Merge branch 'release/1.4.0'

VaultVulp · Oct 30, 2022 · af42c57 · af42c57
2 parents bfa86f5 + 474153a
commit af42c57
Show file tree

Hide file tree

Showing 4 changed files with 159 additions and 38 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker:stable
+FROM docker:20-dind
 
 COPY entrypoint.sh /entrypoint.sh
 

diff --git a/README.md b/README.md
@@ -1,19 +1,27 @@
-# GitHub Action to build and publish Docker Images to GitHub Package Registry
+# GitHub Action to build and publish Docker Images to GitHub Container registry
 
 ## Usage examples:
 
-### Build and publish Docker Image with a `head` tag for the `develop` branch
+### Build and publish Docker Image with the `head` tag for the `develop` branch
 
+#### Full workflow example:
 ```yaml
+name: Build and publish
+
+on: 
+  push:
+    branches:
+    - "develop" # Running this workflow only for develop branch
+
+jobs:
   build-and-publish-head:
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/develop' # Running this job only for develop branch
 
     steps:
-    - uses: actions/checkout@v2 # Checking out the repo
+    - uses: actions/checkout@v2.5.0 # Checking out the repo
 
     - name: Build and Publish head Docker image
-      uses: VaultVulp/gp-docker-action@1.2.0
+      uses: VaultVulp/gp-docker-action@1.4.0
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
         image-name: my-cool-service # Provide Docker image name
@@ -22,96 +30,191 @@
 
 ### Build and publish Docker Image with a `latest` tag for the `master` branch with different dockerfile
 
+#### Full workflow example:
 ```yaml
+name: Build and publish
+
+on: 
+  push:
+    branches:
+    - "master" # Running this workflow only for master branch
+
+jobs:
   build-and-publish-latest:
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/master' # Running this job only for master branch
 
     steps:
-    - uses: actions/checkout@v2 # Checking out the repo
+    - uses: actions/checkout@v2.5.0 # Checking out the repo
 
     - name: Build and Publish latest Docker image
-      uses: VaultVulp/gp-docker-action@1.2.0
+      uses: VaultVulp/gp-docker-action@1.4.0
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
         image-name: my-cool-service # Provide only Docker image name, tag will be automatically set to latest
-        dockerfile: Dockerfile_server
+        dockerfile: Alternative.Dockerfile # Provide custom Dockerfile name
 ```
 
 ### Build and publish Docker Image with a tag equal to a git tag
 
+#### Full workflow example:
 ```yaml
+name: Build and publish
+
+on: 
+  push:
+    tags:
+    - "*" # Running this workflow for any tag
+
+jobs:
   build-and-publish-tag:
     runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/') # Running this job only for tags
 
     steps:
-    - uses: actions/checkout@v2
-
+    - uses: actions/checkout@v2.5.0 # Checking out the repo
+    
     - name: Build and Publish Tag Docker image
-      uses: VaultVulp/gp-docker-action@1.2.0
+      uses: VaultVulp/gp-docker-action@1.4.0
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
         image-name: my-cool-service # Provide only Docker image name
         extract-git-tag: true # Provide flag to extract Docker image tag from git reference
 ```
 
-### Build and publish Docker Image with a differnet build context
+### Build and publish Docker Image with a different build context
 
+#### Full workflow example:
 ```yaml
-  build-and-publish-dev:
+name: Build and publish
+
+on: push
+
+jobs:
+  build-and-publish-context:
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/develop' # Running this job only for develop branch
 
     steps:
-    - uses: actions/checkout@v2 # Checking out the repo
-
-    - name: Build and Publish head Docker image
-      uses: VaultVulp/gp-docker-action@1.2.0
+    - uses: actions/checkout@v2.5.0 # Checking out the repo
+    
+    - name: Build and Publish Docker image from a different context
+      uses: VaultVulp/gp-docker-action@1.4.0
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
         image-name: my-cool-service # Provide Docker image name
-        build-context: ./dev # Provide path to the folder with the Dockerfile
+        build-context: ./dev # Provide path to the folder with a Dockerfile
 ```
 
-### Pulling the image before building it
+### Pulling an image before building it
 
+#### Full workflow example:
 ```yaml
-  pull-and-build-dev:
+name: Build and publish
+
+on: push
+
+jobs:
+  pull-and-build-and-publish:
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/develop' # Running this job only for develop branch
 
     steps:
-    - uses: actions/checkout@v2 # Checking out the repo
+    - uses: actions/checkout@v2.5.0 # Checking out the repo
 
     - name: Build and Publish head Docker image
-      uses: VaultVulp/gp-docker-action@1.2.0
+      uses: VaultVulp/gp-docker-action@1.4.0
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
         image-name: my-cool-service # Provide Docker image name
-        pull-image: true # Raise the flag to try to pull image
+        pull-image: true # Provide the flag to pull image
 ```
 
+### Passing additional image tags
 
-### Passing additional arguments to the docker build command
+**NB**: `additional-image-tags` will **not** replace `image-tag` argument - additional tags will be appended to the list. If no `image-tag` was specified, then image will be tagged with the `latest` tag.
+
+#### Examples:
+
+##### `image-tag` was specified: 
+```yaml
+image-name: my-cool-service
+image-tags: first
+additional-image-tags: second third
+```
+Action will produce one image with three tags:
+- `my-cool-service:first`
+- `my-cool-service:second`
+- `my-cool-service:third`
+
+##### No `image-tag` was specified: 
+
+In this case action will use the default `latest` tag.
+
+```yaml
+image-name: my-cool-service
+additional-image-tags: second third
+```
+Action will produce one image with three tags:
+- `my-cool-service:latest`
+- `my-cool-service:second`
+- `my-cool-service:third`
 
+#### Full workflow example:
 ```yaml
+name: Build and publish 
+
+on: push
+
+jobs:
   build-with-custom-args:
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/develop' # Running this job only for develop branch
 
     steps:
-    - uses: actions/checkout@v2 # Checking out the repo
+    - uses: actions/checkout@v2.5.0 # Checking out the repo
+ 
+    - name: Build with --build-arg(s)
+      uses: VaultVulp/gp-docker-action@1.4.0
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
+        image-name: my-cool-service # Provide Docker image name
+        image-tags: first # if ommitted will be replaced with "latest"
+        additional-image-tags: second third # two additional tags for an image
+```
+
+### Passing additional arguments to the docker build command
 
+**NB**, additional arguments should be passed with the `=` sign istead of a ` `(space) between argument name and values.
+
+Correct example: 
+```yaml
+custom-args: --build-arg=some="value" 
+                      # ^ this "=" is mandatory
+```
+Incorrect example:
+```yaml
+custom-args: --build-arg some="value" 
+                      # ^ this space might break the action
+```
+
+#### Full workflow example:
+```yaml
+name: Build and publish
+
+on: push
+
+jobs:
+  build-with-custom-args:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2.5.0 # Checking out the repo
+ 
     - name: Build with --build-arg(s)
-      uses: VaultVulp/gp-docker-action@1.2.0
+      uses: VaultVulp/gp-docker-action@1.4.0
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages
         image-name: my-cool-service # Provide Docker image name
-        custom-args: --build-arg some=value --build-arg some_other=value # Pass some additional arguments to the docker build command
+        custom-args: --build-arg=some="value" --build-arg=some_other="value" # Pass some additional arguments to the docker build command
 ```
 
-------
+## Security considerations
 
 You will encounter the following log message in your GitHub Actions Pipelines:
 
@@ -121,11 +224,14 @@ WARNING! Your password will be stored unencrypted in /github/home/.docker/config
 Login Succeeded
 ```
 
-I would like to encourage you, that I do not store your secrets, passwords, token, or any other information.
+I would like to ensure you, that I do not store your secrets, passwords, token, or any other information.
 
 This warning informs you about the fact, that this Action passes your GitHub token via the command line argument:
 ```bash
 docker login -u publisher -p ${DOCKER_TOKEN} ghcr.io
 ```
 
-In a non-safe environment, this could raise a security issue, but this is not the case. We are passing a temporary authorization token, which will become useless once the pipeline is complete. It will also require additional code to extract this token from the environment or `docker` internals, that this Action does not have.
+In a non-safe environment, this could raise a security issue, but this is not the case. We are passing a temporary authorization token, which will expire once the pipeline is completed. It would also require additional code to extract this token from the environment or `docker` internals, that this Action does not have.
+
+[This](https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-a-registry-using-a-personal-access-token
+) is the detailed explanation about the `${{ secrets.GITHUB_TOKEN }}` and it's relations with the GCR.
diff --git a/action.yml b/action.yml
@@ -31,6 +31,10 @@ inputs:
     description: 'Any additional docker build arguments as a string'
     default: ""
     required: false
+  additional-image-tags:
+    description: 'Multiple tags that will be attached to a built image'
+    default: ""
+    required: false
 runs:
   using: 'docker'
   image: 'Dockerfile'
@@ -43,6 +47,7 @@ runs:
     - ${{ inputs.build-context}}
     - ${{ inputs.pull-image}}
     - ${{ inputs.custom-args}}
+    - ${{ inputs.additional-image-tags}}
 branding:
   icon: 'box'
   color: 'blue'
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -8,6 +8,7 @@ DOCKERFILE=$5
 BUILD_CONTEXT=$6
 PULL_IMAGE=$7
 CUSTOM_DOCKER_BUILD_ARGS=$8
+DOCKER_IMAGE_TAGS=$9
 
 if [ $EXTRACT_TAG_FROM_GIT_REF == "true" ]; then
   DOCKER_IMAGE_TAG=$(echo ${GITHUB_REF} | sed -e "s/refs\/tags\///g")
@@ -22,5 +23,14 @@ if [ $PULL_IMAGE == "true" ]; then
   docker pull $DOCKER_IMAGE_NAME_WITH_TAG || docker pull $DOCKER_IMAGE_NAME || 1
 fi
 
-docker build -t $DOCKER_IMAGE_NAME_WITH_TAG -f $DOCKERFILE $CUSTOM_DOCKER_BUILD_ARGS $BUILD_CONTEXT
-docker push $DOCKER_IMAGE_NAME_WITH_TAG
+set -- -t $DOCKER_IMAGE_NAME_WITH_TAG -f $DOCKERFILE $CUSTOM_DOCKER_BUILD_ARGS $BUILD_CONTEXT
+
+for tag in $DOCKER_IMAGE_TAGS
+do
+    DOCKER_IMAGE_NAME_WITH_TAG=$(echo ${DOCKER_IMAGE_NAME}:${tag} | tr '[:upper:]' '[:lower:]')
+    set -- -t $DOCKER_IMAGE_NAME_WITH_TAG "$@"
+done
+
+docker buildx build "$@"
+
+docker push --all-tags $DOCKER_IMAGE_NAME