Ismo Vuorinen
7061aafd35
* docs: update documentation * feat: validate-inputs has it's own pyproject * security: mask DOCKERHUB_PASSWORD * chore: add tokens, checkout, recrete docs, integration tests * fix: add `statuses: write` permission to pr-lint
ivuorinen/actions/docker-publish-hub
Docker Publish to Docker Hub
Description
Publishes a Docker image to Docker Hub with enhanced security and reliability features.
Inputs
| name | description | required | default |
|---|---|---|---|
image-name |
The name of the Docker image to publish. Defaults to the repository name. |
false |
"" |
tags |
Comma-separated list of tags for the Docker image. |
true |
"" |
platforms |
Platforms to publish (comma-separated). Defaults to amd64 and arm64. |
false |
linux/amd64,linux/arm64 |
username |
Docker Hub username |
true |
"" |
password |
Docker Hub password or access token |
true |
"" |
repository-description |
Update Docker Hub repository description |
false |
"" |
readme-file |
Path to README file to update on Docker Hub |
false |
README.md |
provenance |
Enable SLSA provenance generation |
false |
true |
sbom |
Generate Software Bill of Materials |
false |
true |
max-retries |
Maximum number of retry attempts for publishing |
false |
3 |
retry-delay |
Delay in seconds between retries |
false |
10 |
buildx-version |
Specific Docker Buildx version to use |
false |
latest |
cache-mode |
Cache mode for build layers (min, max, or inline) |
false |
max |
auto-detect-platforms |
Automatically detect and build for all available platforms |
false |
false |
scan-image |
Scan published image for vulnerabilities |
false |
true |
sign-image |
Sign the published image with cosign |
false |
false |
verbose |
Enable verbose logging |
false |
false |
Outputs
| name | description |
|---|---|
image-name |
Full image name including registry |
digest |
The digest of the published image |
tags |
List of published tags |
repo-url |
Docker Hub repository URL |
scan-results |
Vulnerability scan results |
platform-matrix |
Build status per platform |
build-time |
Total build time in seconds |
signature |
Image signature if signing enabled |
Runs
This action is a composite action.
Usage
- uses: ivuorinen/actions/docker-publish-hub@main
with:
image-name:
# The name of the Docker image to publish. Defaults to the repository name.
#
# Required: false
# Default: ""
tags:
# Comma-separated list of tags for the Docker image.
#
# Required: true
# Default: ""
platforms:
# Platforms to publish (comma-separated). Defaults to amd64 and arm64.
#
# Required: false
# Default: linux/amd64,linux/arm64
username:
# Docker Hub username
#
# Required: true
# Default: ""
password:
# Docker Hub password or access token
#
# Required: true
# Default: ""
repository-description:
# Update Docker Hub repository description
#
# Required: false
# Default: ""
readme-file:
# Path to README file to update on Docker Hub
#
# Required: false
# Default: README.md
provenance:
# Enable SLSA provenance generation
#
# Required: false
# Default: true
sbom:
# Generate Software Bill of Materials
#
# Required: false
# Default: true
max-retries:
# Maximum number of retry attempts for publishing
#
# Required: false
# Default: 3
retry-delay:
# Delay in seconds between retries
#
# Required: false
# Default: 10
buildx-version:
# Specific Docker Buildx version to use
#
# Required: false
# Default: latest
cache-mode:
# Cache mode for build layers (min, max, or inline)
#
# Required: false
# Default: max
auto-detect-platforms:
# Automatically detect and build for all available platforms
#
# Required: false
# Default: false
scan-image:
# Scan published image for vulnerabilities
#
# Required: false
# Default: true
sign-image:
# Sign the published image with cosign
#
# Required: false
# Default: false
verbose:
# Enable verbose logging
#
# Required: false
# Default: false