When you host your project code on GitHub and want to release it as a docker image for deployment or just publish it, the way to go are GitHub actions. Actions are basically hooks that can start CI/DC workflows on repository events.

GitHub actions can be used to build and push images to GitHub’s Container Registry which are reachable under https://ghcr.io which is part of the package registry. The package registry is not only for docker images, it can also host quite a few other kinds of packages. In this case we’ll focus on docker images.

Prerequisites:

• GitHub Repository
• Basic Knowledge about GitHub actions syntax
• Dockerfile

The GitHub Workflow

I created a workflow in my repository under .github/workflow/cd.md and added the following:

name: Continuous Delivery
on:
  push:
    branches:
      - 'main'
    tags:
      - 'v*.*.*'

jobs:
  build:
    name: Buid and push Docker image to GitHub Container registry
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v3

      - name: Docker Setup Buildx
        uses: docker/setup-buildx-action@v2.2.1

      - name: Docker Login
        uses: docker/login-action@v2.1.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Docker images
        uses: docker/build-push-action@v3.2.0
        env:
          REGISTRY: ghcr.io
          IMAGE_NAME: ${{ github.repository }}
        with:
          context: .
          file: ./Dockerfile
          target: final
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest

Let’s go through the important parts:

Permissions: Actions have access to the repo while running. We should always make sure by setting the permissions, that actions have the minimum access they require. See here: permissions for the github_token

Step 1–2: Checkout the code and Setup docker

Step 3: Login to GitHub Container Registry: This is where the interesting part starts. github.actor is the user that triggers the workflow. For password use secrets.GITHUB_TOKEN which is a temporary token which is automatically generated for this workflow. See here: publishing images to github-packages.

Step 4: Build and push Docker images: If the registry that you want to push to belongs to an organization then you will need to add permissions to create packages. If it lives under your own handle you don’t need to configure anything more since you are the owner already and the secrets.GITHUB_TOKEN has all the permissions granted.

The action will consume the Dockerfile and build the image up to the target build step that you can define. In docker the repository where the image will be hosted is also part of the tag. Setting the image name to the repository name will create an image with the following tag: ghcr.io/OWNER/IMAGE_NAME:latest

Read more here: pushing container images

Happy shipping \o/