This reusable GitHub Actions workflow automates the process of building and pushing Docker images to a Docker Registry. It simplifies the Docker build process in your CI/CD pipeline by handling authentication, building, and tagging in a standardized way. Perfect for teams looking to streamline their containerization workflow with minimal configuration.
- π Securely authenticates with a Docker Registry using best practices
- ποΈ Builds optimized Docker images from a specified Dockerfile
- π·οΈ Intelligently tags and pushes images to a Docker Registry
- π Scan for vulnerabilities with Trivy
- π Lint dockerfile
- π‘οΈ Handles authentication securely using GitHub Secrets
- π Optimizes build performance with layer caching
- π¦ Supports AMD64 and ARM64 platforms (one per workflow run)
Important
Due to a limitation on Trivy analysis, the workflow targets a single platform. A workflow instance should be configured for each targeted platform.
| Name | Description | Required | Default |
|---|---|---|---|
build-args |
Docker build arguments (multiline format: KEY1=value1\nKEY2=value2) |
No | "" |
context |
Path to Docker Build Context | No | "." |
dockerfile |
Path to the Dockerfile to build (e.g., './Dockerfile', './docker/Dockerfile') | No | "Dockerfile" |
hadolint |
Enable Hadolint | No | true |
image-name |
Name of Docker Image (e.g., 'myimage', 'myorg/myimage') | true | - |
image-tag |
Tag to apply to the built image (e.g., 'latest', 'v1.2.3') | No | "latest" |
platform |
Indicates which platform the image should be built for | No | "linux/amd64" |
push |
Push Docker Image to Registry | No | false |
registry |
Docker Registry | No | "docker.io" |
security-report |
Security Report Mode ("sarif" | "comment"; ignored if security-scan: false) |
No | "sarif" |
security-scan |
Enable Trivy Security Scan | No | true |
trivy-version |
Override Trivy security scanner version | No | v0.69.2 |
| Name | Description | Required |
|---|---|---|
username |
Username for Docker Registry authentication | Yes |
password |
Password or Personal Access Token for Docker registry authentication (with appropriate permissions) | Yes |
name: Build and Push Docker Image
on:
push:
branches: [main]
# Also trigger on tag creation for release versioning
tags:
- "v*.*.*"
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all history for proper versioning
- name: Build and Push Docker Image
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@main # β οΈ use tagged version here
with:
image-name: "username/my-image"
dockerfile: "Dockerfile"
build-args: |
BUILD_VERSION=1.0.0
NODE_ENV=production
secrets:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PAT }}- π Ensure your Docker Registry credentials are stored securely as GitHub Secrets
- π The workflow will automatically handle the Docker build and push process
- π·οΈ You can specify any valid Docker tag format in the
taginput - π Consider using dynamic tags based on git tags, commit SHAs, or dates
- π§ͺ For testing purposes, you can use the
--dry-runflag in your own implementation
- If you encounter authentication issues, verify your Docker Registry credentials are correct and have appropriate permissions
- For build failures, check your Dockerfile syntax and ensure all referenced files exist
- Large images may take longer to push - consider optimizing your Dockerfile with multi-stage builds
- If you need to debug the build process, you can add the
ACTIONS_STEP_DEBUGsecret set totruein your repository