An action that builds docker image and pushes to Google Cloud Registry and Google Artifact Registry.
This action can be used to perform on every git push or every tag creation.
The service account key of google cloud. The JSON file can be encoded in base64 or in plain text.
Prior to version 4.1 - This field is required.
From version 5 - This field is optional when you are using workload identity with google-github-actions/auth
The registry where the image should be pushed. Default gcr.io.
The project id. This field is required.
The image name. This field is required.
The tag for the image. To create multiple tags of the same image, provide a comma (,) separated tag name (e.g. v2.1,v2,latest).
Default: latest.
To use the pushed Tag Name as image tag, see the example.
The image building Dockerfile.
If the context is not the root of the repository, Dockerfile from the context folder will be used.
Default: ./Dockerfile.
The docker build context. Default: .
If you use a multi-stage build and want to stop building at a certain image, you can use this field. The default value is empty.
Pass a list of env vars as build-args for docker-build, separated by commas. ie: HOST=db.default.svc.cluster.local:5432,USERNAME=db_user
If you want to skip the build step and just push the image built by any previous step, use this option. The default for this is false.
The service key you provided must have the Storage Admin permission to push the image to GCR.
It is possible to use a lower access level Storage Object Admin, but it will work only if the registry is already created. You must also add the Storage Legacy Bucket Reader permission to the artifacts.<project id>.appspot.com bucket for the given service account.
To create service key/account visit here
If you want to use Workload Identity Federation, follow the steps from here to set up Workload Identity Federation
name: Push to GCR GitHub Action
on: [push]
jobs:
build-and-push-to-gcr:
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v3
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/123123123/locations/global/workloadIdentityPools/the-workload-pool/providers/the-provider
service_account: only-storage-object-adm@<PROJECT_ID>.iam.gserviceaccount.com
- uses: RafikFarhad/push-to-gcr-github-action@v5-rc1
with:
# gcloud_service_key: ${{ secrets.GCLOUD_SERVICE_KEY }} # can be base64 encoded or plain text || not needed if you use google-github-actions/auth
registry: gcr.io
project_id: my-awesome-project
image_name: backend
image_tag: latest,v1
dockerfile: ./docker/Dockerfile.prod
context: ./dockerA complete workflow example with all type of authentication flavour
- Fork
- Implement your awesome idea or fix a bug
- Create PR 🎉
NB: The included workflow which tests the action's basic functionalities needs a GitHub secret named JSON_GCLOUD_SERVICE_ACCOUNT_JSON.
Currently, the workflow is not testable for forked repositories but I have an action item to enable this.