name: Build and push Docker images description: Build and push Docker images with Buildx author: zertus branding: icon: 'anchor' color: 'blue' inputs: oci-registry: description: "OCI registry where to pull and push images" required: true oci-registry-username: description: | Username used to log against the OCI registry. See https://github.com/docker/login-action#usage. required: true oci-registry-password: description: | Password or personal access token used to log against the OCI registry. Can be passed in using `secrets.GITHUB_TOKEN`. See https://github.com/docker/login-action#usage. required: true repository: description: | Repository name. Example: `my-org/my-repo`. See [Docker get-image-metadata action](../get-image-metadata/README.md). default: ${{ github.repository }} required: false image: description: | Additional image name. Example: `application`. See [Docker get-image-metadata action](../get-image-metadata/README.md). required: false tag: description: "Image tag to publish" required: false platform: description: | Platform to build for. Example: `linux/amd64`. See https://github.com/docker/build-push-action#inputs. required: true context: description: | Build's context is the set of files located in the specified PATH or URL. See https://github.com/docker/build-push-action#inputs. default: "." required: false dockerfile: description: | Location of Dockerfile (defaults to Dockerfile). See https://github.com/docker/build-push-action#inputs. default: "Dockerfile" required: false build-args: description: | List of build-time variables. See https://github.com/docker/build-push-action#inputs. required: false target: description: | Sets the target stage to build. See https://github.com/docker/build-push-action#inputs. required: false secrets: description: | List of secrets to expose to the build. See https://docs.docker.com/build/ci/github-actions/secrets/. required: false secret-envs: description: | List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`). See https://docs.docker.com/build/ci/github-actions/secrets/. required: false push-by-digest: default: "false" description: | Whether to push the image only when built by digest. Useful for multi-platform builds. required: false outputs: digest: description: "The image digest" value: ${{ steps.build.outputs.digest }} image-name: description: "The image name without tag" value: ${{ steps.get-image-name.outputs.image-name }} fqin: description: "The fully qualified image name with tag" value: ${{ steps.get-image-name.outputs.fully-qualified-image-name }} runs: using: "composite" steps: - id: get-image-name shell: bash run: | IMAGE_NAME="${{ inputs.repository }}" if [ -n "${{ inputs.image }}" ]; then IMAGE_NAME="${IMAGE_NAME}/${{ inputs.image }}" fi IMAGE_NAME="${{ inputs.oci-registry }}/${IMAGE_NAME}" echo "image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT" if [ -n "${{ inputs.tag }}" ]; then IMAGE_NAME="${IMAGE_NAME}:${{ inputs.tag }}" fi echo "fully-qualified-image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT" - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: registry: ${{ inputs.oci-registry }} username: ${{ inputs.oci-registry-username }} password: ${{ inputs.oci-registry-password }} - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 id: setup-buildx with: version: v0.30.1 driver-opts: | image=moby/buildkit:v0.26.3 - id: build uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: ${{ inputs.context }} file: ${{ inputs.dockerfile }} build-args: ${{ inputs.build-args }} target: ${{ inputs.target }} secrets: ${{ inputs.secrets }} secret-envs: ${{ inputs.secret-envs }} platforms: ${{ inputs.platform }} outputs: | ${{ inputs.push-by-digest == 'true' && 'type=image,push-by-digest=true,name-canonical=true,push=true' || 'type=image,push=true' }} tags: ${{ inputs.push-by-digest == 'true' && steps.get-image-name.outputs.image-name || steps.get-image-name.outputs.fully-qualified-image-name }} provenance: false sbom: false