Add info about retagging images for publishing to other registries (#751)

* Add info about retagging images for publishing to other registries

Co-authored-by: Trong Huu Nguyen <[email protected]>
Co-authored-by: Christer Edvartsen <[email protected]>

Author: 3 people

docs/build/how-to/build-and-deploy.md

@@ -2,9 +2,9 @@
 tags: [build, deploy, how-to]
 ---
 
-# Build and deploy with Github Actions
+# Build and deploy with GitHub Actions
 
-This how-to guide shows you how to build and deploy your application using [Github Actions](https://help.github.com/en/actions/automating-your-workflow-with-github-actions) and the Nais deploy action.
+This how-to guide shows you how to build and deploy your application using [GitHub Actions](https://help.github.com/en/actions/automating-your-workflow-with-github-actions) and the Nais deploy action.
 
 ## Prerequisites
 
@@ -61,10 +61,10 @@ It then deploys the [app.yaml](../../workloads/application/reference/application
 
 When this file is pushed to the `main` branch, the workflow will be triggered and you are all set.
 
-!!! info "Google Artifact Registry (GAR)"
+!!! info "Registry used by Nais"
 
-    The [nais/docker-build-push GitHub action](https://github.com/nais/docker-build-push) builds and pushes images to the _Google Artifact Registry_ (GAR).
+    The [nais/docker-build-push GitHub action](https://github.com/nais/docker-build-push) as well as the
+    [nais/login GitHub action](https://github.com/nais/login) work with a registry that is only meant for use within the Nais platform.
 
-    This is a registry managed by Nais and is the recommended way to store your container images for use in workloads on Nais.
-
-    We keep images that are deployed, as well as the last 10 versions for each image regardless of age. Versions older than 90 days are automatically deleted.
+    Usage of this registry for other purposes is not supported.
+    If you need to use the image outside of Nais, e.g. locally in a development environment, you should [push the image to another registry](./use-image-outside-nais.md).

docs/build/how-to/use-image-outside-nais.md

@@ -0,0 +1,59 @@
+---
+tags: [how-to, build, image]
+---
+
+# Using the image outside of Nais
+
+When using the [nais/docker-build-push](https://github.com/nais/docker-build-push) action, the image is pushed to a registry that is meant for use within the Nais platform.
+If you need to use the image outside of Nais, e.g. locally in a development environment, you should push the image to another registry.
+
+## Push to GitHub Container Registry
+
+After the image is built by `nais/docker-build-push`, you can push it to the GitHub Container Registry (GHCR) by adding the following step to your workflow:
+
+- `packages: write` permission is required to push images to the GHCR.
+- Step to retag the image after it has been built.
+
+```yaml hl_lines="13 21-26"
+name: Build and deploy
+on:
+  push:
+    branches:
+      - main
+jobs:
+  build_and_deploy:
+    name: Build, push and deploy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build and push image and SBOM to OCI registry
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
+        with:
+          team: <MY-TEAM> # Replace
+      - name: Push image to ghcr.io
+        run: |
+          # Log in to the GitHub Container Registry
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          # Tag the image, e.g. ghcr.io/owner/repo:latest
+          docker buildx imagetools create -t ghcr.io/${{ github.repository }}:latest ${{ steps.docker-build-push.outputs.image }}
+      - name: Deploy to Nais
+        uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: <MY-CLUSTER> # Replace (1)
+          RESOURCE: .nais/app.yaml #, topic.yaml, statefulset.yaml, etc.
+          VAR: image=${{ steps.docker-build-push.outputs.image }}
+          TELEMETRY: ${{ steps.docker-build-push.outputs.telemetry }}
+```
+
+## Even more control
+
+If you need more control of how the image is built, e.g. supporting more platforms etc, you can use the [nais/login action](https://github.com/nais/login) to log in to the registry
+provided by Nais, and build the image using e.g. [docker/build-push-action](https://github.com/docker/build-push-action).
+You can also use the [nais/attest-sign](https://github.com/nais/attest-sign) action to sign the image before pushing it to the registry.
+
+See the [nais/docker-build-push action file](https://github.com/nais/docker-build-push/blob/main/action.yml) for a complete example.