【GitHub Actions】GitHub Package Registry를 이용하여 동일한 Docker 이미지를 job으로 공유
아직 GA가 되어 있지 않기 때문에 사용하지 않는 분도 있을지도 모릅니다만, 다음주의 11/13(수)에 GA가 되기 때문에 지금 중에 시험으로 사용해 보는 것을 추천합니다.
그렇다면 우리는 GitHub Actions로 빌드 한 Docker 이미지를 후속 작업에서 사용하고 싶을 때 어떻게합니까?
원래 공용 리포지토리라면 Docker Hub로 푸시 할 수 있지만 개인 리포지토리에서는 그렇게 할 수 없습니다. 프라이빗 레지스트리를 가지고 있으면 모두 해결합니다만, 스스로 세우거나, 과금하지 않으면 안되기 때문에 조금 힘듭니다.
그건 그렇고, 나는 이전에 썼다.
이것은 같은 이미지가 아니기 때문에 좋지 않습니다. 모처럼 Trivy와 Dockle을 사용하여 스캔하는 동안 ...
그래서 이번에는 GitHub Package Registry를 이용하여 GitHub Actions의 workflow에서 한 번 빌드 한 Docker 이미지를 사용하는 방법을 설명하고 싶습니다. workflow는 이전에 작성한 기사을 사용합니다.
GitHub Package Registry란?
GitHub Package Registry는 소프트웨어 패키지의 호스팅 서비스입니다. Docker Hub나 PyPI등을 이미지 받을 수 있으면 알기 쉽다고 생각합니다.
다음은 기사의 시작 부분에 대한 설명입니다.
GitHub Package Registry is a software package hosting service, similar to npmjs.org, rubygems.org, or hub.docker.com, that allows you to host your packages and code in one place. You can host software packages privately or publicly and use them as dependencies in your projects.
GitHub Package Registry 사용 방법
설정
공식 문서 링크로 날아가서 버튼을 두 번 정도 클릭하면 바로 사용할 수 있습니다. 매우 간단하다 
여기
Docker 이미지 푸시
GitHub의 Docker Registry로 푸시하는 방법은 매우 간단합니다. 다른 개인 레지스트리 및 타사 레지스트리에 푸시하는 방법과 기본적으로 동일합니다.
그러나 GitHub에 로그인할 때 2단계 인증을 사용하도록 설정한 경우 레지스트리에 로그인할 때 액세스 토큰이 필요합니다. 
참조하여 토큰을 얻으십시오.
# DockerのRegistryにログイン
docker login docker.pkg.github.com -u owner -p password
# DockerfileはCWDにあるとする
docker build -t docker.pkg.github.com/owner/repository_name/sample .
# GitHub Package Registryへプッシュ
docker push docker.pkg.github.com/owner/repository_name/sample
이미지명은 나중에 변경 가능하므로 다음과 같이 해도 OK입니다.
docker build -t sample .
docker tag sample docker.pkg.github.com/owner/repository_name/sample
Docker 이미지 끌어오기
# DockerのRegistryにログイン
docker login docker.pkg.github.com -u owner -p password
docker pull docker.pkg.github.com/owner/repository_name/sample
특히 어려운 부분도 없으므로 GitHub Actions에서 해보자 
GitHub Actions
GitHub Actions에서 GitHub Package Registry를 사용하는 Tips는 docker login 암호로 환경변경GITHUB_TOKEN을 지정하는 것입니다. GitHub Actions가 자동으로 생성되기 때문에 일부러 버튼을 깜박이고 토큰을 생성하고 관리할 필요가 없습니다.
처리 흐름
+-----------------+
| ① |
| build |
| Dockerイメージを |
/| ビルドしてプッシュ |\
/ | | \
/ +-----------------+ \
/ \
+-----------------+ +-----------------+
| ② | | ②' |
| Trivy | | Dockle |
| | | |
+-----------------+ +-----------------+
\ /
\ /
\ /
\ /
+-----------------+
| ③ |
| Push to ECR |
| |
+-----------------+
워크플로우 예
name: Push Docker image to ECR
# リモートブランチにプッシュされたらWorkflowが起動
on: push
env:
# BuildKitを有効化
DOCKER_BUILDKIT: 1
IMAGE_NAME: sample
IMAGE_TAG: test
jobs:
build:
name: Build image
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@master
- name: Login GitHub Registry
# 自動生成されるGITHUB_TOKENを使用する
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Build image
# `github.repository`で`owner/repository_name`が取得できる
run: docker build -t docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG} --file Dockerfile .
- name: Push image to GitHub Registry
run: docker push docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':docker: *Build image*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
trivy:
name: Trivy Scan Vulnerability
runs-on: ubuntu-18.04
needs: build
steps:
- uses: actions/checkout@master
- name: Login GitHub Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Pull image from GitHub Registry
run: docker pull docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Install trivy
run: |
sudo apt-get install --no-install-recommends apt-transport-https gnupg
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -cs) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install --no-install-recommends trivy
- name: Vulnerability Scan with Trivy
run: |
trivy -q --severity HIGH,CRITICAL \
--exit-code 1 docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':trivy: *Trivy*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
dockle:
name: Dockle
runs-on: ubuntu-18.04
needs: build
steps:
- uses: actions/checkout@master
- name: Login GitHub Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Pull image from GitHub Registry
run: docker pull docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Install dockle
run: |
VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \
grep '"tag_name":' | \
sed -E 's/.*"v([^"]+)".*/\1/' \
)
curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb
sudo dpkg -i dockle.deb
rm dockle.deb
- name: Check image with dockle
run: dockle docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':docker: *Dockle*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
push:
name: Push Docker Image to ECR
runs-on: ubuntu-18.04
needs: [trivy, dockle]
steps:
- uses: actions/checkout@master
- uses: actions/setup-go@master
with:
go-version: '1.13'
- name: Install ecs-cli
run: go get github.com/aws/amazon-ecs-cli/ecs-cli
- name: Login GitHub Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Pull image from GitHub Registry
run: |
docker pull docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
# Change docker image name
docker tag docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_NAME}:${IMAGE_TAG}
- name: Push image to ECR
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ap-northeast-1
# GOPATH bug [reference](https://github.com/actions/setup-go/issues/14)
run: $(go env GOPATH)/bin/ecs-cli push ${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':rocket: *Push to ECR*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
이제 한 번의 Docker 이미지 빌드로 후속 Job에서도 이미지를 사용하게 되었습니다 
Reference
설정
공식 문서 링크로 날아가서 버튼을 두 번 정도 클릭하면 바로 사용할 수 있습니다. 매우 간단하다
여기
Docker 이미지 푸시
GitHub의 Docker Registry로 푸시하는 방법은 매우 간단합니다. 다른 개인 레지스트리 및 타사 레지스트리에 푸시하는 방법과 기본적으로 동일합니다.
그러나 GitHub에 로그인할 때 2단계 인증을 사용하도록 설정한 경우 레지스트리에 로그인할 때 액세스 토큰이 필요합니다.
참조하여 토큰을 얻으십시오.# DockerのRegistryにログイン
docker login docker.pkg.github.com -u owner -p password
# DockerfileはCWDにあるとする
docker build -t docker.pkg.github.com/owner/repository_name/sample .
# GitHub Package Registryへプッシュ
docker push docker.pkg.github.com/owner/repository_name/sample
이미지명은 나중에 변경 가능하므로 다음과 같이 해도 OK입니다.
docker build -t sample .
docker tag sample docker.pkg.github.com/owner/repository_name/sample
Docker 이미지 끌어오기
# DockerのRegistryにログイン
docker login docker.pkg.github.com -u owner -p password
docker pull docker.pkg.github.com/owner/repository_name/sample
특히 어려운 부분도 없으므로 GitHub Actions에서 해보자
GitHub Actions
GitHub Actions에서 GitHub Package Registry를 사용하는 Tips는 docker login 암호로 환경변경GITHUB_TOKEN을 지정하는 것입니다. GitHub Actions가 자동으로 생성되기 때문에 일부러 버튼을 깜박이고 토큰을 생성하고 관리할 필요가 없습니다.
처리 흐름
+-----------------+
| ① |
| build |
| Dockerイメージを |
/| ビルドしてプッシュ |\
/ | | \
/ +-----------------+ \
/ \
+-----------------+ +-----------------+
| ② | | ②' |
| Trivy | | Dockle |
| | | |
+-----------------+ +-----------------+
\ /
\ /
\ /
\ /
+-----------------+
| ③ |
| Push to ECR |
| |
+-----------------+
워크플로우 예
name: Push Docker image to ECR
# リモートブランチにプッシュされたらWorkflowが起動
on: push
env:
# BuildKitを有効化
DOCKER_BUILDKIT: 1
IMAGE_NAME: sample
IMAGE_TAG: test
jobs:
build:
name: Build image
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@master
- name: Login GitHub Registry
# 自動生成されるGITHUB_TOKENを使用する
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Build image
# `github.repository`で`owner/repository_name`が取得できる
run: docker build -t docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG} --file Dockerfile .
- name: Push image to GitHub Registry
run: docker push docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':docker: *Build image*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
trivy:
name: Trivy Scan Vulnerability
runs-on: ubuntu-18.04
needs: build
steps:
- uses: actions/checkout@master
- name: Login GitHub Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Pull image from GitHub Registry
run: docker pull docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Install trivy
run: |
sudo apt-get install --no-install-recommends apt-transport-https gnupg
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -cs) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install --no-install-recommends trivy
- name: Vulnerability Scan with Trivy
run: |
trivy -q --severity HIGH,CRITICAL \
--exit-code 1 docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':trivy: *Trivy*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
dockle:
name: Dockle
runs-on: ubuntu-18.04
needs: build
steps:
- uses: actions/checkout@master
- name: Login GitHub Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Pull image from GitHub Registry
run: docker pull docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Install dockle
run: |
VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \
grep '"tag_name":' | \
sed -E 's/.*"v([^"]+)".*/\1/' \
)
curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb
sudo dpkg -i dockle.deb
rm dockle.deb
- name: Check image with dockle
run: dockle docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':docker: *Dockle*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
push:
name: Push Docker Image to ECR
runs-on: ubuntu-18.04
needs: [trivy, dockle]
steps:
- uses: actions/checkout@master
- uses: actions/setup-go@master
with:
go-version: '1.13'
- name: Install ecs-cli
run: go get github.com/aws/amazon-ecs-cli/ecs-cli
- name: Login GitHub Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Pull image from GitHub Registry
run: |
docker pull docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
# Change docker image name
docker tag docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_NAME}:${IMAGE_TAG}
- name: Push image to ECR
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ap-northeast-1
# GOPATH bug [reference](https://github.com/actions/setup-go/issues/14)
run: $(go env GOPATH)/bin/ecs-cli push ${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':rocket: *Push to ECR*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
이제 한 번의 Docker 이미지 빌드로 후속 Job에서도 이미지를 사용하게 되었습니다
Reference
+-----------------+
| ① |
| build |
| Dockerイメージを |
/| ビルドしてプッシュ |\
/ | | \
/ +-----------------+ \
/ \
+-----------------+ +-----------------+
| ② | | ②' |
| Trivy | | Dockle |
| | | |
+-----------------+ +-----------------+
\ /
\ /
\ /
\ /
+-----------------+
| ③ |
| Push to ECR |
| |
+-----------------+
name: Push Docker image to ECR
# リモートブランチにプッシュされたらWorkflowが起動
on: push
env:
# BuildKitを有効化
DOCKER_BUILDKIT: 1
IMAGE_NAME: sample
IMAGE_TAG: test
jobs:
build:
name: Build image
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@master
- name: Login GitHub Registry
# 自動生成されるGITHUB_TOKENを使用する
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Build image
# `github.repository`で`owner/repository_name`が取得できる
run: docker build -t docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG} --file Dockerfile .
- name: Push image to GitHub Registry
run: docker push docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':docker: *Build image*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
trivy:
name: Trivy Scan Vulnerability
runs-on: ubuntu-18.04
needs: build
steps:
- uses: actions/checkout@master
- name: Login GitHub Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Pull image from GitHub Registry
run: docker pull docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Install trivy
run: |
sudo apt-get install --no-install-recommends apt-transport-https gnupg
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -cs) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install --no-install-recommends trivy
- name: Vulnerability Scan with Trivy
run: |
trivy -q --severity HIGH,CRITICAL \
--exit-code 1 docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':trivy: *Trivy*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
dockle:
name: Dockle
runs-on: ubuntu-18.04
needs: build
steps:
- uses: actions/checkout@master
- name: Login GitHub Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Pull image from GitHub Registry
run: docker pull docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Install dockle
run: |
VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \
grep '"tag_name":' | \
sed -E 's/.*"v([^"]+)".*/\1/' \
)
curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb
sudo dpkg -i dockle.deb
rm dockle.deb
- name: Check image with dockle
run: dockle docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':docker: *Dockle*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
push:
name: Push Docker Image to ECR
runs-on: ubuntu-18.04
needs: [trivy, dockle]
steps:
- uses: actions/checkout@master
- uses: actions/setup-go@master
with:
go-version: '1.13'
- name: Install ecs-cli
run: go get github.com/aws/amazon-ecs-cli/ecs-cli
- name: Login GitHub Registry
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u owner --password-stdin
- name: Pull image from GitHub Registry
run: |
docker pull docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG}
# Change docker image name
docker tag docker.pkg.github.com/${{ github.repository }}/${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_NAME}:${IMAGE_TAG}
- name: Push image to ECR
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ap-northeast-1
# GOPATH bug [reference](https://github.com/actions/setup-go/issues/14)
run: $(go env GOPATH)/bin/ecs-cli push ${IMAGE_NAME}:${IMAGE_TAG}
- name: Notify Result to Slack
uses: homoluctus/slatify@master
if: always()
with:
type: ${{ job.status }}
job_name: ':rocket: *Push to ECR*'
channel: '#general'
url: ${{ secrets.SLACK_WEBHOOK }}
Reference
이 문제에 관하여(【GitHub Actions】GitHub Package Registry를 이용하여 동일한 Docker 이미지를 job으로 공유), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/homines22/items/6d28461d97906e42f57c텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
좋은 웹페이지 즐겨찾기
