build-and-publish-head:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop' # Running this job only for develop branch
steps:
- uses: actions/checkout@v2 # Checking out the repo
- name: Build and Publish head Docker image
uses: VaultVulp/gp-docker-action@1.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
image-tag: head # Provide Docker image tag build-and-publish-latest:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master' # Running this job only for master branch
steps:
- uses: actions/checkout@v2 # Checking out the repo
- name: Build and Publish latest Docker image
uses: VaultVulp/gp-docker-action@1.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide only Docker image name, tag will be automatically set to latest
dockerfile: Dockerfile_server build-and-publish-tag:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') # Running this job only for tags
steps:
- uses: actions/checkout@v2
- name: Build and Publish Tag Docker image
uses: VaultVulp/gp-docker-action@1.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide only Docker image name
extract-git-tag: true # Provide flag to extract Docker image tag from git reference build-and-publish-dev:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop' # Running this job only for develop branch
steps:
- uses: actions/checkout@v2 # Checking out the repo
- name: Build and Publish head Docker image
uses: VaultVulp/gp-docker-action@1.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
build-context: ./dev # Provide path to the folder with the Dockerfile pull-and-build-dev:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop' # Running this job only for develop branch
steps:
- uses: actions/checkout@v2 # Checking out the repo
- name: Build and Publish head Docker image
uses: VaultVulp/gp-docker-action@1.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
pull-image: true # Raise the flag to try to pull image build-with-custom-args:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop' # Running this job only for develop branch
steps:
- uses: actions/checkout@v2 # Checking out the repo
- name: Build with --build-arg(s)
uses: VaultVulp/gp-docker-action@1.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
image-name: my-cool-service # Provide Docker image name
custom-args: --build-arg some=value --build-arg some_other=value # Pass some additional arguments to the docker build commandYou will encounter the following log message in your GitHub Actions Pipelines:
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Login Succeeded
I would like to ensure you, that I do not store your secrets, passwords, token, or any other information.
This warning informs you about the fact, that this Action passes your GitHub token via the command line argument:
docker login -u publisher -p ${DOCKER_TOKEN} ghcr.ioIn a non-safe environment, this could raise a security issue, but this is not the case. We are passing a temporary authorization token, which will expire once the pipeline is completed. It would also require additional code to extract this token from the environment or docker internals, that this Action does not have.