After Dockerhub discontinued the automatic container builds for non-pro users, I switched to a Github action for my container build. The following describes how the switch works.

Activating the Github Registry

The new ghcr.io registry can be activated in your account settings. To do this, you have to activate the “Improved container support” in the “Feature Preview” section.

Github User Settings

Github Personal Access Token (PAT)

Creation of the token

For the login to the registry, a token is required. You can generate a token in the Settings -> Developer Settings -> Personal Access Tokens section. Here we select write:packages and click on the green generate button below.

new personal access token

We now have a token and I immediately saved it in my password manager. Attention: There is no way to display the token again.

Save the token as Repository Secret

In order to use the token in the action, it must be stored in the repository. That’s what repository secrets are for. These are stored in the repository under Settings -> Secrets. I saved the token with the name CR_PAT. In addition, there is a secret for Dockerhub and a private registry.

Creation of the Github Action

Each Github action is defined via a yaml file in the repository. You can create them via the web interface in the Actions tab, or push them into the path .github/workflows.

on:
  schedule:
    - cron: '41 0 3 * *'
  Push:
    branches:
      - master
    # Publish semver tags as releases.
    tags: [ 'v*.*.*' ]
  pull_request:
    branches: [ master ]
  workflow_dispatch:

Env:
  #github.repository <account>as/<repo>
  IMAGE_NAME: ${{ github.repository }}

Jobs:
  build:

runs-on: ubuntu-latest
    Permissions:
      contents: read
      packages: write

Steps:
      - name: Checkout repository
        uses: actions/checkout@v2

# Login against a Docker registry except on PR
      #https://github.com/docker/login-action
      - name: Log into registry ghcr.io
        if: github.event_name != 'pull_request'
        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
        with:
          registry: ghcr.io
          username: olqs
          password: ${{ secrets. CR_PAT }}

# Login against a Docker registry except on PR
      #https://github.com/docker/login-action
      - name: Log into registry hub.docker.com
        if: github.event_name != 'pull_request'
        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
        with:
          registry: docker.io
          username: olqs
          password: ${{ secrets. DOCKERHUB_PASSWORD }}

# Login against a Docker registry except on PR
      #https://github.com/docker/login-action
      - name: Log into registry quay.home.olqs.de
        if: github.event_name != 'pull_request'
        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
        with:
          registry: quay.home.olqs.de
          username: olqs
          password: ${{ secrets. QUAYHOME_PASSWORD }}

# Extract metadata (tags, labels) for Docker
      #https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
        with:
          images: ghcr.io/${{ env. IMAGE_NAME }},${{ env. IMAGE_NAME }},quay.home.olqs.de/${{ env. IMAGE_NAME }}

# Build and push Docker image with Buildx (don't push on PR)
      #https://github.com/docker/build-push-action
      - name: Build and push Docker image
        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
        with:
          Context:.
          push: ${{ github.event_name != 'pull_request' }}
          tags: |
            ${{ steps.meta.outputs.tags }}
            ghcr.io/${{ env. IMAGE_NAME }}:latest
            quay.home.olqs.de/${{ env. IMAGE_NAME }}:latest
            ${{ env. IMAGE_NAME }}:latest
          labels: ${{ steps.meta.outputs.labels }}</repo> </account>

The action is divided into three sections.

  • on: Events when the action is triggered.
    • schedule: A timed start of the action
    • push: Start the action when pushing new tags or into specific branches.
    • pull_request: Start at pull_requests
    • workflow_dispatch: This allows a manual start of the action.
  • env: Environment variables, should be self-explanatory.
  • jobs: The actual jobs that are executed.
    • runs-on: This is where the Github runner is set, i.e. the type of virtual machine used for the steps.
    • permissions: This section defines the required permissions, so you have the permissions used under control to restrict tokens with very far-reaching permissions.
    • steps: The individual steps of the action.
      • Source code checkout
      • Login to the three registries in which is pushed later.
      • Extract metadata of the containers from the repository
      • The container build and push into the different registries

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.