Docker GitHub Action Example
Welcome. This is a simple example application to show a common Docker specific GitHub Action setup. We have a Python Flask application that is built and deployed in Docker containers using Dockerfiles and Docker Compose.
Docker Actions v2
๐ช Docker Login๐ Setup Buildx๐ญ Setup Cross Platform Builds๐จ Docker Build
CI Setup
We want to setup CI to test:
โ Every commit tomainโ Every PR๐ Integration tests nightly๐ณ Releases via tags pushed to Docker Hub.
We are going to use GitHub Actions for the CI infrastructure. Since its local to GitHub Actions and free when used inside GitHub Actions we're going to use the new GitHub Container Registry to hold a copy of a nightly Docker image.
After CI when it comes time for production we want to use Docker's new Amazon ECS integration to deploy from Docker Compose directly to Amazon ECS with Fargate. So we will push our release tagged images to Docker Hub which is integrated directly Amazon ECS via Docker Compose.
The Dockerfile is setup to use multi stage builds. We have stages for
test
and prod.
This means we'll need Docker Buildx and we can use the a preview of the
new Docker Buildx Action. This is going to let us achieve a couple awesome outcomes:
- We are going to use the buildx backend by default. Buildx out of the box brings a
number of improvements over the default
docker build. Here. - We are going to setup buildx caching to take advantage of the GitHub Action Cache. You should see build performance improvements when repeating builds with common layers. Here. Here.
- We are going to setup QEMU to do cross platform builds. In the example, we'll build this application for every Linux architecture that Docker Hub supports. Here. Here.
I'm not going to have GitHub Action manage the deployment side of this example. Mostly because I don't want to leave an Amazon ECS cluster running. But you can see a demo of this in one of my past streams: https://www.youtube.com/watch?v=RfQrgZFq_P0
GitHub Container Registry FAQ
Where does this secret.GHCR_TOKEN come from?
The secret isn't automatically populated. The original GitHub Packages container registry did use the automatically generated GITHUB_TOKEN. GitHub has said that support for that will be added to this new registry in the future.
Support for Actions through GITHUB_TOKEN is coming.
โ Bryan Clark (@clarkbw) September 1, 2020
For now you will need to create a GitHub Personal Access Token (PAT) which you can do by going here: https://github.com/settings/tokens
You'll need to create the PAT with the correct scopes which you can find here: https://docs.github.com/en/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry
Once you have the PAT you can create an action secret: https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
You can call the secret whatever you want. But GHCR_TOKEN is what I used for the example above.
I thought GHCR had anonymous pulls?
Its a beta product so the documentation doesn't really exist yet. If you dig around on GitHub's Community site you can find some answers. Thats a pain so here is what I've found.
ghcr.io is private by default. You'll notice in the nightly.yml I had to do a login to be able to pull the image.
You can see what packages you have by going here (change the username): https://github.com/USERNAME?tab=packages&visibility=private
You can make it public going to the packages settings (change the username and project name): https://github.com/users/USERNAME/packages/container/PROJECTNAME/settings
Compose sample application
Python/Flask application
Project structure:
.
โโโ docker-compose.yaml
โโโ app
ย ย โโโ Dockerfile
ย ย โโโ requirements.txt
ย ย โโโ app.py
services:
web:
build: app
ports:
- '5000:5000'
Deploy with docker-compose
$ docker-compose up -d
Creating network "flask_default" with the default driver
Building web
Step 1/6 : FROM python:3.7-alpine
...
...
Status: Downloaded newer image for python:3.7-alpine
Creating flask_web_1 ... done
Expected result
Listing containers must show one container running and the port mapping as below:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c126411df522 flask_web "python3 app.py" About a minute ago Up About a minute 0.0.0.0:5000->5000/tcp flask_web_1
After the application starts, navigate to http://localhost:5000 in your web browser or run:
$ curl localhost:5000
Hello Docker and GitHub!
Stop and remove the containers
$ docker-compose down
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent