actions/docker
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: initial commit

Browse Source
This commit is contained in:
Lucas Dupont
2026-03-12 12:26:41 +01:00
commit f106b5bf14
3 changed files with 389 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
.gitea/workflows/arm64-amd64.yaml Normal file
View File

@@ -0,0 +1,165 @@
name: Docker build and push
on:
workflow_call:
inputs:
job-name:
description: 'Job name to use for maven build'
default: 'build'
type: string
oci-registry:
description: 'OCI registry to push the image to'
default: ''
type: string
repository:
description: |
Repository name.
Example: `my-org/my-repo`.
See [Docker get-image-metadata action](../get-image-metadata/README.md).
default: ${{ github.repository }}
type: string
image:
description: |
Additional image name.
Example: `application`.
See [Docker get-image-metadata action](../get-image-metadata/README.md).
type: string
tag:
description: "Image tag to publish"
type: string
context:
description: |
Build's context is the set of files located in the specified PATH or URL.
See https://github.com/docker/build-push-action#inputs.
type: string
default: "."
dockerfile:
description: |
Location of Dockerfile (defaults to Dockerfile).
See https://github.com/docker/build-push-action#inputs.
type: string
default: "Dockerfile"
build-args:
description: |
List of build-time variables.
See https://github.com/docker/build-push-action#inputs.
type: string
required: false
target:
description: |
Sets the target stage to build.
See https://github.com/docker/build-push-action#inputs.
type: string
required: false
secrets:
description: |
List of secrets to expose to the build.
See https://docs.docker.com/build/ci/github-actions/secrets/.
type: string
required: false
secret-envs:
description: |
List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`).
See https://docs.docker.com/build/ci/github-actions/secrets/.
type: string
required: false
artifact-name:
description: 'Name of the artifact to download before build'
type: string
required: false
artifact-path:
description: 'Path where to extract the artifact'
type: string
default: '.'
required: false
secrets:
OCI_REGISTRY_USERNAME:
description: 'Username for the OCI registry'
required: true
OCI_REGISTRY_PASSWORD:
description: 'Password for the OCI registry'
required: true
jobs:
# build-amd64:
# runs-on: ubuntu-latest
# outputs:
# digest: ${{ steps.build.outputs.digest }}
# steps:
# - name: Check out code
# uses: actions/checkout@v6
# - name: Download artifact
# if: ${{ inputs.artifact-name != '' }}
# uses: actions/download-artifact@v7
# with:
# name: ${{ inputs.artifact-name }}
# path: ${{ inputs.artifact-path }}
# - name: Docker build
# id: build
# uses: ./build-and-push
# with:
# oci-registry: ${{ inputs.oci-registry }}
# oci-registry-username: ${{ secrets.OCI_REGISTRY_USERNAME }}
# oci-registry-password: ${{ secrets.OCI_REGISTRY_PASSWORD }}
# repository: ${{ inputs.repository }}
# image: ${{ inputs.image }}
# tag: ${{ inputs.tag }}
# platform: linux/amd64
# context: ${{ inputs.context }}
# dockerfile: ${{ inputs.dockerfile }}
# build-args: ${{ inputs.build-args }}
# target: ${{ inputs.target }}
# secrets: ${{ inputs.secrets }}
# secret-envs: ${{ inputs.secret-envs }}
# push-by-digest: true
build-arm64:
runs-on: ubuntu-24.04-arm
outputs:
digest: ${{ steps.build.outputs.digest }}
steps:
- name: Check out code
uses: actions/checkout@v6
- name: Download artifact
if: ${{ inputs.artifact-name != '' }}
uses: actions/download-artifact@v7
with:
name: ${{ inputs.artifact-name }}
path: ${{ inputs.artifact-path }}
- name: Docker build
id: build
uses: ./build-and-push
with:
oci-registry: ${{ inputs.oci-registry }}
oci-registry-username: ${{ secrets.OCI_REGISTRY_USERNAME }}
oci-registry-password: ${{ secrets.OCI_REGISTRY_PASSWORD }}
repository: ${{ inputs.repository }}
image: ${{ inputs.image }}
tag: ${{ inputs.tag }}
platform: linux/arm64
context: ${{ inputs.context }}
dockerfile: ${{ inputs.dockerfile }}
build-args: ${{ inputs.build-args }}
target: ${{ inputs.target }}
secrets: ${{ inputs.secrets }}
secret-envs: ${{ inputs.secret-envs }}
#push-by-digest: true
# create-image-manifest:
# runs-on: ubuntu-latest
# needs: [build-amd64, build-arm64]
# steps:
# - name: Create Manifest
# uses: ./create-image-manifest
# with:
# oci-registry: ${{ inputs.oci-registry }}
# oci-registry-username: ${{ secrets.OCI_REGISTRY_USERNAME }}
# oci-registry-password: ${{ secrets.OCI_REGISTRY_PASSWORD }}
# repository: ${{ inputs.repository }}
# tag: ${{ inputs.tag }}
# image: ${{ inputs.image }}
# digests: ${{ needs.build-amd64.outputs.digest }},${{ needs.build-arm64.outputs.digest }}

137
build-and-push/action.yaml Normal file
View File

@@ -0,0 +1,137 @@
name: Build and push Docker images
description: Build and push Docker images with Buildx
author: zertus
branding:
icon: 'anchor'
color: 'blue'
inputs:
oci-registry:
description: "OCI registry where to pull and push images"
required: true
oci-registry-username:
description: |
Username used to log against the OCI registry.
See https://github.com/docker/login-action#usage.
required: true
oci-registry-password:
description: |
Password or personal access token used to log against the OCI registry.
Can be passed in using `secrets.GITHUB_TOKEN`.
See https://github.com/docker/login-action#usage.
required: true
repository:
description: |
Repository name.
Example: `my-org/my-repo`.
See [Docker get-image-metadata action](../get-image-metadata/README.md).
default: ${{ github.repository }}
required: false
image:
description: |
Additional image name.
Example: `application`.
See [Docker get-image-metadata action](../get-image-metadata/README.md).
required: false
tag:
description: "Image tag to publish"
required: false
platform:
description: |
Platform to build for. Example: `linux/amd64`.
See https://github.com/docker/build-push-action#inputs.
required: true
context:
description: |
Build's context is the set of files located in the specified PATH or URL.
See https://github.com/docker/build-push-action#inputs.
default: "."
required: false
dockerfile:
description: |
Location of Dockerfile (defaults to Dockerfile).
See https://github.com/docker/build-push-action#inputs.
default: "Dockerfile"
required: false
build-args:
description: |
List of build-time variables.
See https://github.com/docker/build-push-action#inputs.
required: false
target:
description: |
Sets the target stage to build.
See https://github.com/docker/build-push-action#inputs.
required: false
secrets:
description: |
List of secrets to expose to the build.
See https://docs.docker.com/build/ci/github-actions/secrets/.
required: false
secret-envs:
description: |
List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`).
See https://docs.docker.com/build/ci/github-actions/secrets/.
required: false
push-by-digest:
default: "false"
description: |
Whether to push the image only when built by digest.
Useful for multi-platform builds.
required: false
outputs:
digest:
description: "The image digest"
value: ${{ steps.build.outputs.digest }}
image-name:
description: "The image name without tag"
value: ${{ steps.get-image-name.outputs.image-name }}
fqin:
description: "The fully qualified image name with tag"
value: ${{ steps.get-image-name.outputs.fully-qualified-image-name }}
runs:
using: "composite"
steps:
- id: get-image-name
shell: bash
run: |
IMAGE_NAME="${{ inputs.repository }}"
if [ -n "${{ inputs.image }}" ]; then
IMAGE_NAME="${IMAGE_NAME}/${{ inputs.image }}"
fi
IMAGE_NAME="${{ inputs.oci-registry }}/${IMAGE_NAME}"
echo "image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT"
if [ -n "${{ inputs.tag }}" ]; then
IMAGE_NAME="${IMAGE_NAME}:${{ inputs.tag }}"
fi
echo "fully-qualified-image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT"
- uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ${{ inputs.oci-registry }}
username: ${{ inputs.oci-registry-username }}
password: ${{ inputs.oci-registry-password }}
- uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
id: setup-buildx
with:
version: v0.30.1
driver-opts: |
image=moby/buildkit:v0.26.3
- id: build
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: ${{ inputs.context }}
file: ${{ inputs.dockerfile }}
build-args: ${{ inputs.build-args }}
target: ${{ inputs.target }}
secrets: ${{ inputs.secrets }}
secret-envs: ${{ inputs.secret-envs }}
platforms: ${{ inputs.platform }}
outputs: |
${{ inputs.push-by-digest == 'true' && 'type=image,push-by-digest=true,name-canonical=true,push=true' || 'type=image,push=true' }}
tags: ${{ inputs.push-by-digest == 'true' && steps.get-image-name.outputs.image-name || steps.get-image-name.outputs.fully-qualified-image-name }}
provenance: false
sbom: false

87
create-image-manifest/action.yaml Normal file
View File

@@ -0,0 +1,87 @@
name: Docker Create image manifest
description: Build and push Docker images with Buildx
author: zertus
branding:
icon: 'anchor'
color: 'blue'
inputs:
oci-registry:
description: "OCI registry where to pull and push images"
required: true
oci-registry-username:
description: |
Username used to log against the OCI registry.
See https://github.com/docker/login-action#usage.
required: true
oci-registry-password:
description: |
Password or personal access token used to log against the OCI registry.
Can be passed in using `secrets.GITHUB_TOKEN`.
See https://github.com/docker/login-action#usage.
required: true
repository:
description: |
Repository name.
Example: `my-org/my-repo`.
See [Docker get-image-metadata action](../get-image-metadata/README.md).
default: ${{ github.repository }}
required: false
image:
description: |
Additional image name.
Example: `application`.
See [Docker get-image-metadata action](../get-image-metadata/README.md).
required: false
tag:
description: "Image tag to publish"
required: false
digests:
description: |
Comma-separated list of image digests to include in the manifest list.
Example: `sha256:abc123...,sha256:def456...`.
required: true
runs:
using: "composite"
steps:
- id: get-image-name
shell: bash
run: |
IMAGE_NAME="${{ inputs.repository }}"
if [ -n "${{ inputs.image }}" ]; then
IMAGE_NAME="${IMAGE_NAME}/${{ inputs.image }}"
fi
IMAGE_NAME="${{ inputs.oci-registry }}/${IMAGE_NAME}"
echo "image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT"
if [ -n "${{ inputs.tag }}" ]; then
IMAGE_NAME="${IMAGE_NAME}:${{ inputs.tag }}"
fi
echo "fully-qualified-image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT"
- uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ${{ inputs.oci-registry }}
username: ${{ inputs.oci-registry-username }}
password: ${{ inputs.oci-registry-password }}
- uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
id: setup-buildx
with:
version: v0.30.1
driver-opts: |
image=moby/buildkit:v0.26.3
- id: create-image-manifest
shell: bash
run: |
BASE_IMAGE="${{ steps.get-image-name.outputs.image-name }}"
SOURCES=""
IFS=',' read -ra ADDR <<< "${{ inputs.digests }}"
for digest in "${ADDR[@]}"; do
digest=$(echo "$digest" | xargs)
SOURCES="$SOURCES ${BASE_IMAGE}@${digest}"
done
docker buildx imagetools create -t "${{ steps.get-image-name.outputs.fully-qualified-image-name }}" $SOURCES