Home

Awesome

GitHub release GitHub marketplace CI workflow Test workflow Codecov

About

GitHub Action to use Docker Buildx Bake as a high-level build command.

Screenshot


Usage

Path context

By default, this action will use the local bake definition (source: .), so you need to use the actions/checkout action to check out the repository.

name: ci

on:
  push:
    branches:
      - 'master'

jobs:
  bake:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Build and push
        uses: docker/bake-action@v5
        with:
          push: true

Git context

Git context can be provided using the source input. This means that you don't need to use the actions/checkout action to check out the repository as BuildKit will do this directly.

name: ci

on:
  push:
    branches:
      - 'master'

jobs:
  bake:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Build and push
        uses: docker/bake-action@v5
        with:
          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
          push: true

Be careful because any file mutation in the steps that precede the build step will be ignored, including processing of the .dockerignore file since the context is based on the Git reference. However, you can use the Path context alongside the actions/checkout action to remove this restriction.

Default Git context can also be provided using the Handlebars template expression {{defaultContext}}. Here we can use it to provide a subdirectory to the default Git context:

      -
        name: Build and push
        uses: docker/bake-action@v5
        with:
          source: "{{defaultContext}}:mysubdir"
          push: true

Building from the current repository automatically uses the GITHUB_TOKEN secret that GitHub automatically creates for workflows, so you don't need to pass that manually. If you want to authenticate against another private repository for remote definitions, you can set the BUILDX_BAKE_GIT_AUTH_TOKEN environment variable.

[!NOTE] Supported since Buildx 0.14.0

      -
        name: Build and push
        uses: docker/bake-action@v5
        with:
          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
          push: true
        env:
          BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}

Summaries

This action generates a job summary that provides a detailed overview of the build execution. The summary shows an overview of all the steps executed during the build, including the build inputs, bake definition, and eventual errors.

build-push-action job summary

The summary also includes a link for downloading a build record archive with additional details about the build execution for all the bake targets, including build stats, logs, outputs, and more. The build record can be imported to Docker Desktop for inspecting the build in greater detail.

Summaries are enabled by default, but can be disabled with the DOCKER_BUILD_SUMMARY environment variable.

For more information about summaries, refer to the documentation.

Customizing

inputs

The following inputs can be used as step.with keys

List type is a newline-delimited string

set: target.args.mybuildarg=value
set: |
  target.args.mybuildarg=value
  foo*.args.mybuildarg=value

CSV type is a comma-delimited string

targets: default,release
NameTypeDescription
builderStringBuilder instance (see setup-buildx action)
sourceStringContext to build from. Can be either local (.) or a remote bake definition
allowList/CSVAllow build to access specified resources (e.g., network.host)
filesList/CSVList of bake definition files
workdirStringWorking directory of execution
targetsList/CSVList of bake targets (default target used if empty)
no-cacheBoolDo not use cache when building the image (default false)
pullBoolAlways attempt to pull a newer version of the image (default false)
loadBoolLoad is a shorthand for --set=*.output=type=docker (default false)
provenanceBool/StringProvenance is a shorthand for --set=*.attest=type=provenance
pushBoolPush is a shorthand for --set=*.output=type=registry (default false)
sbomBool/StringSBOM is a shorthand for --set=*.attest=type=sbom
setListList of targets values to override (e.g., targetpattern.key=value)
github-tokenStringAPI token used to authenticate to a Git repository for remote definitions (default ${{ github.token }})

outputs

The following outputs are available

NameTypeDescription
metadataJSONBuild result metadata

environment variables

NameTypeDefaultDescription
DOCKER_BUILD_CHECKS_ANNOTATIONSBooltrueIf false, GitHub annotations are not generated for build checks
DOCKER_BUILD_SUMMARYBooltrueIf false, build summary generation is disabled
DOCKER_BUILD_RECORD_UPLOADBooltrueIf false, build record upload as GitHub artifact is disabled
DOCKER_BUILD_RECORD_RETENTION_DAYSNumberDuration after which build record artifact will expire in days. Defaults to repository/org retention settings if unset or 0

Subactions

Contributing

Want to contribute? Awesome! You can find information about contributing to this project in the CONTRIBUTING.md