docker-build-push/action.yml
Jason Hall 898ec8408f
WIP: enable signing with cosign
Signed-off-by: Jason Hall <jason@chainguard.dev>
2023-11-09 14:23:22 -05:00

124 lines
3.9 KiB
YAML

# https://help.github.com/en/articles/metadata-syntax-for-github-actions
name: Build and push Docker images
description: Build and push Docker images with Buildx
author: docker
branding:
icon: 'anchor'
color: 'blue'
inputs:
add-hosts:
description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
required: false
allow:
description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
required: false
attests:
description: "List of attestation parameters (e.g., type=sbom,generator=image)"
required: false
build-args:
description: "List of build-time variables"
required: false
build-contexts:
description: "List of additional build contexts (e.g., name=path)"
required: false
builder:
description: "Builder instance"
required: false
cache-from:
description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
required: false
cache-to:
description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
required: false
cgroup-parent:
description: "Optional parent cgroup for the container used in the build"
required: false
context:
description: "Build's context is the set of files located in the specified PATH or URL"
required: false
file:
description: "Path to the Dockerfile"
required: false
labels:
description: "List of metadata for an image"
required: false
load:
description: "Load is a shorthand for --output=type=docker"
required: false
default: 'false'
network:
description: "Set the networking mode for the RUN instructions during build"
required: false
no-cache:
description: "Do not use cache when building the image"
required: false
default: 'false'
no-cache-filters:
description: "Do not cache specified stages"
required: false
outputs:
description: "List of output destinations (format: type=local,dest=path)"
required: false
platforms:
description: "List of target platforms for build"
required: false
provenance:
description: "Generate provenance attestation for the build (shorthand for --attest=type=provenance)"
required: false
pull:
description: "Always attempt to pull all referenced images"
required: false
default: 'false'
push:
description: "Push is a shorthand for --output=type=registry"
required: false
default: 'false'
sbom:
description: "Generate SBOM attestation for the build (shorthand for --attest=type=sbom)"
required: false
secrets:
description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
required: false
secret-envs:
description: "List of secret env vars to expose to the build (e.g., key=envname, MY_SECRET=MY_ENV_VAR)"
required: false
secret-files:
description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
required: false
shm-size:
description: "Size of /dev/shm (e.g., 2g)"
required: false
ssh:
description: "List of SSH agent socket or keys to expose to the build"
required: false
tags:
description: "List of tags"
required: false
target:
description: "Sets the target stage to build"
required: false
ulimit:
description: "Ulimit options (e.g., nofile=1024:1024)"
required: false
github-token:
description: "GitHub Token used to authenticate against a repository for Git context"
default: ${{ github.token }}
required: false
sign:
description: "If true, sign the image with the GitHub Actions identity using Cosign."
default: 'false'
required: false
outputs:
imageid:
description: 'Image ID'
digest:
description: 'Image digest'
metadata:
description: 'Build result metadata'
runs:
using: 'node20'
main: 'dist/index.js'
post: 'dist/index.js'