Table of Contents
Github actions examples
Build and download containers to server
name: CI on: push: branches: [develop] pull_request: branches: [develop] jobs: build: permissions: packages: write contents: write environment: develop strategy: matrix: node-version: [18.x, 20.x] name: Build with ${{ matrix.node-version }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v3 with: node-version: ${{ matrix.node-version }} cache: 'yarn' - run: yarn - run: yarn build - name: Copy google accounts credentials env: GOOGLE_SVC_ACC_CREDS_IT: ${{ secrets.GOOGLE_SVC_ACC_CREDS_IT }} run: echo "$GOOGLE_SVC_ACC_CREDS_IT" > account-creds.json - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Log in to GitHub container registry uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Lowercase the repo name run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - name: Build and push container image to registry uses: docker/build-push-action@v4 with: context: . push: true tags: ghcr.io/${{ env.REPO }}:${{ github.sha }} file: ./Dockerfile
The above assumes that the Dockerfile is in the root of the checked out source code. Note the context key which is required otherwise the step with fail with Dockerfile not found.
The permissions key is required if the Github has organization settings with restrictive permissions. The above allows the workflow to checkout the code and later push the docker image to the ghcr.io container registry.
yarn commands are just examples for building the next.js app.
Copy the credentials is an example of secrets. The GOOGLE_SVC_ACC_CREDS_IT is defined in repo Settings > Secrets and variables > Actions > Environment secrets (https://github.com/myorg/myrepo/settings/secrets/actions) Doing it like this, you need to have the environment directive in your jobs to access the variables (top level env key here) containing secrets otherwise the variables will be empty.
If the secrets containe curly braces for example if its a json object the GA workflow will replace any curly brace (for example one used in curl command to post data) with '***'. You will need to encode the json secret to base64 as above.
Tested on
- Github actions 2024-02