name: Build and push Docker images description: Build and push Docker images with Buildx author: zertus branding: icon: 'anchor' color: 'blue' inputs: oci-registry: description: "OCI registry where to pull and push images" required: true oci-registry-username: description: | Username used to log against the OCI registry. See https://github.com/docker/login-action#usage. required: true oci-registry-password: description: | Password or personal access token used to log against the OCI registry. Can be passed in using `secrets.GITHUB_TOKEN`. See https://github.com/docker/login-action#usage. required: true repository: description: | Repository name. Example: `my-org/my-repo`. See [Docker get-image-metadata action](../get-image-metadata/README.md). default: ${{ github.repository }} required: false image: description: | Additional image name. Example: `application`. See [Docker get-image-metadata action](../get-image-metadata/README.md). required: false tag: description: "Image tag to publish" required: false platform: description: | Platform to build for. Example: `linux/amd64`. See https://github.com/docker/build-push-action#inputs. required: true context: description: | Build's context is the set of files located in the specified PATH or URL. See https://github.com/docker/build-push-action#inputs. default: "." required: false dockerfile: description: | Location of Dockerfile (defaults to Dockerfile). See https://github.com/docker/build-push-action#inputs. default: "Dockerfile" required: false build-args: description: | List of build-time variables. See https://github.com/docker/build-push-action#inputs. required: false target: description: | Sets the target stage to build. See https://github.com/docker/build-push-action#inputs. required: false secrets: description: | List of secrets to expose to the build. See https://docs.docker.com/build/ci/github-actions/secrets/. required: false secret-envs: description: | List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`). See https://docs.docker.com/build/ci/github-actions/secrets/. required: false push-by-digest: default: "false" description: | Whether to push the image only when built by digest. Useful for multi-platform builds. required: false outputs: digest: description: "The image digest" value: ${{ steps.build.outputs.digest }} image-name: description: "The image name without tag" value: ${{ steps.get-image-name.outputs.image-name }} fqin: description: "The fully qualified image name with tag" value: ${{ steps.get-image-name.outputs.fully-qualified-image-name }} runs: using: "composite" steps: - id: get-image-name shell: bash run: | IMAGE_NAME="${{ inputs.repository }}" if [ -n "${{ inputs.image }}" ]; then IMAGE_NAME="${IMAGE_NAME}/${{ inputs.image }}" fi IMAGE_NAME="${{ inputs.oci-registry }}/${IMAGE_NAME}" echo "image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT" if [ -n "${{ inputs.tag }}" ]; then IMAGE_NAME="${IMAGE_NAME}:${{ inputs.tag }}" fi echo "fully-qualified-image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT" - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ${{ inputs.oci-registry }} username: ${{ inputs.oci-registry-username }} password: ${{ inputs.oci-registry-password }} - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 id: setup-buildx with: version: v0.30.1 driver-opts: | image=moby/buildkit:v0.26.3 - id: build uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: ${{ inputs.context }} file: ${{ inputs.dockerfile }} build-args: ${{ inputs.build-args }} target: ${{ inputs.target }} secrets: ${{ inputs.secrets }} secret-envs: ${{ inputs.secret-envs }} platforms: ${{ inputs.platform }} outputs: | ${{ inputs.push-by-digest == 'true' && 'type=image,push-by-digest=true,name-canonical=true,push=true' || 'type=image,push=true' }} tags: ${{ inputs.push-by-digest == 'true' && steps.get-image-name.outputs.image-name || steps.get-image-name.outputs.fully-qualified-image-name }} provenance: false sbom: false