Composite Docker action #208
Comments
|
Hi @Brutus5000, thanks for your feedback!
Actually it makes sense to have a dedicated login action because you can define tags affecting multiple registries which was not possible in v1. I'll give you an example with an image that will be published on both Docker Hub and GHCR: # v2
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: |
user/app:latest
ghcr.io/${{ github.repository_owner }}/app:latest# v1
steps:
-
name: Checkout code
uses: actions/checkout@v2
-
name: Build and push to Docker Hub
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
repository: user/app
tags: latest
-
name: Build and push to GHCR
uses: docker/build-push-action@v1
with:
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
repository: ghcr.io/${{ github.repository_owner }}/app
tags: latestAs you can see here you must duplicate as many times the number of registries as you wish to use for v1. So you don't have as much flexibility on the use of tags and also build will be done x times the number of registries. The fact of having a dedicated action for the connection also allows to reuse it in other actions that need to connect to a registry. And finally, a significant point concerns certain registries that use specific authentication methods through their own action. This is for example the case for AWS: name: ci
on:
push:
branches: master
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: <region>
-
name: Login to ECR
uses: docker/login-action@v1
with:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
I'm currently working on an action called Docker meta allowing a management of tags and labels similar to the old flags used in v1. #206 was created to integrate this action as an example.
Context and file are not mandatory. The default Git context is used if no context is defined. This allows you to stop using the step |
About this I think a Composite action would fit perfectly for you. But atm it's not possible to use actions within actions with composite (see actions/runner#646). What you can do is sharing workflows with your organization. |
But this is one of the many issues with v2: you keep making new actions (more complexity) when what users want is something simple out-of-the-box with optional complexity. And even those options should be presented simply. As an example: why am I leveraging multiple caches with opaque language? It's starting to look like a DSL. A key-value of and mean nothing to the uninitiated. If that is the language used behind the scenes, don't present that to the user! You've taken something that needed a few tweaks and turned it into something for people to spend hours pouring over documentation for the right recipe of incantations that result in a successful build. |
|
@crazy-max Thanks for your suggestions I will look into them. Regarding the other points: |
|
I understand there are edge cases where you want more controls, but v2 is a serious regression in usability over v1 ... to the point where I've been holding updates and even downgrading some to get the simple reliable easy to configure v1 back. If this keeps going this way I'll be looking for alternative actions altogether because it's just silly to have such complex workflows with multiple things to bump for such simple integrated tasks. As the OP noted, the advanced features should have been added while keeping sensible defaults in place for simpler use cases. |
|
@worldofgeese @Brutus5000 @alerque A single (or more concise) step as it was the case for # https://github.com/crazy-max/docker-action/blob/v1/action.yml
name: 'My Docker action'
description: 'Docker AIO action'
author: 'crazy-max'
inputs:
registry:
description: 'Server address of the Docker registry'
required: false
image:
description: 'Docker image'
required: true
username:
description: 'Username to log in to a Docker registry'
required: false
password:
description: 'Password or PAT to log in to a Docker registry'
required: false
push:
description: 'Push'
required: false
default: 'false'
runs:
using: 'composite'
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ${{ inputs.image }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
if: github.event_name != 'pull_request' && inputs.username != '' && inputs.password != ''
uses: docker/login-action@v1
with:
username: ${{ inputs.username }}
password: ${{ inputs.password }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
push: ${{ inputs.push }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}And a possible workflow to use it: name: ci
on:
push:
jobs:
ci:
runs-on: ubuntu-latest
steps:
-
name: Docker build
uses: crazy-max/docker-action@v1
with:
registry: ghcr.io # optional for Docker Hub
image: name/app
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_PAT }}
push: ${{ github.event_name != 'pull_request' }} |
|
@CrazyMax I'll look forward to a v3 of this action (or a new one entirely) that works like that and brings some sanity to simpler projects. For now v1 still functions nicely. 😉 |
Is there an issue open specifically to track that? |
|
@ianfixes Upstream issue actually actions/runner#646. |
|
Thanks. I think my question was unclear though. You described |
The official GH Action for this gets worse and worse with every version, and the old versions aren't properly supported any more. cf. docker/build-push-action#208 This isn't actually that hard, and with a make rule for it we have the option to build and push locally.
The official GH Action for this gets worse and worse with every version, and the old versions aren't properly supported any more. cf. docker/build-push-action#208 This isn't actually that hard, and with a make rule for it we have the option to build and push locally.
It might be a good idea for the community to put together a "docker-build-push-simple-action" as a stopgap while waiting for actions/runner#646. Once that's complete, if Docker decides to create a new action for simple use cases, the community-maintained stopgap could be deprecated in favor of the new Docker-maintained solution. If Docker decides not to create such an action, the community-maintained action could be maintained as long as demand for it existed. |
|
Composite actions have supported runs.steps[*].uses since late 2021. I didn't see any official support for a composite action yet, so I put one together at https://github.com/benfrisbie/docker-tag-build-push-action. It doesn't support all of the inputs and outputs from docker/login-action, docker/metadata-action, and docker/build-push-action. However, it supports most of the main ones that I needed for my personal use. I plan on adding support for the rest of them soon. Anyways, I'd welcome some feedback on it! If there is interest to get it moved into the docker organization I'd love to discuss that as well. |
Hi guys,
this is not really an issue, but some feedback that you hopefully consider:
I'm aware I probably sound like a whiny crybaby, but please believe me that I admire your efforts... but seriously: with v2 you raped a good working Github action.
And yes yes, you're probably thinking: Why don't you fix it then yourself? But I'm already managing two dozen repositories for the FAForever project and I just need an easy and working CI infrastructure. [And v1 is still available, so technically no problem.]
Why do I use this action?
I prefer Github actions because they are easier to read and simplified building blocks over writing it in a shell script, even if they are a few (!) lines longer
And v1 of this action is the perfect solution for the workflow I need (with some Github if expression magic):
What has changed?
With v2 I need to split it off in 3 steps (+ an additional one considering #100):
Eventually I end up with 3x the lines of code that I had before. No thanks, I rather stick with the previous version or go back to manual shell commands.
Here are some ideas to improve on v2:
tag_with_refflag was quirky and limits some scenarios like pushing multiple tags and I actually like that there is another way now to configure this now. But was it necessary to drop the existing flag? Maybe you can consider bringing it back under a more meaningful name.contextandfileare mandatory now (didn't test it actually) but then again: why would I need to declare what is the 99% default case? So if it's not mandatory I'd to remove it from the upgrade document, and if it is mandatory I'd suggest to offer default settings for a classic Dockerfile buildI'd love to see a very powerful action as it is now, with sensible default settings preconfigured for the simple use cases.
Love you guys! Keep up the good work! ❤️
The text was updated successfully, but these errors were encountered: