Skip to content

Commit bfed586

Browse files
mericksmericks
authored
feat(push-to-gar-docker,build-push-to-dockerhub): add support for buildkit secrets (#990)
* Expose buildkit_secrets field for push-to-gar-docker * Expose buildkit_secrets field to build-push-to-dockerhub * Update README files * Fix typos * Add prettier formatting * Rename buildkit_secerts > secrets * Add prettier fixes * Remove input examples for secrets field * Add link to buildx secrets documentation * Update input description
1 parent 5793b5c commit bfed586

File tree

4 files changed

+46
-33
lines changed

4 files changed

+46
-33
lines changed

actions/build-push-to-dockerhub/README.md

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -38,19 +38,20 @@ jobs:
3838
3939
## Inputs
4040
41-
| Name | Type | Description |
42-
| ---------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
43-
| `context` | String | Path to the Dockerfile (default: `.`) |
44-
| `platforms` | List | List of platforms the image should be built for (e.g. `linux/amd64,linux/arm64`) |
45-
| `push` | Bool | Push the generated image (default: `false`) |
46-
| `repository` | String | Docker repository name (**required**) |
47-
| `tags` | List | Tags that should be used for the image (see the [metadata-action][mda] for details) |
48-
| `file` | String | Path and filename of the dockerfile to build from. (Default: `{context}/Dockerfile`) |
49-
| `build-args` | String | List of arguments necessary for the Docker image to be built. |
50-
| `target` | String | Sets the target stage to build |
51-
| `cache-from` | String | Where cache should be fetched from ([more about GHA and container caching](https://www.kenmuse.com/blog/implementing-docker-layer-caching-in-github-actions/)) |
52-
| `cache-to` | String | Where cache should be stored to ([more about GHA and container caching](https://www.kenmuse.com/blog/implementing-docker-layer-caching-in-github-actions/)) |
53-
| `docker-buildx-driver` | String | The [driver](https://github.com/docker/setup-buildx-action/tree/v3/?tab=readme-ov-file#customizing) to use for Docker Buildx |
41+
| Name | Type | Description |
42+
| ---------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
43+
| `context` | String | Path to the Dockerfile (default: `.`) |
44+
| `platforms` | List | List of platforms the image should be built for (e.g. `linux/amd64,linux/arm64`) |
45+
| `push` | Bool | Push the generated image (default: `false`) |
46+
| `repository` | String | Docker repository name (**required**) |
47+
| `tags` | List | Tags that should be used for the image (see the [metadata-action][mda] for details) |
48+
| `file` | String | Path and filename of the dockerfile to build from. (Default: `{context}/Dockerfile`) |
49+
| `build-args` | String | List of arguments necessary for the Docker image to be built. |
50+
| `target` | String | Sets the target stage to build |
51+
| `cache-from` | String | Where cache should be fetched from ([more about GHA and container caching](https://www.kenmuse.com/blog/implementing-docker-layer-caching-in-github-actions/)) |
52+
| `cache-to` | String | Where cache should be stored to ([more about GHA and container caching](https://www.kenmuse.com/blog/implementing-docker-layer-caching-in-github-actions/)) |
53+
| `docker-buildx-driver` | String | The [driver](https://github.com/docker/setup-buildx-action/tree/v3/?tab=readme-ov-file#customizing) to use for Docker Buildx |
54+
| `secrets` | List | Secrets to [expose to the build](https://github.com/docker/build-push-action). Only needed when authenticating to private repositories outside the repository in which the image is being built. |
5455

5556
[mda]: https://github.com/docker/metadata-action?tab=readme-ov-file#tags-input
5657

actions/build-push-to-dockerhub/action.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,10 @@ inputs:
4949
The driver to use for Docker Buildx
5050
required: false
5151
default: "docker-container"
52+
secrets:
53+
description: |
54+
Secrets to expose to the build. Only needed when authenticating to private repositories outside the repository in which the image is being built.
55+
required: false
5256

5357
runs:
5458
using: composite
@@ -111,3 +115,4 @@ runs:
111115
target: ${{ inputs.target }}
112116
cache-from: ${{ inputs.cache-from }}
113117
cache-to: ${{ inputs.cache-to }}
118+
secrets: ${{ inputs.secrets }}

actions/push-to-gar-docker/README.md

Lines changed: 21 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -51,26 +51,27 @@ input.
5151

5252
## Inputs
5353

54-
| Name | Type | Description |
55-
| ------------------------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
56-
| `registry` | String | Google Artifact Registry to store docker images in. |
57-
| `tags` | List | Tags that should be used for the image (see the [metadata-action][mda] for details) |
58-
| `context` | List | Path to the Docker build context. |
59-
| `environment` | Bool | Environment for pushing artifacts (can be either dev or prod). |
60-
| `image_name` | String | Name of the image to be pushed to GAR. |
61-
| `build-args` | String | List of arguments necessary for the Docker image to be built. |
62-
| `push` | Boolean | Whether to push the image to the registry. |
63-
| `file` | String | Path and filename of the dockerfile to build from. (Default: `{context}/Dockerfile`) |
64-
| `platforms` | List | List of platforms the image should be built for (e.g. `linux/amd64,linux/arm64`) |
65-
| `cache-from` | String | Where cache should be fetched from ([more about GHA and container caching](https://www.kenmuse.com/blog/implementing-docker-layer-caching-in-github-actions/)) |
66-
| `cache-to` | String | Where cache should be stored to ([more about GHA and container caching](https://www.kenmuse.com/blog/implementing-docker-layer-caching-in-github-actions/)) |
67-
| `ssh` | List | List of SSH agent socket or keys to expose to the build ([more about ssh for docker/build-push-action](https://github.com/docker/build-push-action?tab=readme-ov-file#inputs)) |
68-
| `build-contexts` | List | List of additional [build contexts](https://github.com/docker/build-push-action?tab=readme-ov-file#inputs) (e.g., `name=path`) |
69-
| `docker-buildx-driver` | String | The [driver](https://github.com/docker/setup-buildx-action/tree/v3/?tab=readme-ov-file#customizing) to use for Docker Buildx |
70-
| `repository_name` | String | Override the 'repo_name' which is included as part of the GAR repository name. Only necessary when the GAR includes a repo name that doesn't match the GitHub repo name. |
71-
| `labels` | List | List of custom labels to add to the image as metadata (see the [metadata-action](https://github.com/docker/metadata-action?tab=readme-ov-file#inputs)) for details |
72-
| `target` | String | Name of the [build stage](https://docs.docker.com/build/building/multi-stage/) to target. |
73-
| `delete_credentials_file` | Boolean | Delete the credentials file after the action is finished. If you want to keep the credentials file for a later step, set this to false. (Default: `true`) |
54+
| Name | Type | Description |
55+
| ------------------------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
56+
| `registry` | String | Google Artifact Registry to store docker images in. |
57+
| `tags` | List | Tags that should be used for the image (see the [metadata-action][mda] for details) |
58+
| `context` | List | Path to the Docker build context. |
59+
| `environment` | Bool | Environment for pushing artifacts (can be either dev or prod). |
60+
| `image_name` | String | Name of the image to be pushed to GAR. |
61+
| `build-args` | String | List of arguments necessary for the Docker image to be built. |
62+
| `push` | Boolean | Whether to push the image to the registry. |
63+
| `file` | String | Path and filename of the dockerfile to build from. (Default: `{context}/Dockerfile`) |
64+
| `platforms` | List | List of platforms the image should be built for (e.g. `linux/amd64,linux/arm64`) |
65+
| `cache-from` | String | Where cache should be fetched from ([more about GHA and container caching](https://www.kenmuse.com/blog/implementing-docker-layer-caching-in-github-actions/)) |
66+
| `cache-to` | String | Where cache should be stored to ([more about GHA and container caching](https://www.kenmuse.com/blog/implementing-docker-layer-caching-in-github-actions/)) |
67+
| `ssh` | List | List of SSH agent socket or keys to expose to the build ([more about ssh for docker/build-push-action](https://github.com/docker/build-push-action?tab=readme-ov-file#inputs)) |
68+
| `build-contexts` | List | List of additional [build contexts](https://github.com/docker/build-push-action?tab=readme-ov-file#inputs) (e.g., `name=path`) |
69+
| `docker-buildx-driver` | String | The [driver](https://github.com/docker/setup-buildx-action/tree/v3/?tab=readme-ov-file#customizing) to use for Docker Buildx |
70+
| `repository_name` | String | Override the 'repo_name' which is included as part of the GAR repository name. Only necessary when the GAR includes a repo name that doesn't match the GitHub repo name. |
71+
| `labels` | List | List of custom labels to add to the image as metadata (see the [metadata-action](https://github.com/docker/metadata-action?tab=readme-ov-file#inputs)) for details |
72+
| `target` | String | Name of the [build stage](https://docs.docker.com/build/building/multi-stage/) to target. |
73+
| `delete_credentials_file` | Boolean | Delete the credentials file after the action is finished. If you want to keep the credentials file for a later step, set this to false. (Default: `true`) |
74+
| `secrets` | List | Secrets to [expose to the build](https://github.com/docker/build-push-action). Only needed when authenticating to private repositories outside the repository in which the image is being built. |
7475

7576
[mda]: https://github.com/docker/metadata-action?tab=readme-ov-file#tags-input
7677

actions/push-to-gar-docker/action.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
name: Push to artifact registry
22
description: Composite action to push to Google Artifact Registry
3+
34
inputs:
45
registry:
56
description: |
@@ -77,6 +78,10 @@ inputs:
7778
Delete the credentials file after the action is finished.
7879
If you want to keep the credentials file for a later step, set this to false.
7980
default: "true"
81+
secrets:
82+
description: |
83+
Secrets to expose to the build. Only needed when authenticating to private repositories outside the repository in which the image is being built.
84+
required: false
8085

8186
outputs:
8287
version:
@@ -183,6 +188,7 @@ runs:
183188
platforms: ${{ inputs.platforms }}
184189
ssh: ${{ inputs.ssh }}
185190
build-contexts: ${{ inputs.build-contexts }}
191+
secrets: ${{ inputs.secrets }}
186192

187193
- name: Cleanup checkout directory
188194
if: ${{ !cancelled() }}

0 commit comments

Comments
 (0)