feat: initial commit

2026-03-12 12:26:41 +01:00
commit f106b5bf14
3 changed files with 389 additions and 0 deletions
--- a/build-and-push/action.yaml
+++ b/build-and-push/action.yaml
@@ -0,0 +1,137 @@
+name: Build and push Docker images
+description: Build and push Docker images with Buildx
+author: zertus
+branding:
+  icon: 'anchor'
+  color: 'blue'
+inputs:
+  oci-registry:
+    description: "OCI registry where to pull and push images"
+    required: true
+  oci-registry-username:
+    description: |
+      Username used to log against the OCI registry.
+      See https://github.com/docker/login-action#usage.
+    required: true
+  oci-registry-password:
+    description: |
+      Password or personal access token used to log against the OCI registry.
+      Can be passed in using `secrets.GITHUB_TOKEN`.
+      See https://github.com/docker/login-action#usage.
+    required: true
+  repository:
+    description: |
+      Repository name.
+      Example: `my-org/my-repo`.
+      See [Docker get-image-metadata action](../get-image-metadata/README.md).
+    default: ${{ github.repository }}
+    required: false
+  image:
+    description: |
+      Additional image name.
+      Example: `application`.
+      See [Docker get-image-metadata action](../get-image-metadata/README.md).
+    required: false
+  tag:
+    description: "Image tag to publish"
+    required: false
+  platform:
+    description: |
+      Platform to build for. Example: `linux/amd64`.
+      See https://github.com/docker/build-push-action#inputs.
+    required: true
+  context:
+    description: |
+      Build's context is the set of files located in the specified PATH or URL.
+      See https://github.com/docker/build-push-action#inputs.
+    default: "."
+    required: false
+  dockerfile:
+    description: |
+      Location of Dockerfile (defaults to Dockerfile).
+      See https://github.com/docker/build-push-action#inputs.
+    default: "Dockerfile"
+    required: false
+  build-args:
+    description: |
+      List of build-time variables.
+      See https://github.com/docker/build-push-action#inputs.
+    required: false
+  target:
+    description: |
+      Sets the target stage to build.
+      See https://github.com/docker/build-push-action#inputs.
+    required: false
+  secrets:
+    description: |
+      List of secrets to expose to the build.
+      See https://docs.docker.com/build/ci/github-actions/secrets/.
+    required: false
+  secret-envs:
+    description: |
+      List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`).
+      See https://docs.docker.com/build/ci/github-actions/secrets/.
+    required: false
+  push-by-digest:
+    default: "false"
+    description: |
+      Whether to push the image only when built by digest.
+      Useful for multi-platform builds.
+    required: false
+outputs:
+  digest:
+    description: "The image digest"
+    value: ${{ steps.build.outputs.digest }}
+  image-name:
+    description: "The image name without tag"
+    value: ${{ steps.get-image-name.outputs.image-name }}
+  fqin:
+    description: "The fully qualified image name with tag"
+    value: ${{ steps.get-image-name.outputs.fully-qualified-image-name }}
+runs:
+  using: "composite"
+  steps:
+    - id: get-image-name
+      shell: bash
+      run: |
+        IMAGE_NAME="${{ inputs.repository }}"
+
+        if [ -n "${{ inputs.image }}" ]; then
+          IMAGE_NAME="${IMAGE_NAME}/${{ inputs.image }}"
+        fi
+
+        IMAGE_NAME="${{ inputs.oci-registry }}/${IMAGE_NAME}"
+
+        echo "image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT"
+
+        if [ -n "${{ inputs.tag }}" ]; then
+          IMAGE_NAME="${IMAGE_NAME}:${{ inputs.tag }}"
+        fi
+
+        echo "fully-qualified-image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT"
+    - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+      with:
+        registry: ${{ inputs.oci-registry }}
+        username: ${{ inputs.oci-registry-username }}
+        password: ${{ inputs.oci-registry-password }}
+    - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+      id: setup-buildx
+      with:
+        version: v0.30.1
+        driver-opts: |
+          image=moby/buildkit:v0.26.3
+    - id: build
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+      with:
+        context: ${{ inputs.context }}
+        file: ${{ inputs.dockerfile }}
+        build-args: ${{ inputs.build-args }}
+        target: ${{ inputs.target }}
+        secrets: ${{ inputs.secrets }}
+        secret-envs: ${{ inputs.secret-envs }}
+        platforms: ${{ inputs.platform }}
+        outputs: |
+          ${{ inputs.push-by-digest == 'true' && 'type=image,push-by-digest=true,name-canonical=true,push=true' || 'type=image,push=true' }}
+        tags: ${{ inputs.push-by-digest == 'true' && steps.get-image-name.outputs.image-name || steps.get-image-name.outputs.fully-qualified-image-name }}
+        provenance: false
+        sbom: false