41c10f2beb
Some checks failed
ci-subaction / list-targets (["lint-default","lint-labs","lint-nydus","lint-proto","lint-yaml","validate-doctoc","validate-vendor"]
, validate, group-matrix) (push) Has been cancelled
ci-subaction / list-targets (["t1","t2"]
, group) (push) Has been cancelled
ci-subaction / list-targets (["v1-tag","v2-tag"]
, docker-bake.json
docker-bake.hcl
, multi-files) (push) Has been cancelled
ci-subaction / matrix ([{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"… (push) Has been cancelled
ci-subaction / matrix ([{"target":"lint","platforms":"darwin/amd64"},{"target":"lint","platforms":"darwin/arm64"},{"target":"lint","platforms":"linux/amd64"},{"target":"lint","platforms":"linux/arm64"},{"target":"lint","platforms":"linux/s390x"},{"target":"lint","pla… (push) Has been cancelled
ci-subaction / matrix ([{"target":"lint"},{"target":"lint-gopls"},{"target":"validate-docs"},{"target":"validate-vendor"}]
, validate, group-with-platform) (push) Has been cancelled
ci-subaction / matrix ([{"target":"lint-default"},{"target":"lint-labs"},{"target":"lint-nydus"},{"target":"lint-proto"},{"target":"lint-yaml"},{"target":"validate-doctoc"},{"target":"validate-vendor"}]
, validate, group-matrix) (push) Has been cancelled
ci-subaction / matrix ([{"target":"t1"},{"target":"t2"}]
, group) (push) Has been cancelled
validate / prepare (push) Has been cancelled
validate / validate (push) Has been cancelled
chore(deps): Bump actions/github-script from 7 to 8 |
||
|---|---|---|
| .github | ||
| __mocks__/@actions | ||
| __tests__ | ||
| dist | ||
| src | ||
| subaction | ||
| test | ||
| .dockerignore | ||
| .editorconfig | ||
| .eslintignore | ||
| .eslintrc.json | ||
| .gitattributes | ||
| .gitignore | ||
| .prettierignore | ||
| .prettierrc.json | ||
| .yarnrc.yml | ||
| action.yml | ||
| codecov.yml | ||
| dev.Dockerfile | ||
| docker-bake.hcl | ||
| jest.config.ts | ||
| LICENSE | ||
| package.json | ||
| README.md | ||
| tsconfig.json | ||
| yarn.lock | ||
About
GitHub Action to use Docker Buildx Bake as a high-level build command.
Usage
Git context
Since v6 this action uses the Git context
to build from a remote bake definition by default like the build-push-action
does. This means that you don't need to use the actions/checkout
action to check out the repository as BuildKit
will do this directly.
The git reference will be based on the event that triggered your workflow
and will result in the following context: https://github.com/<owner>/<repo>.git#<ref>.
name: ci
on:
push:
jobs:
bake:
runs-on: ubuntu-latest
steps:
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build and push
uses: docker/bake-action@v6
with:
push: true
set: |
*.tags=user/app:latest
Be careful because any file mutation in the steps that precede the build step
will be ignored, including processing of the .dockerignore file since
the context is based on the Git reference. However, you can use the
Path context using the source input alongside
the actions/checkout action to remove
this restriction.
Default Git context can also be provided using the Handlebars template
expression {{defaultContext}}. Here we can use it to provide a subdirectory
to the default Git context:
-
name: Build and push
uses: docker/bake-action@v6
with:
source: "{{defaultContext}}:mysubdir"
push: true
set: |
*.tags=user/app:latest
Building from the current repository automatically uses the GITHUB_TOKEN
secret that GitHub automatically creates for workflows,
so you don't need to pass that manually. If you want to authenticate against
another private repository for remote definitions, you can set the
BUILDX_BAKE_GIT_AUTH_TOKEN environment variable.
Note
Supported since Buildx 0.14.0
-
name: Build and push
uses: docker/bake-action@v6
with:
push: true
set: |
*.tags=user/app:latest
env:
BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}
Path context
name: ci
on:
push:
jobs:
bake:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build and push
uses: docker/bake-action@v6
with:
source: .
push: true
set: |
*.tags=user/app:latest
Summaries
This action generates a job summary that provides a detailed overview of the build execution. The summary shows an overview of all the steps executed during the build, including the build inputs, bake definition, and eventual errors.
The summary also includes a link for downloading a build record archive with additional details about the build execution for all the bake targets, including build stats, logs, outputs, and more. The build record can be imported to Docker Desktop for inspecting the build in greater detail.
Warning
If you're using the
actions/download-artifactaction in your workflow, you need to ignore the build record artifacts ifnameandpatterninputs are not specified (defaults to download all artifacts of the workflow), otherwise the action will fail:- uses: actions/download-artifact@v4 with: pattern: "!*.dockerbuild"More info: https://github.com/actions/toolkit/pull/1874
Summaries are enabled by default, but can be disabled with the
DOCKER_BUILD_SUMMARY environment variable.
For more information about summaries, refer to the documentation.
Customizing
inputs
The following inputs can be used as step.with keys
Listtype is a newline-delimited stringset: target.args.mybuildarg=valueset: | target.args.mybuildarg=value foo*.args.mybuildarg=value
CSVtype is a comma-delimited stringtargets: default,release
| Name | Type | Description |
|---|---|---|
builder |
String | Builder instance (see setup-buildx action) |
workdir |
String | Working directory of execution |
source |
String | Context to build from. Can be either local (.) or a remote bake definition |
allow |
List/CSV | Allow build to access specified resources (e.g., network.host) |
call |
String | Set method for evaluating build (e.g., check) |
files |
List/CSV | List of bake definition files |
no-cache |
Bool | Do not use cache when building the image (default false) |
pull |
Bool | Always attempt to pull a newer version of the image (default false) |
load |
Bool | Load is a shorthand for --set=*.output=type=docker (default false) |
provenance |
Bool/String | Provenance is a shorthand for --set=*.attest=type=provenance |
push |
Bool | Push is a shorthand for --set=*.output=type=registry (default false) |
sbom |
Bool/String | SBOM is a shorthand for --set=*.attest=type=sbom |
set |
List | List of targets values to override (e.g., targetpattern.key=value) |
targets |
List/CSV | List of bake targets (default target used if empty) |
github-token |
String | API token used to authenticate to a Git repository for remote definitions (default ${{ github.token }}) |
outputs
The following outputs are available
| Name | Type | Description |
|---|---|---|
metadata |
JSON | Build result metadata |
environment variables
| Name | Type | Default | Description |
|---|---|---|---|
DOCKER_BUILD_CHECKS_ANNOTATIONS |
Bool | true |
If false, GitHub annotations are not generated for build checks |
DOCKER_BUILD_SUMMARY |
Bool | true |
If false, build summary generation is disabled |
DOCKER_BUILD_RECORD_UPLOAD |
Bool | true |
If false, build record upload as GitHub artifact is disabled |
DOCKER_BUILD_RECORD_RETENTION_DAYS |
Number | Duration after which build record artifact will expire in days. Defaults to repository/org retention settings if unset or 0 |
|
DOCKER_BUILD_EXPORT_LEGACY |
Bool | false |
If true, exports build using legacy export-build tool instead of buildx history export command |
Subactions
Contributing
Want to contribute? Awesome! You can find information about contributing to this project in the CONTRIBUTING.md