You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like a ref variable in this Action to allow building an image from a specific ref, that may not be the same as the ref that triggered the Actions workflow.
The problem this would solve is that, in GitHub Actions, you cannot make a scheduled workflow that targets anything but your default branch. And I would like to make a scheduled workflow to rebuild a few image tags that will easily go stale on security patches from the base distro images they use.
Take, for example, the following workflow definition that currently only does not work because this Action forces the build-push step to use the branch that triggered the workflow:
name: Publish docker imageon:
push:
branches:
- mainworkflow_dispatch:
schedule:
# Monday at 9am UTC
- cron: '0 9 * * 1'permissions:
id-token: writecontents: readpackages: writejobs:
package:
runs-on: ubuntu-latesttimeout-minutes: 15# Need this matrix because GitHub doesn't support running scheduled workflows against non-default branches# This checks out each branch listed here, and there are separate docker meta and build steps for each branch in the matrix.strategy:
matrix:
branch:
- main
- v1.0.xsteps:
- name: Add safe git directoryrun: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- uses: actions/checkout@v4with:
ref: ${{ matrix.branch }}
- name: Set up QEMUuses: docker/setup-qemu-action@v3
- name: Set up Docker Buildxuses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registryuses: docker/login-action@v3with:
registry: ghcr.iousername: ${{ github.actor }}password: ${{ github.token }}
- name: Docker meta on mainif: matrix.branch == 'main'id: meta-mainuses: docker/metadata-action@v5with:
images: | ghcr.io/${{ github.repository }}flavor: | latest=false prefix= suffix=tags: | type=raw,value=main,enable={{is_default_branch}} type=sha,format=long
- name: Build Docker Container on mainif: matrix.branch == 'main'uses: docker/build-push-action@v5with:
platforms: "linux/amd64,linux/arm64"push: truetags: ${{ steps.meta-main.outputs.tags }}labels: ${{ steps.meta-main.outputs.labels }}
- name: Docker meta on v1.0.xif: matrix.branch == 'v1.0.x'id: meta-v1dot0uses: docker/metadata-action@v5with:
images: | ghcr.io/${{ github.repository }}flavor: | latest=false prefix= suffix=tags: | type=raw,value=1.0 type=sha,format=long
- name: Build Docker Container on v1.0.xif: matrix.branch == 'v1.0.x'uses: docker/build-push-action@v5with:
platforms: "linux/amd64,linux/arm64"push: truetags: ${{ steps.meta-v1dot0.outputs.tags }}labels: ${{ steps.meta-v1dot0.outputs.labels }}
The text was updated successfully, but these errors were encountered:
Loosely related to this person's Issue: #467
But is not a duplicate. They were apparently fine with the proposed "add the branch to your on-push workflow trigger list" suggestion. That doesn't work for scheduled workflows though. Hopefully Docker recognizes this as a valid pain point, as maintaining images that are based on upstream distro images like alpine:latest will naturally require pulling in OS updates for security patches. And it is not uncommon to have multiple supported versions of the software you distribute that live on different branches.
As far as a proposed solution goes, I think this Action could go one of two ways (besides just ignoring the request and labeling this issue with wont-fix):
An input that tells the Action which ref to use
An input that tells the Action to just use the ref already checked out (likely by actions/checkout)
Description
I would like a ref variable in this Action to allow building an image from a specific ref, that may not be the same as the ref that triggered the Actions workflow.
The problem this would solve is that, in GitHub Actions, you cannot make a scheduled workflow that targets anything but your default branch. And I would like to make a scheduled workflow to rebuild a few image tags that will easily go stale on security patches from the base distro images they use.
Take, for example, the following workflow definition that currently only does not work because this Action forces the build-push step to use the branch that triggered the workflow:
The text was updated successfully, but these errors were encountered: