diff --git a/docs/build/how-to/build-and-deploy.md b/docs/build/how-to/build-and-deploy.md index 8bb05a0f..78fd0083 100644 --- a/docs/build/how-to/build-and-deploy.md +++ b/docs/build/how-to/build-and-deploy.md @@ -2,9 +2,9 @@ tags: [build, deploy, how-to] --- -# Build and deploy with Github Actions +# Build and deploy with GitHub Actions -This how-to guide shows you how to build and deploy your application using [Github Actions](https://help.github.com/en/actions/automating-your-workflow-with-github-actions) and the Nais deploy action. +This how-to guide shows you how to build and deploy your application using [GitHub Actions](https://help.github.com/en/actions/automating-your-workflow-with-github-actions) and the Nais deploy action. ## Prerequisites @@ -61,10 +61,10 @@ It then deploys the [app.yaml](../../workloads/application/reference/application When this file is pushed to the `main` branch, the workflow will be triggered and you are all set. -!!! info "Google Artifact Registry (GAR)" +!!! info "Registry used by Nais" - The [nais/docker-build-push GitHub action](https://github.com/nais/docker-build-push) builds and pushes images to the _Google Artifact Registry_ (GAR). + The [nais/docker-build-push GitHub action](https://github.com/nais/docker-build-push) as well as the + [nais/login GitHub action](https://github.com/nais/login) work with a registry that is only meant for use within the Nais platform. - This is a registry managed by Nais and is the recommended way to store your container images for use in workloads on Nais. - - We keep images that are deployed, as well as the last 10 versions for each image regardless of age. Versions older than 90 days are automatically deleted. + Usage of this registry for other purposes is not supported. + If you need to use the image outside of Nais, e.g. locally in a development environment, you should [push the image to another registry](./use-image-outside-nais.md). diff --git a/docs/build/how-to/use-image-outside-nais.md b/docs/build/how-to/use-image-outside-nais.md new file mode 100644 index 00000000..3a6f81a7 --- /dev/null +++ b/docs/build/how-to/use-image-outside-nais.md @@ -0,0 +1,59 @@ +--- +tags: [how-to, build, image] +--- + +# Using the image outside of Nais + +When using the [nais/docker-build-push](https://github.com/nais/docker-build-push) action, the image is pushed to a registry that is meant for use within the Nais platform. +If you need to use the image outside of Nais, e.g. locally in a development environment, you should push the image to another registry. + +## Push to GitHub Container Registry + +After the image is built by `nais/docker-build-push`, you can push it to the GitHub Container Registry (GHCR) by adding the following step to your workflow: + +- `packages: write` permission is required to push images to the GHCR. +- Step to retag the image after it has been built. + +```yaml hl_lines="13 21-26" +name: Build and deploy +on: + push: + branches: + - main +jobs: + build_and_deploy: + name: Build, push and deploy + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write + steps: + - uses: actions/checkout@v4 + - name: Build and push image and SBOM to OCI registry + uses: nais/docker-build-push@v0 + id: docker-build-push + with: + team: # Replace + - name: Push image to ghcr.io + run: | + # Log in to the GitHub Container Registry + echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + # Tag the image, e.g. ghcr.io/owner/repo:latest + docker buildx imagetools create -t ghcr.io/${{ github.repository }}:latest ${{ steps.docker-build-push.outputs.image }} + - name: Deploy to Nais + uses: nais/deploy/actions/deploy@v2 + env: + CLUSTER: # Replace (1) + RESOURCE: .nais/app.yaml #, topic.yaml, statefulset.yaml, etc. + VAR: image=${{ steps.docker-build-push.outputs.image }} + TELEMETRY: ${{ steps.docker-build-push.outputs.telemetry }} +``` + +## Even more control + +If you need more control of how the image is built, e.g. supporting more platforms etc, you can use the [nais/login action](https://github.com/nais/login) to log in to the registry +provided by Nais, and build the image using e.g. [docker/build-push-action](https://github.com/docker/build-push-action). +You can also use the [nais/attest-sign](https://github.com/nais/attest-sign) action to sign the image before pushing it to the registry. + +See the [nais/docker-build-push action file](https://github.com/nais/docker-build-push/blob/main/action.yml) for a complete example.