diff --git a/.github/workflows/docker-build-images.md b/.github/workflows/docker-build-images.md index 7e7b9243..7b4144bb 100644 --- a/.github/workflows/docker-build-images.md +++ b/.github/workflows/docker-build-images.md @@ -157,6 +157,16 @@ jobs: # Default: `gha` cache-type: gha + # Inline BuildKit daemon configuration. + # See https://github.com/docker/setup-buildx-action#inputs. + # Example for insecure registry: + # ```ini + # [registry."my-registry.local:5000"] + # http = true + # insecure = true + # ``` + buildkitd-config-inline: "" + # Sign built images. # See [sign-images](../../actions/docker/sign-images/README.md). # @@ -207,6 +217,14 @@ jobs: | | See . | | | | | **`cache-type`** | Cache type. | **false** | **string** | `gha` | | | See . | | | | +| **`buildkitd-config-inline`** | Inline BuildKit daemon configuration. | **false** | **string** | - | +| | See . | | | | +| | Example for insecure registry: | | | | +| | ```ini + [registry."my-registry.local:5000"] + http = true + insecure = true + ``` | | | | | **`sign`** | Sign built images. | **false** | **boolean** | `true` | | | See [sign-images](../../actions/docker/sign-images/README.md). | | | | diff --git a/actions/docker/build-image/README.md b/actions/docker/build-image/README.md index 91ba6301..1c9bd665 100644 --- a/actions/docker/build-image/README.md +++ b/actions/docker/build-image/README.md @@ -45,7 +45,7 @@ permissions: ## Usage -```yaml +````yaml - uses: hoverkraft-tech/ci-github-container/actions/docker/build-image@a0bab9151cc074af9f6c8204ab42a48d2d570379 # 0.30.6 with: # OCI registry configuration used to pull, push and cache images. @@ -137,11 +137,21 @@ permissions: # Default: `gha` cache-type: gha + # Inline BuildKit daemon configuration. + # See https://github.com/docker/setup-buildx-action#inputs. + # Example for insecure registry: + # ```ini + # [registry."my-registry.local:5000"] + # http = true + # insecure = true + # ``` + buildkitd-config-inline: "" + # Whether this build participates in a multi-platform image publication. # When true, the image is pushed by digest only so manifests can be assembled later. # When false, the image is pushed with its tags directly. multi-platform: "" -``` +```` @@ -149,53 +159,61 @@ permissions: ## Inputs -| **Input** | **Description** | **Required** | **Default** | -| --------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------- | -| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **true** | `ghcr.io` | -| | Accepts either a registry hostname string (default format) or a JSON object. | | | -| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | | -| | JSON object keys: | | | -| | - `pull`: registry used to pull public or default base images | | | -| | - `pull:`: additional pull registry | | | -| | - `push`: registry used for published images | | | -| | - `cache`: registry used when `cache-type` is `registry` | | | -| | If no `pull` key is provided, the `push` registry is also used for pulls. | | | -| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **true** | `${{ github.repository_owner }}` | -| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | | -| | JSON example: | | | -| | `{"pull:private":"$\{{ github.repository_owner }}","push":"$\{{ github.repository_owner }}"}` | | | -| | See . | | | -| **`oci-registry-password`** | Password or personal access token configuration used to log against OCI registries. | **true** | `${{ github.token }}` | -| | Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`. | | | -| | JSON example: `{"pull:private":"$\{{ github.token }}","push":"$\{{ github.token }}"}` | | | -| | Can be passed in using `secrets.GITHUB_TOKEN`. | | | -| | See . | | | -| **`repository`** | Repository name. | **false** | `${{ github.repository }}` | -| | Example: `my-org/my-repo`. | | | -| | See [Docker get-image-metadata action](../get-image-metadata/README.md). | | | -| **`image`** | Additional image name. | **false** | - | -| | Example: `application`. | | | -| | See [Docker get-image-metadata action](../get-image-metadata/README.md). | | | -| **`tag`** | Force image tag to publish | **false** | - | -| **`platform`** | Platform to build for. Example: `linux/amd64`. | **true** | - | -| | See . | | | -| **`context`** | Build's context is the set of files located in the specified PATH or URL. | **false** | `.` | -| | See . | | | -| **`dockerfile`** | Location of Dockerfile (defaults to Dockerfile). | **false** | `Dockerfile` | -| | See . | | | -| **`build-args`** | List of build-time variables. | **false** | - | -| | See . | | | -| **`target`** | Sets the target stage to build. | **false** | - | -| | See . | | | -| **`secrets`** | List of secrets to expose to the build. | **false** | - | -| | See . | | | -| **`secret-envs`** | List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`). | **false** | - | -| | See . | | | -| **`cache-type`** | Cache type. | **false** | `gha` | -| | See . | | | -| **`multi-platform`** | Whether this build participates in a multi-platform image publication. | **false** | `false` | -| | When true, the image is pushed by digest only so manifests can be assembled later. | | | -| | When false, the image is pushed with its tags directly. | | | +| **Input** | **Description** | **Required** | **Default** | +| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------- | +| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **true** | `ghcr.io` | +| | Accepts either a registry hostname string (default format) or a JSON object. | | | +| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | | +| | JSON object keys: | | | +| | - `pull`: registry used to pull public or default base images | | | +| | - `pull:`: additional pull registry | | | +| | - `push`: registry used for published images | | | +| | - `cache`: registry used when `cache-type` is `registry` | | | +| | If no `pull` key is provided, the `push` registry is also used for pulls. | | | +| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **true** | `${{ github.repository_owner }}` | +| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | | +| | JSON example: | | | +| | `{"pull:private":"$\{{ github.repository_owner }}","push":"$\{{ github.repository_owner }}"}` | | | +| | See . | | | +| **`oci-registry-password`** | Password or personal access token configuration used to log against OCI registries. | **true** | `${{ github.token }}` | +| | Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`. | | | +| | JSON example: `{"pull:private":"$\{{ github.token }}","push":"$\{{ github.token }}"}` | | | +| | Can be passed in using `secrets.GITHUB_TOKEN`. | | | +| | See . | | | +| **`repository`** | Repository name. | **false** | `${{ github.repository }}` | +| | Example: `my-org/my-repo`. | | | +| | See [Docker get-image-metadata action](../get-image-metadata/README.md). | | | +| **`image`** | Additional image name. | **false** | - | +| | Example: `application`. | | | +| | See [Docker get-image-metadata action](../get-image-metadata/README.md). | | | +| **`tag`** | Force image tag to publish | **false** | - | +| **`platform`** | Platform to build for. Example: `linux/amd64`. | **true** | - | +| | See . | | | +| **`context`** | Build's context is the set of files located in the specified PATH or URL. | **false** | `.` | +| | See . | | | +| **`dockerfile`** | Location of Dockerfile (defaults to Dockerfile). | **false** | `Dockerfile` | +| | See . | | | +| **`build-args`** | List of build-time variables. | **false** | - | +| | See . | | | +| **`target`** | Sets the target stage to build. | **false** | - | +| | See . | | | +| **`secrets`** | List of secrets to expose to the build. | **false** | - | +| | See . | | | +| **`secret-envs`** | List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`). | **false** | - | +| | See . | | | +| **`cache-type`** | Cache type. | **false** | `gha` | +| | See . | | | +| **`buildkitd-config-inline`** | Inline BuildKit daemon configuration. | **false** | - | +| | See . | | | +| | Example for insecure registry: | | | +| | ```ini + [registry."my-registry.local:5000"] + http = true + insecure = true + ``` | | | +| **`multi-platform`** | Whether this build participates in a multi-platform image publication. | **false** | `false` | +| | When true, the image is pushed by digest only so manifests can be assembled later. | | | +| | When false, the image is pushed with its tags directly. | | | diff --git a/actions/docker/setup/README.md b/actions/docker/setup/README.md index 8db08db9..47be7e6c 100644 --- a/actions/docker/setup/README.md +++ b/actions/docker/setup/README.md @@ -29,7 +29,7 @@ Shared action to configure Docker tooling and OCI registry authentication. ## Usage -```yaml +````yaml - uses: hoverkraft-tech/ci-github-container/actions/docker/setup@a0bab9151cc074af9f6c8204ab42a48d2d570379 # 0.30.6 with: # OCI registry configuration used to pull, push and cache images. @@ -48,6 +48,16 @@ Shared action to configure Docker tooling and OCI registry authentication. # Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`. oci-registry-password: "" + # Inline BuildKit daemon configuration. + # See https://github.com/docker/setup-buildx-action#inputs. + # Example for insecure registry: + # ```ini + # [registry."my-registry.local:5000"] + # http = true + # insecure = true + # ``` + buildkitd-config-inline: "" + # Optional built images payload used to resolve manifest publication registries. # When provided, registry authentication targets are inferred from the built image data. built-images: "" @@ -56,25 +66,33 @@ Shared action to configure Docker tooling and OCI registry authentication. # # Default: `true` setup-buildx: true -``` +```` ## Inputs -| **Input** | **Description** | **Required** | **Default** | -| --------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------ | ----------- | -| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **true** | `ghcr.io` | -| | Accepts either a registry hostname string (default format) or a JSON object. | | | -| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | | -| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **false** | - | -| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | | -| **`oci-registry-password`** | Password or personal access token configuration used to log against OCI registries. | **false** | - | -| | Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`. | | | -| **`built-images`** | Optional built images payload used to resolve manifest publication registries. | **false** | - | -| | When provided, registry authentication targets are inferred from the built image data. | | | -| **`setup-buildx`** | Whether to install and configure Docker Buildx. | **false** | `true` | +| **Input** | **Description** | **Required** | **Default** | +| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------ | ----------- | +| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **true** | `ghcr.io` | +| | Accepts either a registry hostname string (default format) or a JSON object. | | | +| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | | +| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **false** | - | +| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | | +| **`oci-registry-password`** | Password or personal access token configuration used to log against OCI registries. | **false** | - | +| | Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`. | | | +| **`buildkitd-config-inline`** | Inline BuildKit daemon configuration. | **false** | - | +| | See . | | | +| | Example for insecure registry: | | | +| | ```ini + [registry."my-registry.local:5000"] + http = true + insecure = true + ``` | | | +| **`built-images`** | Optional built images payload used to resolve manifest publication registries. | **false** | - | +| | When provided, registry authentication targets are inferred from the built image data. | | | +| **`setup-buildx`** | Whether to install and configure Docker Buildx. | **false** | `true` |