Ismo Vuorinen
7061aafd35
* docs: update documentation * feat: validate-inputs has it's own pyproject * security: mask DOCKERHUB_PASSWORD * chore: add tokens, checkout, recrete docs, integration tests * fix: add `statuses: write` permission to pr-lint
ivuorinen/actions/docker-publish-gh
Docker Publish to GitHub Packages
Description
Publishes a Docker image to GitHub Packages with advanced security and reliability features.
Inputs
| name | description | required | default |
|---|---|---|---|
image-name |
The name of the Docker image to publish. Defaults to the repository name. |
false |
"" |
tags |
Comma-separated list of tags for the Docker image. |
true |
"" |
platforms |
Platforms to publish (comma-separated). Defaults to amd64 and arm64. |
false |
linux/amd64,linux/arm64 |
registry |
GitHub Container Registry URL |
false |
ghcr.io |
token |
GitHub token with package write permissions |
false |
"" |
provenance |
Enable SLSA provenance generation |
false |
true |
sbom |
Generate Software Bill of Materials |
false |
true |
max-retries |
Maximum number of retry attempts for publishing |
false |
3 |
retry-delay |
Delay in seconds between retries |
false |
10 |
buildx-version |
Specific Docker Buildx version to use |
false |
latest |
cache-mode |
Cache mode for build layers (min, max, or inline) |
false |
max |
auto-detect-platforms |
Automatically detect and build for all available platforms |
false |
false |
scan-image |
Scan published image for vulnerabilities |
false |
true |
sign-image |
Sign the published image with cosign |
false |
true |
parallel-builds |
Number of parallel platform builds (0 for auto) |
false |
0 |
verbose |
Enable verbose logging |
false |
false |
Outputs
| name | description |
|---|---|
image-name |
Full image name including registry |
digest |
The digest of the published image |
tags |
List of published tags |
provenance |
SLSA provenance attestation |
sbom |
SBOM document location |
scan-results |
Vulnerability scan results |
platform-matrix |
Build status per platform |
build-time |
Total build time in seconds |
Runs
This action is a composite action.
Usage
- uses: ivuorinen/actions/docker-publish-gh@main
with:
image-name:
# The name of the Docker image to publish. Defaults to the repository name.
#
# Required: false
# Default: ""
tags:
# Comma-separated list of tags for the Docker image.
#
# Required: true
# Default: ""
platforms:
# Platforms to publish (comma-separated). Defaults to amd64 and arm64.
#
# Required: false
# Default: linux/amd64,linux/arm64
registry:
# GitHub Container Registry URL
#
# Required: false
# Default: ghcr.io
token:
# GitHub token with package write permissions
#
# Required: false
# Default: ""
provenance:
# Enable SLSA provenance generation
#
# Required: false
# Default: true
sbom:
# Generate Software Bill of Materials
#
# Required: false
# Default: true
max-retries:
# Maximum number of retry attempts for publishing
#
# Required: false
# Default: 3
retry-delay:
# Delay in seconds between retries
#
# Required: false
# Default: 10
buildx-version:
# Specific Docker Buildx version to use
#
# Required: false
# Default: latest
cache-mode:
# Cache mode for build layers (min, max, or inline)
#
# Required: false
# Default: max
auto-detect-platforms:
# Automatically detect and build for all available platforms
#
# Required: false
# Default: false
scan-image:
# Scan published image for vulnerabilities
#
# Required: false
# Default: true
sign-image:
# Sign the published image with cosign
#
# Required: false
# Default: true
parallel-builds:
# Number of parallel platform builds (0 for auto)
#
# Required: false
# Default: 0
verbose:
# Enable verbose logging
#
# Required: false
# Default: false