Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add info about retagging images for publishing to other registries #751

Merged
merged 2 commits into from
Mar 13, 2025
Merged

Add info about retagging images for publishing to other registries #751

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e8a6a76
Add info about retagging images for publishing to other registries
thokra-nav Mar 13, 2025
1dbecb0
Github -> GitHub
thokra-nav Mar 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions docs/build/how-to/build-and-deploy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
tags: [build, deploy, how-to]
---

# Build and deploy with Github Actions
# Build and deploy with GitHub Actions

This how-to guide shows you how to build and deploy your application using [Github Actions](https://help.github.com/en/actions/automating-your-workflow-with-github-actions) and the Nais deploy action.
This how-to guide shows you how to build and deploy your application using [GitHub Actions](https://help.github.com/en/actions/automating-your-workflow-with-github-actions) and the Nais deploy action.

## Prerequisites

Expand Down Expand Up @@ -61,10 +61,10 @@ It then deploys the [app.yaml](../../workloads/application/reference/application

When this file is pushed to the `main` branch, the workflow will be triggered and you are all set.

!!! info "Google Artifact Registry (GAR)"
!!! info "Registry used by Nais"

The [nais/docker-build-push GitHub action](https://github.com/nais/docker-build-push) builds and pushes images to the _Google Artifact Registry_ (GAR).
The [nais/docker-build-push GitHub action](https://github.com/nais/docker-build-push) as well as the
[nais/login GitHub action](https://github.com/nais/login) work with a registry that is only meant for use within the Nais platform.

This is a registry managed by Nais and is the recommended way to store your container images for use in workloads on Nais.

We keep images that are deployed, as well as the last 10 versions for each image regardless of age. Versions older than 90 days are automatically deleted.
Usage of this registry for other purposes is not supported.
If you need to use the image outside of Nais, e.g. locally in a development environment, you should [push the image to another registry](./use-image-outside-nais.md).
59 changes: 59 additions & 0 deletions docs/build/how-to/use-image-outside-nais.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
tags: [how-to, build, image]
---

# Using the image outside of Nais

When using the [nais/docker-build-push](https://github.com/nais/docker-build-push) action, the image is pushed to a registry that is meant for use within the Nais platform.
If you need to use the image outside of Nais, e.g. locally in a development environment, you should push the image to another registry.

## Push to GitHub Container Registry

After the image is built by `nais/docker-build-push`, you can push it to the GitHub Container Registry (GHCR) by adding the following step to your workflow:

- `packages: write` permission is required to push images to the GHCR.
- Step to retag the image after it has been built.

```yaml hl_lines="13 21-26"
name: Build and deploy
on:
push:
branches:
- main
jobs:
build_and_deploy:
name: Build, push and deploy
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
- uses: actions/checkout@v4
- name: Build and push image and SBOM to OCI registry
uses: nais/docker-build-push@v0
id: docker-build-push
with:
team: <MY-TEAM> # Replace
- name: Push image to ghcr.io
run: |
# Log in to the GitHub Container Registry
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
# Tag the image, e.g. ghcr.io/owner/repo:latest
docker buildx imagetools create -t ghcr.io/${{ github.repository }}:latest ${{ steps.docker-build-push.outputs.image }}
- name: Deploy to Nais
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: <MY-CLUSTER> # Replace (1)
RESOURCE: .nais/app.yaml #, topic.yaml, statefulset.yaml, etc.
VAR: image=${{ steps.docker-build-push.outputs.image }}
TELEMETRY: ${{ steps.docker-build-push.outputs.telemetry }}
```

## Even more control

If you need more control of how the image is built, e.g. supporting more platforms etc, you can use the [nais/login action](https://github.com/nais/login) to log in to the registry
provided by Nais, and build the image using e.g. [docker/build-push-action](https://github.com/docker/build-push-action).
You can also use the [nais/attest-sign](https://github.com/nais/attest-sign) action to sign the image before pushing it to the registry.

See the [nais/docker-build-push action file](https://github.com/nais/docker-build-push/blob/main/action.yml) for a complete example.