Getting Started with GitHub Container Registry instead of Docker Hub
Overview
There is also a story that the free tier of ** Docker Hub ** will be limited, so I checked how to use ** GitHub Container Registry **, so make a note of it. Specifically, I would like to realize the following.
- Every time you push to ** GitHub **, build a docker image with ** GitHub Actions ** and push to ** GitHub Container Registry **
- At that time, change the tag of the docker image according to the tag pushed to ** GitHub **
environment
--Wsl2 Debian
- Docker version 19.03.12, build 48a66213fe
Advance preparation
** Personal Access Token ** is required to automatically push docker images to GitHub Container Registry [^ 1]. Create from your icon on the top right of GitHub by following the steps Settings> Developer settings> Personal access tokens> Generate new token. The scope is the one in the image below.
[^ 1]: In Github Packages, it seems that GITHUB_TOKEN could be used instead.
Register the obtained token in the GitHub repository that manages Dockerfile etc. according to the procedure of Setting> Secrets> New secret (here, it is assumed that it is saved as CR_PAT).
YAML file creation ①
Create a YAML file to control GitHub Actions. Assuming the following directory structure [^ 2].
.
├── .git
├── .github
│ └── workflows
│ └── build_on_push.yaml
└── Dockerfile
[^ 2]: The GitHub repository actually used is here
The contents of build_on_push.yaml are as follows.
name: Publish Docker image
on: push
jobs:
main:
name: Push Docker image to Github Container Registry
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Push to GitHub Container Registry
uses: docker/build-push-action@v2
with:
push: true
tags: ghcr.io/dr666m1/qiita_starwars:latest
name: is an arbitrary value because it only names workflow and job. In on:, specify the trigger event (push here). Since jobs: on the 3rd line defines a job consisting of 5 steps, each step will be explained briefly below (By the way, runs-on: is the specification of the virtual machine that executes the job. Here, GitHub Host Runner is selected).
Checkout
Make the GitHub repository accessible with the action actions / checkout @ v2. Conversely, without this step, you should get an error such as "Dockerfile not found". The documentation is here [https://github.com/marketplace/actions/checkout).
Set up QEMU, Set up Docker Buildx
docker / setup-qemu-action @ v1`` docker / setup-buildx-action @ v1` should be recognized as an action to enable the necessary functions.
Login to GitHub Container Registry
Login process is performed by the action docker / login-action @ v1. $ {{secrets.CR_PAT}} refers to the Personal Access Token created earlier. It also supports Docker Hub and GitLab, and the Documentation describes how to handle each.
Push to GitHub Container Registry
Build and push the docker image with the action docker / build-push-action @ v2. You can also specify tags with tags:, but at this stage, set it to latest.
Operation check
When the file is ready, just git push and the workflow defined in YAML will be executed. You can also check the log as shown in the screen below.
If there is no problem, you can check the docker image built with Your profile> Packages from your icon on the upper right of GitHub. It seems to be private by default, so change it if you want to make it public. After that, docker run is OK [^ 3] if there is no problem.
docker run -it --rm ghcr.io/dr666m1/qiita_starwars:latest
[^ 3]: As you can see in Dockerfile, in this example the Star Wars screening starts (telnet towel.blinkenlights). .nl) so exit with Ctrl +]> quit
YAML file creation ②
Next, modify the YAML file as follows so that you can specify the tag.
name: Publish Docker image
on: push
jobs:
main:
name: Push Docker image to Github Container Registry
runs-on: ubuntu-latest
steps:
- name: Prepare #add to
id: prep
run: |
if [[ $GITHUB_REF == refs/tags/* ]]; then
TAG=${GITHUB_REF#refs/tags/}
else
TAG="latest"
fi
echo "::set-output name=tag::${TAG}"
- name: Checkout
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Push to GitHub Container Registry
uses: docker/build-push-action@v2
with:
push: true
tags: ghcr.io/dr666m1/qiita_starwars:${{ steps.prep.outputs.tag }} #Change
The main change is the addition of a step called Prepare. run: specifies the command to be executed by shell (default is bash [^ 4]). Here, the processing is changed by the $ GITHUB_REF environment variable [^ 5], and if the tag name is included, it is assigned, otherwise latest is assigned to TAG. echo" :: set-output name = tag :: $ {TAG} " is workflow command, And here the value of TAG can be referred to in the subsequent step. The part that $ {{steps.prep.outputs.tag}} actually refers to.
[^ 4]: Available shells are Official Documents reference [^ 5]: Available environment variables are Official Documentation See
With this change, the tags of the docker image will also change according to the tags pushed to GitHub. For example, if you execute the following, the tag of the docker image will also be 1.0.
git tag 1.0
git push --tags
Finally
If you want to move from Docker Hub to GitHub Container Registry, this is generally a problem. GitHub Actions can be used for more things such as automated testing, so I want to study when I have time.
Recommended Posts