
* [Customizing](#customizing) * [Customizing](#customizing)
* [inputs](#inputs) * [inputs](#inputs)
* [outputs](#outputs) * [outputs](#outputs)
* [environment variables](#environment-variables)
* [Troubleshooting](#troubleshooting) * [Troubleshooting](#troubleshooting)
* [Contributing](#contributing) * [Contributing](#contributing)
@ -55,6 +65,8 @@ name: ci
on: on:
push: push:
branches:
- 'main'
jobs: jobs:
docker: docker:
@ -62,19 +74,19 @@ jobs:
steps: steps:
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
- -
name: Login to Docker Hub name: Login to Docker Hub
uses: docker/login-action@v3 uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- -
name: Build and push name: Build and push
uses: docker/build-push-action@v6 uses: docker/build-push-action@v4
with: with:
push: true push: true
tags: user/app:latest tags: user/app:latest
@ -92,15 +104,28 @@ expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
to the default Git context: to the default Git context:
```yaml ```yaml
-
# Setting up Docker Buildx with docker-container driver is required
# at the moment to be able to use a subdirectory with Git context
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- -
name: Build and push name: Build and push
uses: docker/build-push-action@v6 uses: docker/build-push-action@v4
with: with:
context: "{{defaultContext}}:mysubdir" context: "{{defaultContext}}:mysubdir"
push: true push: true
tags: user/app:latest tags: user/app:latest
``` ```
> **Warning**
>
> Subdirectory for Git context is available from [BuildKit v0.9.0](https://github.com/moby/buildkit/releases/tag/v0.9.0).
> If you're using the `docker` builder (default if `setup-buildx-action` not used),
> then BuildKit in Docker Engine will be used. As Docker Engine < v22.x.x embeds
> Buildkit 0.8.2 at the moment, it does not support this feature. It's therefore
> required to use the `setup-buildx-action` at the moment.
Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication), Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
so it does not need to be passed. If you want to authenticate against another so it does not need to be passed. If you want to authenticate against another
private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets) private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets)
@ -109,7 +134,7 @@ named `GIT_AUTH_TOKEN` to be able to authenticate against it with Buildx:
```yaml ```yaml
- -
name: Build and push name: Build and push
uses: docker/build-push-action@v6 uses: docker/build-push-action@v4
with: with:
push: true push: true
tags: user/app:latest tags: user/app:latest
@ -124,6 +149,8 @@ name: ci
on: on:
push: push:
branches:
- 'main'
jobs: jobs:
docker: docker:
@ -131,22 +158,22 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
- -
name: Login to Docker Hub name: Login to Docker Hub
uses: docker/login-action@v3 uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- -
name: Build and push name: Build and push
uses: docker/build-push-action@v6 uses: docker/build-push-action@v4
with: with:
context: . context: .
push: true push: true
@ -167,35 +194,12 @@ jobs:
* [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/) * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
* [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/) * [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
* [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/) * [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
* [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/)
* [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/)
* [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/)
## Summaries
This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)
that provides a detailed overview of the build execution. The summary shows an
overview of all the steps executed during the build, including the build inputs
and eventual errors.
![build-push-action job summary](./.github/build-push-summary.png)
The summary also includes a link for downloading the build record with
additional details about the build, including build stats, logs, outputs, and
more. The build record can be imported to Docker Desktop for inspecting the
build in greater detail.
Summaries are enabled by default, but can be disabled with the
`DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
For more information about summaries, refer to the
[documentation](https://docs.docker.com/go/build-summary/).
## Customizing ## Customizing
### inputs ### inputs
The following inputs can be used as `step.with` keys: Following inputs can be used as `step.with` keys
> `List` type is a newline-delimited string > `List` type is a newline-delimited string
> ```yaml > ```yaml
@ -213,7 +217,6 @@ The following inputs can be used as `step.with` keys:
|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) | | `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) |
| `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) | | `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) |
| `annotations` | List | List of annotation to set to the image |
| `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) | | `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) |
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) | | `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `build-args` | List | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg) | | `build-args` | List | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg) |
@ -228,14 +231,13 @@ The following inputs can be used as `step.with` keys:
| `network` | String | Set the networking mode for the `RUN` instructions during build | | `network` | String | Set the networking mode for the `RUN` instructions during build |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) | | `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `no-cache-filters` | List/CSV | Do not cache specified stages | | `no-cache-filters` | List/CSV | Do not cache specified stages |
| `outputs` | List | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`) | | `outputs`¹ | List | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`) |
| `platforms` | List/CSV | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build | | `platforms` | List/CSV | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build |
| `provenance` | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`) | | `provenance` | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`) |
| `pull` | Bool | Always attempt to pull all referenced images (default `false`) | | `pull` | Bool | Always attempt to pull all referenced images (default `false`) |
| `push` | Bool | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`) | | `push` | Bool | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`) |
| `sbom` | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`) | | `sbom` | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`) |
| `secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) | | `secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
| `secret-envs` | List/CSV | List of [secret env vars](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=envname`, `MY_SECRET=MY_ENV_VAR`) |
| `secret-files` | List | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) | | `secret-files` | List | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
| `shm-size` | String | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`) | | `shm-size` | String | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`) |
| `ssh` | List | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build | | `ssh` | List | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build |
@ -244,9 +246,13 @@ The following inputs can be used as `step.with` keys:
| `ulimit` | List | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`) | | `ulimit` | List | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`) |
| `github-token` | String | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) | | `github-token` | String | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) |
> **Note**
>
> * ¹ multiple `outputs` are [not yet supported](https://github.com/moby/buildkit/issues/1555)
### outputs ### outputs
The following outputs are available: Following outputs are available
| Name | Type | Description | | Name | Type | Description |
|------------|---------|-----------------------| |------------|---------|-----------------------|
@ -254,14 +260,6 @@ The following outputs are available:
| `digest` | String | Image digest | | `digest` | String | Image digest |
| `metadata` | JSON | Build result metadata | | `metadata` | JSON | Build result metadata |
### environment variables
| Name | Type | Default | Description |
|--------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `DOCKER_BUILD_SUMMARY` | Bool | `true` | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled |
| `DOCKER_BUILD_RECORD_UPLOAD` | Bool | `true` | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled |
| `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number | | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
## Troubleshooting ## Troubleshooting
See [TROUBLESHOOTING.md](TROUBLESHOOTING.md) See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)

39
TROUBLESHOOTING.md
View File

@ -4,7 +4,6 @@
* [BuildKit container logs](#buildkit-container-logs) * [BuildKit container logs](#buildkit-container-logs)
* [With containerd](#with-containerd) * [With containerd](#with-containerd)
* [`repository name must be lowercase`](#repository-name-must-be-lowercase) * [`repository name must be lowercase`](#repository-name-must-be-lowercase)
* [Image not loaded](#image-not-loaded)
## Cannot push to a registry ## Cannot push to a registry
@ -45,13 +44,13 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v2
with: with:
buildkitd-flags: --debug buildkitd-flags: --debug
- -
@ -59,7 +58,7 @@ jobs:
uses: crazy-max/ghaction-setup-containerd@v2 uses: crazy-max/ghaction-setup-containerd@v2
- -
name: Build Docker image name: Build Docker image
uses: docker/build-push-action@v6 uses: docker/build-push-action@v4
with: with:
context: . context: .
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
@ -112,7 +111,7 @@ to generate sanitized tags:
tags: latest tags: latest
- name: Build and push - name: Build and push
uses: docker/build-push-action@v6 uses: docker/build-push-action@v4
with: with:
context: . context: .
push: true push: true
@ -130,35 +129,9 @@ Or a dedicated step to sanitize the slug:
script: return 'ghcr.io/${{ github.repository }}'.toLowerCase() script: return 'ghcr.io/${{ github.repository }}'.toLowerCase()
- name: Build and push - name: Build and push
uses: docker/build-push-action@v6 uses: docker/build-push-action@v4
with: with:
context: . context: .
push: true push: true
tags: ${{ steps.repo_slug.outputs.result }}:latest tags: ${{ steps.repo_slug.outputs.result }}:latest
``` ```
## Image not loaded
Sometimes when your workflows are heavy consumers of disk storage, it can happen that build-push-action declares that the built image is loaded, but then not found in the following workflow steps.
- You can use the following solution as workaround, to free space on disk before building docker image using the following workflow step
```yaml
# Free disk space
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android
sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
```
- Another workaround can be to call `docker/setup-buildx-action` with docker driver
```yaml
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: docker
```
More details in the [related issue](https://github.com/docker/build-push-action/issues/321)

278
__tests__/context.test.ts
View File

@ -1,16 +1,13 @@
import {beforeEach, describe, expect, jest, test} from '@jest/globals'; import {beforeEach, describe, expect, jest, test} from '@jest/globals';
import * as fs from 'fs'; import * as fs from 'fs';
import * as path from 'path'; import * as path from 'path';
import {Builder} from '@docker/actions-toolkit/lib/buildx/builder'; import {Builder} from '@docker/actions-toolkit/lib/buildx/builder';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx'; import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
import {Context} from '@docker/actions-toolkit/lib/context'; import {Context} from '@docker/actions-toolkit/lib/context';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker'; import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
import {GitHub} from '@docker/actions-toolkit/lib/github'; import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {BuilderInfo} from '@docker/actions-toolkit/lib/types/builder';
import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github'; import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github';
import * as context from '../src/context'; import * as context from '../src/context';
@ -38,16 +35,6 @@ jest.spyOn(Docker, 'isAvailable').mockImplementation(async (): Promise<boolean>
return true; return true;
}); });
const metadataJson = path.join(tmpDir, 'metadata.json');
jest.spyOn(Build.prototype, 'getMetadataFilePath').mockImplementation((): string => {
return metadataJson;
});
const imageIDFilePath = path.join(tmpDir, 'iidfile.txt');
jest.spyOn(Build.prototype, 'getImageIDFilePath').mockImplementation((): string => {
return imageIDFilePath;
});
jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<BuilderInfo> => { jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<BuilderInfo> => {
return { return {
name: 'builder2', name: 'builder2',
@ -91,7 +78,7 @@ describe('getArgs', () => {
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'.' '.'
] ]
], ],
@ -114,7 +101,7 @@ ccc"`],
'--build-arg', 'MY_ARG=val1,val2,val3', '--build-arg', 'MY_ARG=val1,val2,val3',
'--build-arg', 'ARG=val', '--build-arg', 'ARG=val',
'--build-arg', `MULTILINE=aaaa\nbbbb\nccc`, '--build-arg', `MULTILINE=aaaa\nbbbb\nccc`,
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'https://github.com/docker/build-push-action.git#refs/heads/master' 'https://github.com/docker/build-push-action.git#refs/heads/master'
] ]
], ],
@ -130,7 +117,7 @@ ccc"`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--tag', 'name/app:7.4', '--tag', 'name/app:7.4',
'--tag', 'name/app:latest', '--tag', 'name/app:latest',
'https://github.com/docker/build-push-action.git#refs/heads/master' 'https://github.com/docker/build-push-action.git#refs/heads/master'
@ -185,7 +172,7 @@ ccc"`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'.' '.'
] ]
], ],
@ -202,7 +189,7 @@ ccc"`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'.' '.'
] ]
@ -243,7 +230,7 @@ ccc"`],
[ [
'build', 'build',
'--file', './test/Dockerfile', '--file', './test/Dockerfile',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--platform', 'linux/amd64,linux/arm64', '--platform', 'linux/amd64,linux/arm64',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--builder', 'builder-git-context-2', '--builder', 'builder-git-context-2',
@ -277,7 +264,7 @@ ccc"`],
[ [
'build', 'build',
'--file', './test/Dockerfile', '--file', './test/Dockerfile',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--platform', 'linux/amd64,linux/arm64', '--platform', 'linux/amd64,linux/arm64',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--secret', `id=MYSECRET,src=${tmpName}`, '--secret', `id=MYSECRET,src=${tmpName}`,
@ -314,7 +301,7 @@ ccc`],
[ [
'build', 'build',
'--file', './test/Dockerfile', '--file', './test/Dockerfile',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--platform', 'linux/amd64,linux/arm64', '--platform', 'linux/amd64,linux/arm64',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--secret', `id=MYSECRET,src=${tmpName}`, '--secret', `id=MYSECRET,src=${tmpName}`,
@ -343,7 +330,7 @@ ccc`],
[ [
'build', 'build',
'--file', './test/Dockerfile', '--file', './test/Dockerfile',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--secret', `id=MY_SECRET,src=${tmpName}`, '--secret', `id=MY_SECRET,src=${tmpName}`,
'--builder', 'builder-git-context-2', '--builder', 'builder-git-context-2',
'--network', 'host', '--network', 'host',
@ -390,8 +377,8 @@ ccc`],
'--add-host', 'docker:10.180.0.1', '--add-host', 'docker:10.180.0.1',
'--add-host', 'foo:10.0.0.1', '--add-host', 'foo:10.0.0.1',
'--file', './test/Dockerfile', '--file', './test/Dockerfile',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'--network', 'host', '--network', 'host',
'--push', '--push',
'.' '.'
@ -419,11 +406,11 @@ nproc=3`],
'--add-host', 'foo:10.0.0.1', '--add-host', 'foo:10.0.0.1',
'--cgroup-parent', 'foo', '--cgroup-parent', 'foo',
'--file', './test/Dockerfile', '--file', './test/Dockerfile',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--shm-size', '2g', '--shm-size', '2g',
'--ulimit', 'nofile=1024:1024', '--ulimit', 'nofile=1024:1024',
'--ulimit', 'nproc=3', '--ulimit', 'nproc=3',
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'.' '.'
] ]
], ],
@ -439,8 +426,8 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'https://github.com/docker/build-push-action.git#refs/heads/master:docker' 'https://github.com/docker/build-push-action.git#refs/heads/master:docker'
] ]
], ],
@ -457,9 +444,9 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'https://github.com/docker/build-push-action.git#refs/heads/master:subdir' 'https://github.com/docker/build-push-action.git#refs/heads/master:subdir'
] ]
], ],
@ -476,8 +463,8 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'.' '.'
] ]
], ],
@ -493,9 +480,9 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`, "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'.' '.'
] ]
], ],
@ -512,9 +499,9 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--attest', `type=provenance,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`, "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'.' '.'
] ]
], ],
@ -531,9 +518,9 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`, "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'.' '.'
] ]
], ],
@ -550,9 +537,9 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--attest', 'type=provenance,disabled=true', "--provenance", 'false',
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'.' '.'
] ]
], ],
@ -569,9 +556,9 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--attest', 'type=provenance,builder-id=foo', "--provenance", 'builder-id=foo',
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'.' '.'
] ]
], ],
@ -588,9 +575,9 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
"--output", 'type=docker', "--output", 'type=docker',
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'.' '.'
] ]
], ],
@ -606,196 +593,9 @@ nproc=3`],
]), ]),
[ [
'build', 'build',
'--iidfile', imageIDFilePath, '--iidfile', path.join(tmpDir, 'iidfile'),
'--load', '--load',
'--metadata-file', metadataJson, '--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
[
25,
'0.10.0',
new Map<string, string>([
['context', '.'],
['build-args', `FOO=bar#baz`],
['load', 'true'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--build-arg', 'FOO=bar#baz',
'--iidfile', imageIDFilePath,
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
26,
'0.10.0',
new Map<string, string>([
['context', '.'],
['no-cache', 'false'],
['load', 'true'],
['push', 'false'],
['pull', 'false'],
['secret-envs', `MY_SECRET=MY_SECRET_ENV
ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
]),
[
'build',
'--secret', 'id=MY_SECRET,env=MY_SECRET_ENV',
'--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV',
'--iidfile', imageIDFilePath,
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
27,
'0.10.0',
new Map<string, string>([
['context', '.'],
['no-cache', 'false'],
['load', 'true'],
['push', 'false'],
['pull', 'false'],
['secret-envs', 'MY_SECRET=MY_SECRET_ENV,ANOTHER_SECRET=ANOTHER_SECRET_ENV']
]),
[
'build',
'--secret', 'id=MY_SECRET,env=MY_SECRET_ENV',
'--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV',
'--iidfile', imageIDFilePath,
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
28,
'0.11.0',
new Map<string, string>([
['context', '.'],
['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--output', 'type=local,dest=./release-out',
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
29,
'0.12.0',
new Map<string, string>([
['context', '.'],
['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--annotation', 'example1=www',
'--annotation', 'index:example2=xxx',
'--annotation', 'manifest:example3=yyy',
'--annotation', 'manifest-descriptor[linux/amd64]:example4=zzz',
'--output', 'type=local,dest=./release-out',
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
30,
'0.12.0',
new Map<string, string>([
['context', '.'],
['outputs', `type=image,"name=localhost:5000/name/app:latest,localhost:5000/name/app:foo",push-by-digest=true,name-canonical=true,push=true`],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
"--output", `type=image,"name=localhost:5000/name/app:latest,localhost:5000/name/app:foo",push-by-digest=true,name-canonical=true,push=true`,
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
31,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'mode=max'],
['sbom', 'true'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--attest', `type=sbom,disabled=false`,
'--metadata-file', metadataJson,
'.'
]
],
[
32,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['attests', 'type=provenance,mode=min'],
['provenance', 'mode=max'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
[
33,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['attests', 'type=provenance,mode=min'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=min,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.' '.'
] ]
], ],

8
action.yml
View File

@ -13,9 +13,6 @@ inputs:
allow: allow:
description: "List of extra privileged entitlement (e.g., network.host,security.insecure)" description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
required: false required: false
annotations:
description: "List of annotation to set to the image"
required: false
attests: attests:
description: "List of attestation parameters (e.g., type=sbom,generator=image)" description: "List of attestation parameters (e.g., type=sbom,generator=image)"
required: false required: false
@ -83,9 +80,6 @@ inputs:
secrets: secrets:
description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)" description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
required: false required: false
secret-envs:
description: "List of secret env vars to expose to the build (e.g., key=envname, MY_SECRET=MY_ENV_VAR)"
required: false
secret-files: secret-files:
description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)" description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
required: false required: false
@ -118,6 +112,6 @@ outputs:
description: 'Build result metadata' description: 'Build result metadata'
runs: runs:
using: 'node20' using: 'node16'
main: 'dist/index.js' main: 'dist/index.js'
post: 'dist/index.js' post: 'dist/index.js'

56
dev.Dockerfile
View File

@ -1,20 +1,15 @@
# syntax=docker/dockerfile:1 # syntax=docker/dockerfile:1
ARG NODE_VERSION=20 ARG NODE_VERSION=16
ARG DOCKER_VERSION=20.10.13
ARG BUILDX_VERSION=0.8.0
FROM node:${NODE_VERSION}-alpine AS base FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git RUN apk add --no-cache cpio findutils git
WORKDIR /src WORKDIR /src
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache <<EOT
corepack enable
yarn --version
yarn config set --home enableTelemetry 0
EOT
FROM base AS deps FROM base AS deps
RUN --mount=type=bind,target=.,rw \ RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \ --mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor yarn install && mkdir /vendor && cp yarn.lock /vendor
@ -23,19 +18,18 @@ COPY --from=deps /vendor /
FROM deps AS vendor-validate FROM deps AS vendor-validate
RUN --mount=type=bind,target=.,rw <<EOT RUN --mount=type=bind,target=.,rw <<EOT
set -e set -e
git add -A git add -A
cp -rf /vendor/* . cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"' echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock git status --porcelain -- yarn.lock
exit 1 exit 1
fi fi
EOT EOT
FROM deps AS build FROM deps AS build
RUN --mount=type=bind,target=.,rw \ RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \ --mount=type=cache,target=/src/node_modules \
yarn run build && mkdir /out && cp -Rf dist /out/ yarn run build && mkdir /out && cp -Rf dist /out/
@ -44,37 +38,39 @@ COPY --from=build /out /
FROM build AS build-validate FROM build AS build-validate
RUN --mount=type=bind,target=.,rw <<EOT RUN --mount=type=bind,target=.,rw <<EOT
set -e set -e
git add -A git add -A
cp -rf /out/* . cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"' echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist git status --porcelain -- dist
exit 1 exit 1
fi fi
EOT EOT
FROM deps AS format FROM deps AS format
RUN --mount=type=bind,target=.,rw \ RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \ --mount=type=cache,target=/src/node_modules \
yarn run format \ yarn run format \
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
FROM scratch AS format-update FROM scratch AS format-update
COPY --from=format /out / COPY --from=format /out /
FROM deps AS lint FROM deps AS lint
RUN --mount=type=bind,target=.,rw \ RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \ --mount=type=cache,target=/src/node_modules \
yarn run lint yarn run lint
FROM docker:${DOCKER_VERSION} as docker
FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
FROM deps AS test FROM deps AS test
RUN --mount=type=bind,target=.,rw \ RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \ --mount=type=cache,target=/src/node_modules \
yarn run test --coverage --coverageDirectory=/tmp/coverage --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
--mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
yarn run test --coverageDirectory=/tmp/coverage
FROM scratch AS test-coverage FROM scratch AS test-coverage
COPY --from=test /tmp/coverage / COPY --from=test /tmp/coverage /

93
dist/index.js generated vendored
View File

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

2787
dist/licenses.txt generated vendored
View File

File diff suppressed because it is too large Load Diff

4
docker-bake.hcl
View File

@ -3,7 +3,7 @@ group "default" {
} }
group "pre-checkin" { group "pre-checkin" {
targets = ["vendor", "format", "build"] targets = ["vendor-update", "format", "build"]
} }
group "validate" { group "validate" {
@ -34,7 +34,7 @@ target "lint" {
output = ["type=cacheonly"] output = ["type=cacheonly"]
} }
target "vendor" { target "vendor-update" {
dockerfile = "dev.Dockerfile" dockerfile = "dev.Dockerfile"
target = "vendor-update" target = "vendor-update"
output = ["."] output = ["."]

3
docs/advanced/cache.md Normal file
View File

@ -0,0 +1,3 @@
# Cache
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/cache/)

3
docs/advanced/copy-between-registries.md Normal file
View File

@ -0,0 +1,3 @@
# Copy images between registries
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)

3
docs/advanced/dockerhub-desc.md Normal file
View File

@ -0,0 +1,3 @@
# Update Docker Hub repo description
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)

3
docs/advanced/export-docker.md Normal file
View File

@ -0,0 +1,3 @@
# Export image to Docker
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/export-docker/)

3
docs/advanced/isolated-builders.md Normal file
View File

@ -0,0 +1,3 @@
# Isolated builders
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/configure-builder/#isolated-builders)

3
docs/advanced/local-registry.md Normal file
View File

@ -0,0 +1,3 @@
# Local registry
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/local-registry/)

3
docs/advanced/multi-platform.md Normal file
View File

@ -0,0 +1,3 @@
# Multi-platform image
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/multi-platform/)

3
docs/advanced/named-contexts.md Normal file
View File

@ -0,0 +1,3 @@
# Named contexts
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/named-contexts/)

3
docs/advanced/push-multi-registries.md Normal file
View File

@ -0,0 +1,3 @@
# Push to multi-registries
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)

3
docs/advanced/secrets.md Normal file
View File

@ -0,0 +1,3 @@
# Secrets
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/secrets/)

3
docs/advanced/share-image-jobs.md Normal file
View File

@ -0,0 +1,3 @@
# Share built image between jobs
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)

3
docs/advanced/tags-labels.md Normal file
View File

@ -0,0 +1,3 @@
# Handle tags and labels
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)

3
docs/advanced/test-before-push.md Normal file
View File

@ -0,0 +1,3 @@
# Test your image before pushing it
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/test-before-push/)

55
package.json
View File

@ -1,16 +1,13 @@
{ {
"name": "docker-build-push", "name": "docker-build-push",
"description": "Build and push Docker images", "description": "Build and push Docker images",
"main": "src/main.ts", "main": "lib/main.js",
"scripts": { "scripts": {
"build": "ncc build --source-map --minify --license licenses.txt", "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
"lint": "yarn run prettier && yarn run eslint", "lint": "eslint src/**/*.ts __tests__/**/*.ts",
"format": "yarn run prettier:fix && yarn run eslint:fix", "format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
"eslint": "eslint --max-warnings=0 .", "test": "jest --coverage",
"eslint:fix": "eslint --fix .", "all": "yarn run build && yarn run format && yarn test"
"prettier": "prettier --check \"./**/*.ts\"",
"prettier:fix": "prettier --write \"./**/*.ts\"",
"test": "jest"
}, },
"repository": { "repository": {
"type": "git", "type": "git",
@ -22,27 +19,33 @@
"build", "build",
"push" "push"
], ],
"author": "Docker Inc.", "author": "Docker",
"contributors": [
{
"name": "CrazyMax",
"url": "https://crazymax.dev"
}
],
"license": "Apache-2.0", "license": "Apache-2.0",
"packageManager": "yarn@3.6.3",
"dependencies": { "dependencies": {
"@actions/core": "^1.10.1", "@actions/core": "^1.10.0",
"@docker/actions-toolkit": "0.31.0", "@docker/actions-toolkit": "^0.3.0",
"handlebars": "^4.7.7" "handlebars": "^4.7.7"
}, },
"devDependencies": { "devDependencies": {
"@types/node": "^20.12.12", "@types/csv-parse": "^1.2.2",
"@typescript-eslint/eslint-plugin": "^7.9.0", "@types/node": "^16.18.21",
"@typescript-eslint/parser": "^7.9.0", "@typescript-eslint/eslint-plugin": "^5.56.0",
"@vercel/ncc": "^0.38.1", "@typescript-eslint/parser": "^5.56.0",
"eslint": "^8.57.0", "@vercel/ncc": "^0.36.1",
"eslint-config-prettier": "^9.1.0", "eslint": "^8.36.0",
"eslint-plugin-jest": "^28.5.0", "eslint-config-prettier": "^8.8.0",
"eslint-plugin-prettier": "^5.1.3", "eslint-plugin-jest": "^27.2.1",
"jest": "^29.7.0", "eslint-plugin-prettier": "^4.2.1",
"prettier": "^3.2.5", "jest": "^29.5.0",
"ts-jest": "^29.1.2", "prettier": "^2.8.7",
"ts-node": "^10.9.2", "ts-jest": "^29.0.5",
"typescript": "^5.4.5" "ts-node": "^10.9.1",
"typescript": "^4.9.5"
} }
} }

199
src/context.ts
View File

@ -1,30 +1,28 @@
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as handlebars from 'handlebars'; import * as handlebars from 'handlebars';
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
import {Context} from '@docker/actions-toolkit/lib/context'; import {Context} from '@docker/actions-toolkit/lib/context';
import {GitHub} from '@docker/actions-toolkit/lib/github'; import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {Util} from '@docker/actions-toolkit/lib/util'; import {Util} from '@docker/actions-toolkit/lib/util';
export interface Inputs { export interface Inputs {
'add-hosts': string[]; addHosts: string[];
allow: string[]; allow: string[];
annotations: string[];
attests: string[]; attests: string[];
'build-args': string[]; buildArgs: string[];
'build-contexts': string[]; buildContexts: string[];
builder: string; builder: string;
'cache-from': string[]; cacheFrom: string[];
'cache-to': string[]; cacheTo: string[];
'cgroup-parent': string; cgroupParent: string;
context: string; context: string;
file: string; file: string;
labels: string[]; labels: string[];
load: boolean; load: boolean;
network: string; network: string;
'no-cache': boolean; noCache: boolean;
'no-cache-filters': string[]; noCacheFilters: string[];
outputs: string[]; outputs: string[];
platforms: string[]; platforms: string[];
provenance: string; provenance: string;
@ -32,72 +30,50 @@ export interface Inputs {
push: boolean; push: boolean;
sbom: string; sbom: string;
secrets: string[]; secrets: string[];
'secret-envs': string[]; secretFiles: string[];
'secret-files': string[]; shmSize: string;
'shm-size': string;
ssh: string[]; ssh: string[];
tags: string[]; tags: string[];
target: string; target: string;
ulimit: string[]; ulimit: string[];
'github-token': string; githubToken: string;
} }
export async function getInputs(): Promise<Inputs> { export async function getInputs(): Promise<Inputs> {
return { return {
'add-hosts': Util.getInputList('add-hosts'), addHosts: Util.getInputList('add-hosts'),
allow: Util.getInputList('allow'), allow: Util.getInputList('allow'),
annotations: Util.getInputList('annotations', {ignoreComma: true}),
attests: Util.getInputList('attests', {ignoreComma: true}), attests: Util.getInputList('attests', {ignoreComma: true}),
'build-args': Util.getInputList('build-args', {ignoreComma: true}), buildArgs: Util.getInputList('build-args', {ignoreComma: true}),
'build-contexts': Util.getInputList('build-contexts', {ignoreComma: true}), buildContexts: Util.getInputList('build-contexts', {ignoreComma: true}),
builder: core.getInput('builder'), builder: core.getInput('builder'),
'cache-from': Util.getInputList('cache-from', {ignoreComma: true}), cacheFrom: Util.getInputList('cache-from', {ignoreComma: true}),
'cache-to': Util.getInputList('cache-to', {ignoreComma: true}), cacheTo: Util.getInputList('cache-to', {ignoreComma: true}),
'cgroup-parent': core.getInput('cgroup-parent'), cgroupParent: core.getInput('cgroup-parent'),
context: core.getInput('context') || Context.gitContext(), context: core.getInput('context') || Context.gitContext(),
file: core.getInput('file'), file: core.getInput('file'),
labels: Util.getInputList('labels', {ignoreComma: true}), labels: Util.getInputList('labels', {ignoreComma: true}),
load: core.getBooleanInput('load'), load: core.getBooleanInput('load'),
network: core.getInput('network'), network: core.getInput('network'),
'no-cache': core.getBooleanInput('no-cache'), noCache: core.getBooleanInput('no-cache'),
'no-cache-filters': Util.getInputList('no-cache-filters'), noCacheFilters: Util.getInputList('no-cache-filters'),
outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}), outputs: Util.getInputList('outputs', {ignoreComma: true}),
platforms: Util.getInputList('platforms'), platforms: Util.getInputList('platforms'),
provenance: Build.getProvenanceInput('provenance'), provenance: BuildxInputs.getProvenanceInput('provenance'),
pull: core.getBooleanInput('pull'), pull: core.getBooleanInput('pull'),
push: core.getBooleanInput('push'), push: core.getBooleanInput('push'),
sbom: core.getInput('sbom'), sbom: core.getInput('sbom'),
secrets: Util.getInputList('secrets', {ignoreComma: true}), secrets: Util.getInputList('secrets', {ignoreComma: true}),
'secret-envs': Util.getInputList('secret-envs'), secretFiles: Util.getInputList('secret-files', {ignoreComma: true}),
'secret-files': Util.getInputList('secret-files', {ignoreComma: true}), shmSize: core.getInput('shm-size'),
'shm-size': core.getInput('shm-size'),
ssh: Util.getInputList('ssh'), ssh: Util.getInputList('ssh'),
tags: Util.getInputList('tags'), tags: Util.getInputList('tags'),
target: core.getInput('target'), target: core.getInput('target'),
ulimit: Util.getInputList('ulimit', {ignoreComma: true}), ulimit: Util.getInputList('ulimit', {ignoreComma: true}),
'github-token': core.getInput('github-token') githubToken: core.getInput('github-token')
}; };
} }
export function sanitizeInputs(inputs: Inputs) {
const res = {};
for (const key of Object.keys(inputs)) {
if (key === 'github-token') {
continue;
}
const value: string | string[] | boolean = inputs[key];
if (typeof value === 'boolean' && value === false) {
continue;
} else if (Array.isArray(value) && value.length === 0) {
continue;
} else if (!value) {
continue;
}
res[key] = value;
}
return res;
}
export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> { export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
const context = handlebars.compile(inputs.context)({ const context = handlebars.compile(inputs.context)({
defaultContext: Context.gitContext() defaultContext: Context.gitContext()
@ -112,55 +88,44 @@ export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<s
async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): Promise<Array<string>> { async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = ['build']; const args: Array<string> = ['build'];
await Util.asyncForEach(inputs['add-hosts'], async addHost => { await Util.asyncForEach(inputs.addHosts, async addHost => {
args.push('--add-host', addHost); args.push('--add-host', addHost);
}); });
if (inputs.allow.length > 0) { if (inputs.allow.length > 0) {
args.push('--allow', inputs.allow.join(',')); args.push('--allow', inputs.allow.join(','));
} }
if (await toolkit.buildx.versionSatisfies('>=0.12.0')) { if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
await Util.asyncForEach(inputs.annotations, async annotation => { await Util.asyncForEach(inputs.attests, async attest => {
args.push('--annotation', annotation); args.push('--attest', attest);
}); });
} else if (inputs.annotations.length > 0) {
core.warning("Annotations are only supported by buildx >= 0.12.0; the input 'annotations' is ignored.");
} }
await Util.asyncForEach(inputs['build-args'], async buildArg => { await Util.asyncForEach(inputs.buildArgs, async buildArg => {
args.push('--build-arg', buildArg); args.push('--build-arg', buildArg);
}); });
if (await toolkit.buildx.versionSatisfies('>=0.8.0')) { if (await toolkit.buildx.versionSatisfies('>=0.8.0')) {
await Util.asyncForEach(inputs['build-contexts'], async buildContext => { await Util.asyncForEach(inputs.buildContexts, async buildContext => {
args.push('--build-context', buildContext); args.push('--build-context', buildContext);
}); });
} else if (inputs['build-contexts'].length > 0) {
core.warning("Build contexts are only supported by buildx >= 0.8.0; the input 'build-contexts' is ignored.");
} }
await Util.asyncForEach(inputs['cache-from'], async cacheFrom => { await Util.asyncForEach(inputs.cacheFrom, async cacheFrom => {
args.push('--cache-from', cacheFrom); args.push('--cache-from', cacheFrom);
}); });
await Util.asyncForEach(inputs['cache-to'], async cacheTo => { await Util.asyncForEach(inputs.cacheTo, async cacheTo => {
args.push('--cache-to', cacheTo); args.push('--cache-to', cacheTo);
}); });
if (inputs['cgroup-parent']) { if (inputs.cgroupParent) {
args.push('--cgroup-parent', inputs['cgroup-parent']); args.push('--cgroup-parent', inputs.cgroupParent);
} }
await Util.asyncForEach(inputs['secret-envs'], async secretEnv => {
try {
args.push('--secret', Build.resolveSecretEnv(secretEnv));
} catch (err) {
core.warning(err.message);
}
});
if (inputs.file) { if (inputs.file) {
args.push('--file', inputs.file); args.push('--file', inputs.file);
} }
if (!Build.hasLocalExporter(inputs.outputs) && !Build.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) { if (!BuildxInputs.hasLocalExporter(inputs.outputs) && !BuildxInputs.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
args.push('--iidfile', toolkit.buildxBuild.getImageIDFilePath()); args.push('--iidfile', BuildxInputs.getBuildImageIDFilePath());
} }
await Util.asyncForEach(inputs.labels, async label => { await Util.asyncForEach(inputs.labels, async label => {
args.push('--label', label); args.push('--label', label);
}); });
await Util.asyncForEach(inputs['no-cache-filters'], async noCacheFilter => { await Util.asyncForEach(inputs.noCacheFilters, async noCacheFilter => {
args.push('--no-cache-filter', noCacheFilter); args.push('--no-cache-filter', noCacheFilter);
}); });
await Util.asyncForEach(inputs.outputs, async output => { await Util.asyncForEach(inputs.outputs, async output => {
@ -170,29 +135,44 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
args.push('--platform', inputs.platforms.join(',')); args.push('--platform', inputs.platforms.join(','));
} }
if (await toolkit.buildx.versionSatisfies('>=0.10.0')) { if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
args.push(...(await getAttestArgs(inputs, toolkit))); if (inputs.provenance) {
} else { args.push('--provenance', inputs.provenance);
core.warning("Attestations are only supported by buildx >= 0.10.0; the inputs 'attests', 'provenance' and 'sbom' are ignored."); } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !BuildxInputs.hasDockerExporter(inputs.outputs, inputs.load)) {
// if provenance not specified and BuildKit version compatible for
// attestation, set default provenance. Also needs to make sure user
// doesn't want to explicitly load the image to docker.
if (GitHub.context.payload.repository?.private ?? false) {
// if this is a private repository, we set the default provenance
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=min,inline-only=true`));
} else {
// for a public repository, we set max provenance mode.
args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=max`));
}
}
if (inputs.sbom) {
args.push('--sbom', inputs.sbom);
}
} }
await Util.asyncForEach(inputs.secrets, async secret => { await Util.asyncForEach(inputs.secrets, async secret => {
try { try {
args.push('--secret', Build.resolveSecretString(secret)); args.push('--secret', BuildxInputs.resolveBuildSecretString(secret));
} catch (err) { } catch (err) {
core.warning(err.message); core.warning(err.message);
} }
}); });
await Util.asyncForEach(inputs['secret-files'], async secretFile => { await Util.asyncForEach(inputs.secretFiles, async secretFile => {
try { try {
args.push('--secret', Build.resolveSecretFile(secretFile)); args.push('--secret', BuildxInputs.resolveBuildSecretFile(secretFile));
} catch (err) { } catch (err) {
core.warning(err.message); core.warning(err.message);
} }
}); });
if (inputs['github-token'] && !Build.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) { if (inputs.githubToken && !BuildxInputs.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
args.push('--secret', Build.resolveSecretString(`GIT_AUTH_TOKEN=${inputs['github-token']}`)); args.push('--secret', BuildxInputs.resolveBuildSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
} }
if (inputs['shm-size']) { if (inputs.shmSize) {
args.push('--shm-size', inputs['shm-size']); args.push('--shm-size', inputs.shmSize);
} }
await Util.asyncForEach(inputs.ssh, async ssh => { await Util.asyncForEach(inputs.ssh, async ssh => {
args.push('--ssh', ssh); args.push('--ssh', ssh);
@ -218,12 +198,12 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
args.push('--load'); args.push('--load');
} }
if (await toolkit.buildx.versionSatisfies('>=0.6.0')) { if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
args.push('--metadata-file', toolkit.buildxBuild.getMetadataFilePath()); args.push('--metadata-file', BuildxInputs.getBuildMetadataFilePath());
} }
if (inputs.network) { if (inputs.network) {
args.push('--network', inputs.network); args.push('--network', inputs.network);
} }
if (inputs['no-cache']) { if (inputs.noCache) {
args.push('--no-cache'); args.push('--no-cache');
} }
if (inputs.pull) { if (inputs.pull) {
@ -234,52 +214,3 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
} }
return args; return args;
} }
async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = [];
// check if provenance attestation is set in attests input
let hasAttestProvenance = false;
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (Build.hasAttestationType('provenance', attest)) {
hasAttestProvenance = true;
}
});
let provenanceSet = false;
let sbomSet = false;
if (inputs.provenance) {
args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
provenanceSet = true;
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
// if provenance not specified in provenance or attests inputs and BuildKit
// version compatible for attestation, set default provenance. Also needs
// to make sure user doesn't want to explicitly load the image to docker.
if (GitHub.context.payload.repository?.private ?? false) {
// if this is a private repository, we set the default provenance
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
} else {
// for a public repository, we set max provenance mode.
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`);
}
}
if (inputs.sbom) {
args.push('--attest', Build.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
sbomSet = true;
}
// set attests but check if provenance or sbom types already set as
// provenance and sbom inputs take precedence over attests input.
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (!Build.hasAttestationType('provenance', attest) && !Build.hasAttestationType('sbom', attest)) {
args.push('--attest', Build.resolveAttestationAttrs(attest));
} else if (!provenanceSet && Build.hasAttestationType('provenance', attest)) {
args.push('--attest', Build.resolveProvenanceAttrs(attest));
} else if (!sbomSet && Build.hasAttestationType('sbom', attest)) {
args.push('--attest', attest);
}
});
return args;
}

184
src/main.ts
View File

@ -1,32 +1,20 @@
import * as fs from 'fs'; import * as fs from 'fs';
import * as path from 'path';
import * as stateHelper from './state-helper'; import * as stateHelper from './state-helper';
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as actionsToolkit from '@docker/actions-toolkit'; import * as actionsToolkit from '@docker/actions-toolkit';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
import {History as BuildxHistory} from '@docker/actions-toolkit/lib/buildx/history';
import {Context} from '@docker/actions-toolkit/lib/context'; import {Context} from '@docker/actions-toolkit/lib/context';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker'; import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
import {Exec} from '@docker/actions-toolkit/lib/exec'; import {Exec} from '@docker/actions-toolkit/lib/exec';
import {GitHub} from '@docker/actions-toolkit/lib/github'; import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {Util} from '@docker/actions-toolkit/lib/util';
import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker/docker';
import {UploadArtifactResponse} from '@docker/actions-toolkit/lib/types/github';
import * as context from './context'; import * as context from './context';
actionsToolkit.run( actionsToolkit.run(
// main // main
async () => { async () => {
const startedTime = new Date();
const inputs: context.Inputs = await context.getInputs(); const inputs: context.Inputs = await context.getInputs();
core.debug(`inputs: ${JSON.stringify(inputs)}`);
stateHelper.setInputs(inputs);
const toolkit = new Toolkit(); const toolkit = new Toolkit();
await core.group(`GitHub Actions runtime token ACs`, async () => { await core.group(`GitHub Actions runtime token ACs`, async () => {
@ -46,31 +34,6 @@ actionsToolkit.run(
} }
}); });
await core.group(`Proxy configuration`, async () => {
let dockerConfig: ConfigFile | undefined;
let dockerConfigMalformed = false;
try {
dockerConfig = await Docker.configFile();
} catch (e) {
dockerConfigMalformed = true;
core.warning(`Unable to parse config file ${path.join(Docker.configDir, 'config.json')}: ${e}`);
}
if (dockerConfig && dockerConfig.proxies) {
for (const host in dockerConfig.proxies) {
let prefix = '';
if (Object.keys(dockerConfig.proxies).length > 1) {
prefix = ' ';
core.info(host);
}
for (const key in dockerConfig.proxies[host]) {
core.info(`${prefix}${key}: ${dockerConfig.proxies[host][key]}`);
}
}
} else if (!dockerConfigMalformed) {
core.info('No proxy configuration found');
}
});
if (!(await toolkit.buildx.isAvailable())) { if (!(await toolkit.buildx.isAvailable())) {
core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`); core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
return; return;
@ -82,31 +45,20 @@ actionsToolkit.run(
await toolkit.buildx.printVersion(); await toolkit.buildx.printVersion();
}); });
let builder: BuilderInfo;
await core.group(`Builder info`, async () => {
builder = await toolkit.builder.inspect(inputs.builder);
core.info(JSON.stringify(builder, null, 2));
});
const args: string[] = await context.getArgs(inputs, toolkit); const args: string[] = await context.getArgs(inputs, toolkit);
core.debug(`context.getArgs: ${JSON.stringify(args)}`);
const buildCmd = await toolkit.buildx.getCommand(args); const buildCmd = await toolkit.buildx.getCommand(args);
core.debug(`buildCmd.command: ${buildCmd.command}`);
core.debug(`buildCmd.args: ${JSON.stringify(buildCmd.args)}`);
let err: Error | undefined;
await Exec.getExecOutput(buildCmd.command, buildCmd.args, { await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
ignoreReturnCode: true ignoreReturnCode: true
}).then(res => { }).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) { if (res.stderr.length > 0 && res.exitCode != 0) {
err = Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`); throw new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
} }
}); });
const imageID = toolkit.buildxBuild.resolveImageID(); const imageID = BuildxInputs.resolveBuildImageID();
const metadata = toolkit.buildxBuild.resolveMetadata(); const metadata = BuildxInputs.resolveBuildMetadata();
const digest = toolkit.buildxBuild.resolveDigest(); const digest = BuildxInputs.resolveDigest();
if (imageID) { if (imageID) {
await core.group(`ImageID`, async () => { await core.group(`ImageID`, async () => {
core.info(imageID); core.info(imageID);
@ -121,80 +73,13 @@ actionsToolkit.run(
} }
if (metadata) { if (metadata) {
await core.group(`Metadata`, async () => { await core.group(`Metadata`, async () => {
const metadatadt = JSON.stringify(metadata, null, 2); core.info(metadata);
core.info(metadatadt); core.setOutput('metadata', metadata);
core.setOutput('metadata', metadatadt);
}); });
} }
let ref: string;
await core.group(`Reference`, async () => {
ref = await buildRef(toolkit, startedTime, inputs.builder);
if (ref) {
core.info(ref);
stateHelper.setBuildRef(ref);
} else {
core.info('No build reference found');
}
});
await core.group(`Check build summary support`, async () => {
if (!buildSummaryEnabled()) {
core.info('Build summary disabled');
} else if (GitHub.isGHES) {
core.warning('Build summary is not yet supported on GHES');
} else if (!(await toolkit.buildx.versionSatisfies('>=0.13.0'))) {
core.warning('Build summary requires Buildx >= 0.13.0');
} else if (builder && builder.driver === 'cloud') {
core.warning('Build summary is not yet supported with Docker Build Cloud');
} else if (!ref) {
core.warning('Build summary requires a build reference');
} else {
core.info('Build summary supported!');
stateHelper.setSummarySupported();
}
});
if (err) {
throw err;
}
}, },
// post // post
async () => { async () => {
if (stateHelper.isSummarySupported) {
await core.group(`Generating build summary`, async () => {
try {
const recordUploadEnabled = buildRecordUploadEnabled();
let recordRetentionDays: number | undefined;
if (recordUploadEnabled) {
recordRetentionDays = buildRecordRetentionDays();
}
const buildxHistory = new BuildxHistory();
const exportRes = await buildxHistory.export({
refs: stateHelper.buildRef ? [stateHelper.buildRef] : []
});
core.info(`Build record written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
let uploadRes: UploadArtifactResponse | undefined;
if (recordUploadEnabled) {
uploadRes = await GitHub.uploadArtifact({
filename: exportRes.dockerbuildFilename,
mimeType: 'application/gzip',
retentionDays: recordRetentionDays
});
}
await GitHub.writeBuildSummary({
exportRes: exportRes,
uploadRes: uploadRes,
inputs: stateHelper.inputs
});
} catch (e) {
core.warning(e.message);
}
});
}
if (stateHelper.tmpDir.length > 0) { if (stateHelper.tmpDir.length > 0) {
await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => { await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
fs.rmSync(stateHelper.tmpDir, {recursive: true}); fs.rmSync(stateHelper.tmpDir, {recursive: true});
@ -202,56 +87,3 @@ actionsToolkit.run(
} }
} }
); );
async function buildRef(toolkit: Toolkit, since: Date, builder?: string): Promise<string> {
// get ref from metadata file
const ref = toolkit.buildxBuild.resolveRef();
if (ref) {
return ref;
}
// otherwise, look for the very first build ref since the build has started
if (!builder) {
const currentBuilder = await toolkit.builder.inspect();
builder = currentBuilder.name;
}
const refs = Buildx.refs({
dir: Buildx.refsDir,
builderName: builder,
since: since
});
return Object.keys(refs).length > 0 ? Object.keys(refs)[0] : '';
}
function buildSummaryEnabled(): boolean {
if (process.env.DOCKER_BUILD_NO_SUMMARY) {
core.warning('DOCKER_BUILD_NO_SUMMARY is deprecated. Set DOCKER_BUILD_SUMMARY to false instead.');
return !Util.parseBool(process.env.DOCKER_BUILD_NO_SUMMARY);
} else if (process.env.DOCKER_BUILD_SUMMARY) {
return Util.parseBool(process.env.DOCKER_BUILD_SUMMARY);
}
return true;
}
function buildRecordUploadEnabled(): boolean {
if (process.env.DOCKER_BUILD_RECORD_UPLOAD) {
return Util.parseBool(process.env.DOCKER_BUILD_RECORD_UPLOAD);
}
return true;
}
function buildRecordRetentionDays(): number | undefined {
let val: string | undefined;
if (process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS) {
core.warning('DOCKER_BUILD_EXPORT_RETENTION_DAYS is deprecated. Use DOCKER_BUILD_RECORD_RETENTION_DAYS instead.');
val = process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS;
} else if (process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS) {
val = process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS;
}
if (val) {
const res = parseInt(val);
if (isNaN(res)) {
throw Error(`Invalid build record retention days: ${val}`);
}
return res;
}
}

17
src/state-helper.ts
View File

@ -1,24 +1,7 @@
import * as core from '@actions/core'; import * as core from '@actions/core';
import {Inputs, sanitizeInputs} from './context';
export const tmpDir = process.env['STATE_tmpDir'] || ''; export const tmpDir = process.env['STATE_tmpDir'] || '';
export const inputs = process.env['STATE_inputs'] ? JSON.parse(process.env['STATE_inputs']) : undefined;
export const buildRef = process.env['STATE_buildRef'] || '';
export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
export function setTmpDir(tmpDir: string) { export function setTmpDir(tmpDir: string) {
core.saveState('tmpDir', tmpDir); core.saveState('tmpDir', tmpDir);
} }
export function setInputs(inputs: Inputs) {
core.saveState('inputs', JSON.stringify(sanitizeInputs(inputs)));
}
export function setBuildRef(buildRef: string) {
core.saveState('buildRef', buildRef);
}
export function setSummarySupported() {
core.saveState('isSummarySupported', 'true');
}

9
test/proxy.Dockerfile
View File

@ -1,9 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN apk add --no-cache curl net-tools
ARG HTTP_PROXY
ARG HTTPS_PROXY
RUN printenv HTTP_PROXY
RUN printenv HTTPS_PROXY
RUN netstat -aptn
RUN curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy $HTTP_PROXY -v --insecure --head https://www.google.com

10491
yarn.lock
View File

File diff suppressed because it is too large Load Diff