diff --git a/content/manuals/build/checks.md b/content/manuals/build/checks.md index 201b9ce956f..84df51a0b4c 100644 --- a/content/manuals/build/checks.md +++ b/content/manuals/build/checks.md @@ -278,3 +278,10 @@ experimental checks, the experimental checks will still run: # syntax=docker/dockerfile:1 # check=skip=all;experimental=all ``` + +## Further reading + +For more information about using build checks, see: + +- [Build checks reference](/reference/build-checks/) +- [Validating build configuration with GitHub Actions](/manuals/build/ci/github-actions/checks.md) diff --git a/content/manuals/build/ci/github-actions/checks.md b/content/manuals/build/ci/github-actions/checks.md new file mode 100644 index 00000000000..038eee838a5 --- /dev/null +++ b/content/manuals/build/ci/github-actions/checks.md @@ -0,0 +1,103 @@ +--- +title: Validating build configuration with GitHub Actions +linkTitle: Build checks +description: Discover how to validate your build configuration and identify best practice violations using build checks in GitHub Actions. +keywords: github actions, gha, build, checks +--- + +[Build checks](/manuals/build/checks.md) let you validate your `docker build` +configuration without actually running the build. + +## Run checks with `docker/build-push-action` + +To run build checks in a GitHub Actions workflow with the `build-push-action`, +set the `call` input parameter to `check`. With this set, the workflow fails if +any check warnings are detected for your build's configuration. + +```yaml +name: ci + +on: + push: + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Validate build configuration + uses: docker/build-push-action@v6 + with: + call: check + + - name: Build and push + uses: docker/build-push-action@v6 + with: + push: true + tags: user/app:latest +``` + +## Run checks with `docker/bake-action` + +If you're using Bake and `docker/bake-action` to run your builds, you don't +need to specify any special inputs in your GitHub Actions workflow +configuration. Instead, define a Bake target that calls the `check` method, +and invoke that target in your CI. + +```hcl +target "build" { + dockerfile = "Dockerfile" + args = { + FOO = "bar" + } +} +target "validate-build" { + inherits = ["build"] + call = "check" +} +``` + +```yaml +name: ci + +on: + push: + +env: + IMAGE_NAME: user/app + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Validate build configuration + uses: docker/bake-action@v5 + with: + targets: validate-build + + - name: Build + uses: docker/bake-action@v5 + with: + targets: build + push: true +```