docker/bake-action
0
0
Fork 0
mirror of https://github.com/docker/bake-action.git synced 2026-01-01 02:31:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2b72bb7a3384e89a192c877bf2cf2a53379b2df
bake-action/README.md
CrazyMax 908c98f276 git auth token support for private repos 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-04-22 16:42:34 +02:00

262 lines
10 KiB
Markdown
Raw Blame History

[![GitHub release](https://img.shields.io/github/release/docker/bake-action.svg?style=flat-square)](https://github.com/docker/bake-action/releases/latest)
[![GitHub marketplace](https://img.shields.io/badge/marketplace-docker--buildx--bake-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/docker-buildx-bake)
[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/bake-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/bake-action/actions?workflow=ci)
[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/bake-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/bake-action/actions?workflow=test)
[![Codecov](https://img.shields.io/codecov/c/github/docker/bake-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/bake-action)
## About
GitHub Action to use Docker [Buildx Bake](https://docs.docker.com/build/customize/bake/)
as a high-level build command.
![Screenshot](.github/bake-action.png)
___
* [Usage](#usage)
* [Path context](#path-context)
* [Git context](#git-context)
* [Customizing](#customizing)
* [inputs](#inputs)
* [outputs](#outputs)
* [Subactions](#subactions)
* [`list-targets`](#list-targets)
* [Contributing](#contributing)
## Usage
### Path context
By default, this action will use the local bake definition (`source: .`), so
you need to use the [`actions/checkout`](https://github.com/actions/checkout/)
action to check out the repository.
```yaml
name: ci
on:
push:
branches:
- 'master'
jobs:
bake:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/bake-action@v4
with:
push: true
```
### Git context
Git context can be provided using the [`source` input](#inputs). This means
that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
will do this directly.
```yaml
name: ci
on:
push:
branches:
- 'master'
jobs:
bake:
runs-on: ubuntu-latest
steps:
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/bake-action@v4
with:
source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
push: true
```
Be careful because **any file mutation in the steps that precede the build step
will be ignored, including processing of the `.dockerignore` file** since
the context is based on the Git reference. However, you can use the
[Path context](#path-context) alongside the [`actions/checkout`](https://github.com/actions/checkout/)
action to remove this restriction.
Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
to the default Git context:
```yaml
-
name: Build and push
uses: docker/bake-action@v4
with:
source: "{{defaultContext}}:mysubdir"
push: true
```
Building from the current repository automatically uses the `GITHUB_TOKEN`
secret that GitHub [automatically creates for workflows](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
so you don't need to pass that manually. If you want to authenticate against
another private repository for remote definitions, you can set the
[`BUILDX_BAKE_GIT_AUTH_TOKEN` environment variable](https://docs.docker.com/build/building/variables/#buildx_bake_git_auth_token).
> [!NOTE]
> Supported since Buildx 0.14.0
```yaml
-
name: Build and push
uses: docker/bake-action@v4
with:
source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
push: true
env:
BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}
```
## Customizing
### inputs
The following inputs can be used as `step.with` keys
> `List` type is a newline-delimited string
> ```yaml
> set: target.args.mybuildarg=value
> ```
> ```yaml
> set: |
> target.args.mybuildarg=value
> foo*.args.mybuildarg=value
> ```
> `CSV` type is a comma-delimited string
> ```yaml
> targets: default,release
> ```
| Name | Type | Description |
|----------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `source` | String | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition) |
| `files` | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) |
| `workdir` | String | Working directory of execution |
| `targets` | List/CSV | List of bake targets (`default` target used if empty) |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) |
| `load` | Bool | Load is a shorthand for `--set=*.output=type=docker` (default `false`) |
| `provenance` | Bool/String | [Provenance](https://docs.docker.com/build/attestations/slsa-provenance/) is a shorthand for `--set=*.attest=type=provenance` |
| `push` | Bool | Push is a shorthand for `--set=*.output=type=registry` (default `false`) |
| `sbom` | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom` |
| `set` | List | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (eg: `targetpattern.key=value`) |
| `github-token` | String | API token used to authenticate to a Git repository for [remote definitions](https://docs.docker.com/build/bake/remote-definition/) (default `${{ github.token }}`) |
### outputs
The following outputs are available
| Name | Type | Description |
|------------|------|-----------------------|
| `metadata` | JSON | Build result metadata |
## Subactions
### `list-targets`
This subaction generates a list of Bake targets that can be used in a [GitHub matrix](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix),
so you can distribute your builds across multiple runners.
```hcl
# docker-bake.hcl
group "validate" {
targets = ["lint", "doctoc"]
}
target "lint" {
target = "lint"
}
target "doctoc" {
target = "doctoc"
}
```
```yaml
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.generate.outputs.targets }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: List targets
id: generate
uses: docker/bake-action/subaction/list-targets@v4
with:
target: validate
validate:
runs-on: ubuntu-latest
needs:
- prepare
strategy:
fail-fast: false
matrix:
target: ${{ fromJson(needs.prepare.outputs.targets) }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Validate
uses: docker/bake-action@v4
with:
targets: ${{ matrix.target }}
```
#### inputs
| Name | Type | Description |
|--------------|-------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| `workdir` | String | Working directory to use (defaults to `.`) |
| `files` | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) |
| `target` | String | The target to use within the bake file |
#### outputs
The following outputs are available
| Name | Type | Description |
|------------|----------|----------------------------|
| `targets` | List/CSV | List of extracted targest |
## Contributing
Want to contribute? Awesome! You can find information about contributing to
this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
Reference in New Issue View Git Blame Copy Permalink