0

I would like to semantic versioning my docker images which are built and pushed to GitHub Container Registry by the GitHub Action.

I found a satisfying solution here: https://stackoverflow.com/a/69059228/12877180

According to the solution I reproduced the following YAML.

name: Docker CI

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

env:
  REGISTRY: ghcr.io

jobs:
  build-push:
    # needs: build-test
    name: Buid and push Docker image to GitHub Container registry
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read

    steps:
    - name: Checkout the repository
      uses: actions/checkout@v2

    - name: Login to GitHub Container registry
      uses: docker/login-action@v1
      env:
        USERNAME: ${{ github.actor }}
        PASSWORD: ${{ secrets.GITHUB_TOKEN }}
      with:
        registry: ${{ env.REGISTRY }}
        username: ${{ env.USERNAME }}
        password: ${{ env.PASSWORD }}

    - name: Get lowercase repository name
      run: |
        echo "IMAGE=${REPOSITORY,,}">>${GITHUB_ENV}
      env:
        REPOSITORY: ${{ env.REGISTRY }}/${{ github.repository }}

    - name: Build and export the image to Docker
      uses: docker/build-push-action@v2
      with:
        context: .
        file: ./docker/Dockerfile
        target: final
        push: true
        tags: |
          ${{ env.IMAGE }}:${{ secrets.MAJOR }}.${{ secrets.MINOR }}
        build-args: |
          ENVIRONMENT=production

    - name: Update Patch version
      uses: hmanzur/actions-set-secret@v2.0.0
      with:
        name: 'MINOR'
        value: $((${{ secrets.MINOR }} + 1))
        repository: ${{ github.repository }}
        token: ${{ secrets.GH_PAT }}

Unfortunately this does not work.

The initial value of the MINOR secret is 0. If the build-push job is executed very first time, the docker image is perfectly pushed to the GHCR with the ghcr.io/my-org/my-repo:0.0 syntax. The purpose of the build-push job is then increment the MINOR secret by 1.

If the action job build-push is executed again after new event, I get error while trying to build docker image using the incremented tag.

/usr/bin/docker buildx build --build-arg ENVIRONMENT=production --tag ghcr.io/my-org/my-repo:***.*** --target final --iidfile /tmp/docker-build-push-HgjJR7/iidfile --metadata-file /tmp/docker-build-push-HgjJR7/metadata-file --file ./docker/Dockerfile --push .
error: invalid tag "ghcr.io/my-org/my-repo:***.***": invalid reference format
Error: buildx failed with: error: invalid tag "ghcr.io/my-org/my-repo:***.***": invalid reference format
jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Mikolaj
  • 1,231
  • 1
  • 16
  • 34
  • Did you set the MAJOR value in your secrets? This assumes you don't want to use a more traditional solution like using the git tag to specify the container image tag. – BMitch Jan 31 '22 at 13:16
  • Yes, the `MAJOR` secret is set to `0`. Thanks for the `git tag` suggestion. I need to checkout that `git tag` can be incremented automatically in CI process. – Mikolaj Jan 31 '22 at 14:00
  • What are the current values of major and minor in your secrets? I've only ever manually incremented git tags, releases are a process that go through review, similar to reviewing whether each PR will be merged. But with the incremented tag, you can use that as the source of truth for tags on everything else GHA creates. – BMitch Jan 31 '22 at 15:27

1 Answers1

1

You need to increment the version in a bash command like this:

      - name: Autoincrement a new patch version
        run: |
          echo "NEW_PATCH_VERSION=$((${{ env.PATCH_VERSION }}+1))" >> $GITHUB_ENV
      - name: Update patch version
        uses: hmanzur/actions-set-secret@v2.0.0
        with:
          name: 'PATCH_VERSION'
          value: ${{ env.NEW_PATCH_VERSION }}
          repository: ${{ github.repository }}
          token: ${{ secrets.REPO_ACCESS_TOKEN }}
Neil
  • 775
  • 1
  • 5
  • 19