From a5ddb938f92d0749080e66e8b6019f59d415e122 Mon Sep 17 00:00:00 2001 From: "hoverkraft-bot[bot]" <128996893+hoverkraft-bot[bot]@users.noreply.github.com> Date: Mon, 16 Mar 2026 10:08:00 +0000 Subject: [PATCH] docs: update actions and workflows documentation [skip ci] Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .github/workflows/docker-build-images.md | 80 ++++++++--------- actions/docker/build-image/README.md | 104 +++++++++++------------ actions/docker/setup/README.md | 2 +- 3 files changed, 93 insertions(+), 93 deletions(-) diff --git a/.github/workflows/docker-build-images.md b/.github/workflows/docker-build-images.md index f7e72c1a..5095a566 100644 --- a/.github/workflows/docker-build-images.md +++ b/.github/workflows/docker-build-images.md @@ -50,7 +50,7 @@ on: permissions: {} jobs: docker-build-images: - uses: hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml@c84014f56f57f8abe320ffa48adccbb997681550 # feat/docker-upgrade-buildkit-buildx + uses: hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml@a0bab9151cc074af9f6c8204ab42a48d2d570379 # 0.30.6 permissions: {} secrets: # Password or GitHub token (`packages:read` and `packages:write` scopes) configuration used to log against OCI registries. @@ -184,45 +184,45 @@ jobs: ### Workflow Call Inputs -| **Input** | **Description** | **Required** | **Type** | **Default** | -| --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------- | ---------------------------------- | -| **`runs-on`** | Runner to use. JSON array of runners. | **false** | **string** | `["ubuntu-latest"]` | -| | See . | | | | -| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **false** | **string** | `ghcr.io` | -| | Accepts either a registry hostname string (default format) or a JSON object. | | | | -| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | | | -| | JSON object keys: | | | | -| | - `pull`: registry used to pull public or default base images | | | | -| | - `pull:`: additional pull registry | | | | -| | - `push`: registry used for published images | | | | -| | - `cache`: registry used when `cache-type` is `registry` | | | | -| | If no `pull` key is provided, the `push` registry is also used for pulls. | | | | -| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **false** | **string** | `$\{\{ github.repository_owner }}` | -| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | | | -| | JSON example: `{"pull:private":"$\{{ github.repository_owner }}","push":"$\{{ github.repository_owner }}"}` | | | | -| | See . | | | | -| **`images`** | Images to build parameters. | **true** | **string** | - | -| | JSON array of objects. | | | | -| | Example: | | | | -| | 
[
 {
 "name": "application",
 "context": ".",
 "dockerfile": "./docker/application/Dockerfile",
 "target": "prod",
 "build-args": {
 "APP_PATH": "./application/",
 "PROD_MODE": "true"
 },
 "secret-envs": {
 "GH_TOKEN": "GITHUB_TOKEN"
 },
 "platforms": [
 "linux/amd64",
 {
 "name": "darwin/amd64",
 "runs-on": "macos-latest"
 }
 ]
 }
]
| | | | -| **`lfs`** | Enable Git LFS. | **false** | **boolean** | `true` | -| | See . | | | | -| **`build-secret-github-app-token-env`** | Environment variable name(s) to pass GitHub token generated by GitHub App. | **false** | **string** | `GITHUB_APP_TOKEN` | -| | Can be a multiline string list. | | | | -| | This is useful to pass a generated token to the build, as it is not possible to share generated secrets between jobs. | | | | -| | Needs input `build-secret-github-app-id` and secret `build-secret-github-app-key`. | | | | -| **`build-secret-github-app-id`** | GitHub App ID to generate GitHub token to be passed as build secret env. | **false** | **string** | - | -| | See . | | | | -| **`build-secret-github-app-owner`** | The owner of the GitHub App installation. | **false** | **string** | `$\{\{ github.repository_owner }}` | -| | See . | | | | -| **`cache-type`** | Cache type. | **false** | **string** | `gha` | -| | See . | | | | -| **`buildkitd-config-inline`** | Inline BuildKit daemon configuration. | **false** | **string** | - | -| | See . | | | | -| | Example for insecure registry: | | | | -| | 
[registry."my-registry.local:5000"]
 http = true
 insecure = true
| | | | -| **`sign`** | Sign built images. | **false** | **boolean** | `true` | -| | See [sign-images](../../actions/docker/sign-images/README.md). | | | | +| **Input** | **Description** | **Required** | **Type** | **Default** | +| --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------- | -------------------------------- | +| **`runs-on`** | Runner to use. JSON array of runners. | **false** | **string** | `["ubuntu-latest"]` | +| | See . | | | | +| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **false** | **string** | `ghcr.io` | +| | Accepts either a registry hostname string (default format) or a JSON object. | | | | +| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | | | +| | JSON object keys: | | | | +| | - `pull`: registry used to pull public or default base images | | | | +| | - `pull:`: additional pull registry | | | | +| | - `push`: registry used for published images | | | | +| | - `cache`: registry used when `cache-type` is `registry` | | | | +| | If no `pull` key is provided, the `push` registry is also used for pulls. | | | | +| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **false** | **string** | `${{ github.repository_owner }}` | +| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | | | +| | JSON example: `{"pull:private":"$\{{ github.repository_owner }}","push":"$\{{ github.repository_owner }}"}` | | | | +| | See . | | | | +| **`images`** | Images to build parameters. | **true** | **string** | - | +| | JSON array of objects. | | | | +| | Example: | | | | +| | 
[
 {
 "name": "application",
 "context": ".",
 "dockerfile": "./docker/application/Dockerfile",
 "target": "prod",
 "build-args": {
 "APP_PATH": "./application/",
 "PROD_MODE": "true"
 },
 "secret-envs": {
 "GH_TOKEN": "GITHUB_TOKEN"
 },
 "platforms": [
 "linux/amd64",
 {
 "name": "darwin/amd64",
 "runs-on": "macos-latest"
 }
 ]
 }
]
| | | | +| **`lfs`** | Enable Git LFS. | **false** | **boolean** | `true` | +| | See . | | | | +| **`build-secret-github-app-token-env`** | Environment variable name(s) to pass GitHub token generated by GitHub App. | **false** | **string** | `GITHUB_APP_TOKEN` | +| | Can be a multiline string list. | | | | +| | This is useful to pass a generated token to the build, as it is not possible to share generated secrets between jobs. | | | | +| | Needs input `build-secret-github-app-id` and secret `build-secret-github-app-key`. | | | | +| **`build-secret-github-app-id`** | GitHub App ID to generate GitHub token to be passed as build secret env. | **false** | **string** | - | +| | See . | | | | +| **`build-secret-github-app-owner`** | The owner of the GitHub App installation. | **false** | **string** | `${{ github.repository_owner }}` | +| | See . | | | | +| **`cache-type`** | Cache type. | **false** | **string** | `gha` | +| | See . | | | | +| **`buildkitd-config-inline`** | Inline BuildKit daemon configuration. | **false** | **string** | - | +| | See . | | | | +| | Example for insecure registry: | | | | +| | 
[registry."my-registry.local:5000"]
 http = true
 insecure = true
| | | | +| **`sign`** | Sign built images. | **false** | **boolean** | `true` | +| | See [sign-images](../../actions/docker/sign-images/README.md). | | | | diff --git a/actions/docker/build-image/README.md b/actions/docker/build-image/README.md index 350e2161..eb71b6a3 100644 --- a/actions/docker/build-image/README.md +++ b/actions/docker/build-image/README.md @@ -46,7 +46,7 @@ permissions: ## Usage ````yaml -- uses: hoverkraft-tech/ci-github-container/actions/docker/build-image@c84014f56f57f8abe320ffa48adccbb997681550 # feat/docker-upgrade-buildkit-buildx +- uses: hoverkraft-tech/ci-github-container/actions/docker/build-image@a0bab9151cc074af9f6c8204ab42a48d2d570379 # 0.30.6 with: # OCI registry configuration used to pull, push and cache images. # Accepts either a registry hostname string (default format) or a JSON object. @@ -159,57 +159,57 @@ permissions: ## Inputs -| **Input** | **Description** | **Required** | **Default** | -| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ---------------------------------- | -| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **true** | `ghcr.io` | -| | Accepts either a registry hostname string (default format) or a JSON object. | | | -| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | | -| | JSON object keys: | | | -| | - `pull`: registry used to pull public or default base images | | | -| | - `pull:`: additional pull registry | | | -| | - `push`: registry used for published images | | | -| | - `cache`: registry used when `cache-type` is `registry` | | | -| | If no `pull` key is provided, the `push` registry is also used for pulls. | | | -| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **true** | `$\{\{ github.repository_owner }}` | -| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | | -| | JSON example: | | | -| | `{"pull:private":"$\{{ github.repository_owner }}","push":"$\{{ github.repository_owner }}"}` | | | -| | See . | | | -| **`oci-registry-password`** | Password or personal access token configuration used to log against OCI registries. | **true** | `$\{\{ github.token }}` | -| | Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`. | | | -| | JSON example: `{"pull:private":"$\{{ github.token }}","push":"$\{{ github.token }}"}` | | | -| | Can be passed in using `secrets.GITHUB_TOKEN`. | | | -| | See . | | | -| **`repository`** | Repository name. | **false** | `$\{\{ github.repository }}` | -| | Example: `my-org/my-repo`. | | | -| | See [Docker get-image-metadata action](../get-image-metadata/README.md). | | | -| **`image`** | Additional image name. | **false** | - | -| | Example: `application`. | | | -| | See [Docker get-image-metadata action](../get-image-metadata/README.md). | | | -| **`tag`** | Force image tag to publish | **false** | - | -| **`platform`** | Platform to build for. Example: `linux/amd64`. | **true** | - | -| | See . | | | -| **`context`** | Build's context is the set of files located in the specified PATH or URL. | **false** | `.` | -| | See . | | | -| **`dockerfile`** | Location of Dockerfile (defaults to Dockerfile). | **false** | `Dockerfile` | -| | See . | | | -| **`build-args`** | List of build-time variables. | **false** | - | -| | See . | | | -| **`target`** | Sets the target stage to build. | **false** | - | -| | See . | | | -| **`secrets`** | List of secrets to expose to the build. | **false** | - | -| | See . | | | -| **`secret-envs`** | List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`). | **false** | - | -| | See . | | | -| **`cache-type`** | Cache type. | **false** | `gha` | -| | See . | | | -| **`buildkitd-config-inline`** | Inline BuildKit daemon configuration. | **false** | - | -| | See . | | | -| | Example for insecure registry: | | | -| | 
[registry."my-registry.local:5000"]
 http = true
 insecure = true
| | | -| **`multi-platform`** | Whether this build participates in a multi-platform image publication. | **false** | `false` | -| | When true, the image is pushed by digest only so manifests can be assembled later. | | | -| | When false, the image is pushed with its tags directly. | | | +| **Input** | **Description** | **Required** | **Default** | +| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | -------------------------------- | +| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **true** | `ghcr.io` | +| | Accepts either a registry hostname string (default format) or a JSON object. | | | +| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | | +| | JSON object keys: | | | +| | - `pull`: registry used to pull public or default base images | | | +| | - `pull:`: additional pull registry | | | +| | - `push`: registry used for published images | | | +| | - `cache`: registry used when `cache-type` is `registry` | | | +| | If no `pull` key is provided, the `push` registry is also used for pulls. | | | +| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **true** | `${{ github.repository_owner }}` | +| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | | +| | JSON example: | | | +| | `{"pull:private":"$\{{ github.repository_owner }}","push":"$\{{ github.repository_owner }}"}` | | | +| | See . | | | +| **`oci-registry-password`** | Password or personal access token configuration used to log against OCI registries. | **true** | `${{ github.token }}` | +| | Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`. | | | +| | JSON example: `{"pull:private":"$\{{ github.token }}","push":"$\{{ github.token }}"}` | | | +| | Can be passed in using `secrets.GITHUB_TOKEN`. | | | +| | See . | | | +| **`repository`** | Repository name. | **false** | `${{ github.repository }}` | +| | Example: `my-org/my-repo`. | | | +| | See [Docker get-image-metadata action](../get-image-metadata/README.md). | | | +| **`image`** | Additional image name. | **false** | - | +| | Example: `application`. | | | +| | See [Docker get-image-metadata action](../get-image-metadata/README.md). | | | +| **`tag`** | Force image tag to publish | **false** | - | +| **`platform`** | Platform to build for. Example: `linux/amd64`. | **true** | - | +| | See . | | | +| **`context`** | Build's context is the set of files located in the specified PATH or URL. | **false** | `.` | +| | See . | | | +| **`dockerfile`** | Location of Dockerfile (defaults to Dockerfile). | **false** | `Dockerfile` | +| | See . | | | +| **`build-args`** | List of build-time variables. | **false** | - | +| | See . | | | +| **`target`** | Sets the target stage to build. | **false** | - | +| | See . | | | +| **`secrets`** | List of secrets to expose to the build. | **false** | - | +| | See . | | | +| **`secret-envs`** | List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`). | **false** | - | +| | See . | | | +| **`cache-type`** | Cache type. | **false** | `gha` | +| | See . | | | +| **`buildkitd-config-inline`** | Inline BuildKit daemon configuration. | **false** | - | +| | See . | | | +| | Example for insecure registry: | | | +| | 
[registry."my-registry.local:5000"]
 http = true
 insecure = true
| | | +| **`multi-platform`** | Whether this build participates in a multi-platform image publication. | **false** | `false` | +| | When true, the image is pushed by digest only so manifests can be assembled later. | | | +| | When false, the image is pushed with its tags directly. | | | diff --git a/actions/docker/setup/README.md b/actions/docker/setup/README.md index 9d9ccdf3..bd30e575 100644 --- a/actions/docker/setup/README.md +++ b/actions/docker/setup/README.md @@ -30,7 +30,7 @@ Shared action to configure Docker tooling and OCI registry authentication. ## Usage ````yaml -- uses: hoverkraft-tech/ci-github-container/actions/docker/setup@c84014f56f57f8abe320ffa48adccbb997681550 # feat/docker-upgrade-buildkit-buildx +- uses: hoverkraft-tech/ci-github-container/actions/docker/setup@a0bab9151cc074af9f6c8204ab42a48d2d570379 # 0.30.6 with: # OCI registry configuration used to pull, push and cache images. # Accepts either a registry hostname string (default format) or a JSON object.