build: add check example for gha

dvdksn · dvdksn · commit 95acd49a55c1 · 2024-11-29T10:46:30.000+01:00
Signed-off-by: David Karlsson &lt;35727626+dvdksn@users.noreply.github.com&gt;
diff --git a/content/manuals/build/checks.md b/content/manuals/build/checks.md
@@ -278,3 +278,10 @@ experimental checks, the experimental checks will still run:
 # syntax=docker/dockerfile:1
 # check=skip=all;experimental=all
 ```
+
+## Further reading
+
+For more information about using build checks, see:
+
+- [Build checks reference](/reference/build-checks/)
+- [Validating build configuration with GitHub Actions](/manuals/build/ci/github-actions/checks.md)
diff --git a/content/manuals/build/ci/github-actions/checks.md b/content/manuals/build/ci/github-actions/checks.md
@@ -0,0 +1,107 @@
+---
+title: Validating build configuration with GitHub Actions
+linkTitle: Build checks
+description: Discover how to validate your build configuration and identify best practice violations using build checks in GitHub Actions.
+keywords: github actions, gha, build, checks
+---
+
+[Build checks](/manuals/build/checks.md) let you validate your `docker build`
+configuration without actually running the build.
+
+To run build checks in a GitHub Actions workflow, specify the `call: check`
+input for `docker/build-push-action`. With this set, the workflow fails if any
+check warnings are detected for your build's configuration.
+
+```yaml
+name: ci
+
+on:
+  push:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Validate build configuration
+        uses: docker/build-push-action@v6
+        with:
+          call: check
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: user/app:latest
+```
+
+## Build checks with Bake
+
+If you're using Bake and `docker/bake-action` to run your builds, you don't
+need to specify any special inputs in your GitHub Actions workflow
+configuration. Instead, define a Bake target that calls the `check` method,
+and invoke that target in your CI.
+
+```hcl
+target "validate-build" {
+  call = "check"
+}
+```
+
+```yaml
+name: ci
+
+on:
+  push:
+
+env:
+  IMAGE_NAME: user/app
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE_NAME }}
+
+      - name: Validate build configuration
+        uses: docker/bake-action@v5
+        with:
+          files: |
+            ./docker-bake.hcl
+            ${{ steps.meta.outputs.bake-file-tags }}
+            ${{ steps.meta.outputs.bake-file-annotations }}
+          targets: validate-build
+
+      - name: Build
+        uses: docker/bake-action@v5
+        with:
+          files: |
+            ./docker-bake.hcl
+            ${{ steps.meta.outputs.bake-file-tags }}
+            ${{ steps.meta.outputs.bake-file-annotations }}
+          push: true
+```
