Before you can deploy your image, you must release it.
This repo contains a GitHub Actions workflow to automatically publish an image to the GitHub Container Registry whenever you create a GitHub release.
If you have the GH Cli installed, that's:
gh release create v1.0.0In the commands below, <registry> can be docker.io for Docker Hub, ghcr.io for GitHub Container registry, quay.io for RedHat Quay, etc.
More guides for Amazon ECR, Azure Container registry, Google Container registry
By default Docker images are built for Amd processors. With the rise of Arm processors (Apple Silicon M1, Raspberry Pi, etc.) It is recommended to build at least for both of these using Buildx.
-
Initiate Buildx builder if you haven't done so with
docker buildx create --use -
Build, tag and publish your image:
docker buildx build \ --platform linux/arm64,linux/amd64 \ --build-arg node_version=$(<.nvmrc) \ --tag <registry>/<your_username>/app-node-js:1.0.0 \ --tag <registry>/<your_username>/app-node-js:latest \ --label org.opencontainers.image.source=https://github.com/<your_username>/<repo_name> \ --push \ .
More Open Container annotations
The GH Actions workflow supports signing your image with CoSign. It follows the experimental keyless process with GitHub OIDC.
To verify images created this way, you need to use the COSIGN_EXPERIMENTAL flag. For example:
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/<your_username>/<repo_name>:latestWhile this process is great for zero-config image signing, it is still currently experimental and you might want to use your own pre-defined keys.