{"id":13479030,"url":"https://github.com/docker/build-push-action","last_synced_at":"2026-02-11T17:16:13.104Z","repository":{"id":37482918,"uuid":"241092383","full_name":"docker/build-push-action","owner":"docker","description":"GitHub Action to build and push Docker images with Buildx","archived":false,"fork":false,"pushed_at":"2025-09-02T15:04:14.000Z","size":46428,"stargazers_count":4911,"open_issues_count":48,"forks_count":644,"subscribers_count":40,"default_branch":"master","last_synced_at":"2025-09-03T11:35:13.514Z","etag":null,"topics":["buildx","docker","dockerhub","github-actions","github-actions-docker"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/build-and-push-docker-images","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/docker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-02-17T11:35:27.000Z","updated_at":"2025-09-03T11:00:52.000Z","dependencies_parsed_at":"2023-11-15T22:32:39.077Z","dependency_job_id":"5b6464c6-83a9-4333-9b20-db22115d0e33","html_url":"https://github.com/docker/build-push-action","commit_stats":{"total_commits":645,"total_committers":38,"mean_commits":"16.973684210526315","dds":"0.27596899224806204","last_synced_commit":"7e094594beda23fc8f21fa31049f4b203e51096b"},"previous_names":[],"tags_count":66,"template":false,"template_full_name":null,"purl":"pkg:github/docker/build-push-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fbuild-push-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fbuild-push-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fbuild-push-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fbuild-push-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/docker","download_url":"https://codeload.github.com/docker/build-push-action/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fbuild-push-action/sbom","scorecard":{"id":349195,"data":{"date":"2025-08-11","repo":{"name":"github.com/docker/build-push-action","commit":"55146d969b0dff1a5c12630229609757af5b1081"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.5,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":8,"reason":"Found 7/8 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"6 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-assign-author.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish.yml:12","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/publish.yml:14","Warn: no topLevel permission defined: .github/workflows/.e2e-run.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/e2e.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-assign-author.yml:4","Warn: no topLevel permission defined: .github/workflows/publish.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Warn: no topLevel permission defined: .github/workflows/validate.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: 'stale review dismissal' is disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Warn: codeowners review is required - but no codeowners file found in repo","Warn: 'last push approval' is disabled on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yml:764"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.e2e-run.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/.e2e-run.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/.e2e-run.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/.e2e-run.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/.e2e-run.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/.e2e-run.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/.e2e-run.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/.e2e-run.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/.e2e-run.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/.e2e-run.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:399: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:543: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:546: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1218: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1222: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1235: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1353: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1358: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:451: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1150: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1158: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1187: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1190: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:795: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:798: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:914: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:917: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:920: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:955: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:958: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:961: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:970: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1036: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1039: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1376: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1381: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1449: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1454: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:470: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:473: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:622: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:625: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:726: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:729: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:733: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1399: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1404: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1528: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1531: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:379: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:579: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:582: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:865: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:868: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:871: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1058: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1061: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1268: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1271: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1274: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1580: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1585: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:495: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:498: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:518: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:521: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:674: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:677: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1123: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1317: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1320: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1323: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:341: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:424: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:427: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1007: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1018: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1092: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1095: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1420: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1425: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1478: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1483: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1508: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1511: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1550: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:1553: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:301: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:357: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/validate.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/validate.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/build-push-action/validate.yml/master?enable=pin","Warn: containerImage not pinned by hash: dev.Dockerfile:5","Warn: containerImage not pinned by hash: dev.Dockerfile:15","Warn: containerImage not pinned by hash: dev.Dockerfile:24","Warn: containerImage not pinned by hash: dev.Dockerfile:36","Warn: containerImage not pinned by hash: dev.Dockerfile:45","Warn: containerImage not pinned by hash: dev.Dockerfile:57","Warn: containerImage not pinned by hash: dev.Dockerfile:67","Warn: containerImage not pinned by hash: dev.Dockerfile:73","Warn: containerImage not pinned by hash: test/Dockerfile:2: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: test/addhost.Dockerfile:2: pin your Docker image by updating busybox to busybox@sha256:f9a104fddb33220ec80fc45a4e606c74aadf1ef7a3832eb0b05be9e90cd61f5f","Warn: containerImage not pinned by hash: test/cgroup.Dockerfile:2: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: test/go/Dockerfile:3","Warn: containerImage not pinned by hash: test/go/Dockerfile:8","Warn: containerImage not pinned by hash: test/go/Dockerfile:16","Warn: containerImage not pinned by hash: test/multi-sudo.Dockerfile:3","Warn: containerImage not pinned by hash: test/multi-sudo.Dockerfile:19: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: test/multi.Dockerfile:2","Warn: containerImage not pinned by hash: test/multi.Dockerfile:8: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: test/named-context-base.Dockerfile:3: pin your Docker image by updating debian to debian@sha256:6d87375016340817ac2391e670971725a9981cfc24e221c47734681ed0f6c0f5","Warn: containerImage not pinned by hash: test/named-context.Dockerfile:3: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: test/nocachefilter.Dockerfile:2","Warn: containerImage not pinned by hash: test/nocachefilter.Dockerfile:5","Warn: containerImage not pinned by hash: test/nocachefilter.Dockerfile:9","Warn: containerImage not pinned by hash: test/proxy.Dockerfile:2: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: test/secret.Dockerfile:2: pin your Docker image by updating busybox to busybox@sha256:f9a104fddb33220ec80fc45a4e606c74aadf1ef7a3832eb0b05be9e90cd61f5f","Warn: containerImage not pinned by hash: test/shmsize.Dockerfile:2: pin your Docker image by updating busybox to busybox@sha256:f9a104fddb33220ec80fc45a4e606c74aadf1ef7a3832eb0b05be9e90cd61f5f","Warn: containerImage not pinned by hash: test/ulimit.Dockerfile:2: pin your Docker image by updating busybox to busybox@sha256:f9a104fddb33220ec80fc45a4e606c74aadf1ef7a3832eb0b05be9e90cd61f5f","Info:   0 out of  51 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  62 third-party GitHubAction dependencies pinned","Info:   0 out of  27 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"10 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T07:53:20.132Z","repository_id":37482918,"created_at":"2025-08-18T07:53:20.132Z","updated_at":"2025-08-18T07:53:20.132Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273607297,"owners_count":25136157,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-04T02:00:08.968Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["buildx","docker","dockerhub","github-actions","github-actions-docker"],"created_at":"2024-07-31T16:02:08.019Z","updated_at":"2026-02-11T17:16:13.097Z","avatar_url":"https://github.com/docker.png","language":"TypeScript","funding_links":[],"categories":["五、按场景分类的实用Action","TypeScript","Dockerfile","Popular GitHub Actions"],"sub_categories":["5. 部署发布"],"readme":"[![GitHub release](https://img.shields.io/github/release/docker/build-push-action.svg?style=flat-square)](https://github.com/docker/build-push-action/releases/latest)\n[![GitHub marketplace](https://img.shields.io/badge/marketplace-build--and--push--docker--images-blue?logo=github\u0026style=flat-square)](https://github.com/marketplace/actions/build-and-push-docker-images)\n[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/ci.yml?branch=master\u0026label=ci\u0026logo=github\u0026style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=ci)\n[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/test.yml?branch=master\u0026label=test\u0026logo=github\u0026style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)\n[![Codecov](https://img.shields.io/codecov/c/github/docker/build-push-action?logo=codecov\u0026style=flat-square)](https://codecov.io/gh/docker/build-push-action)\n\n## About\n\nGitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx)\nwith full support of the features provided by [Moby BuildKit](https://github.com/moby/buildkit)\nbuilder toolkit. This includes multi-platform build, secrets, remote cache, etc.\nand different builder deployment/namespacing options.\n\n![Screenshot](.github/build-push-action.png)\n\n___\n\n* [Usage](#usage)\n  * [Git context](#git-context)\n  * [Path context](#path-context)\n* [Examples](#examples)\n* [Summaries](#summaries)\n* [Customizing](#customizing)\n  * [inputs](#inputs)\n  * [outputs](#outputs)\n  * [environment variables](#environment-variables)\n* [Troubleshooting](#troubleshooting)\n* [Contributing](#contributing)\n\n## Usage\n\nIn the examples below we are also using 3 other actions:\n\n* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will\n  create and boot a builder using by default the [`docker-container` driver](https://docs.docker.com/build/building/drivers/docker-container/).\n  This is **not required but recommended** using it to be able to build\n  multi-platform images, export cache, etc.\n* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be\n  useful if you want to add emulation support with QEMU to be able to build\n  against more platforms. \n* [`login`](https://github.com/docker/login-action) action will take care to\n  log in against a Docker registry.\n\n### Git context\n\nBy default, this action uses the [Git context](https://docs.docker.com/engine/reference/commandline/build/#git-repositories),\nso you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)\naction to check out the repository as this will be done directly by [BuildKit](https://github.com/moby/buildkit).\n\nThe git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)\nand will result in the following context: `https://github.com/\u003cowner\u003e/\u003crepo\u003e.git#\u003cref\u003e`.\n\n```yaml\nname: ci\n\non:\n  push:\n\njobs:\n  docker:\n    runs-on: ubuntu-latest\n    steps:\n      -\n        name: Login to Docker Hub\n        uses: docker/login-action@v3\n        with:\n          username: ${{ vars.DOCKERHUB_USERNAME }}\n          password: ${{ secrets.DOCKERHUB_TOKEN }}\n      -\n        name: Set up QEMU\n        uses: docker/setup-qemu-action@v3\n      -\n        name: Set up Docker Buildx\n        uses: docker/setup-buildx-action@v3\n      -\n        name: Build and push\n        uses: docker/build-push-action@v6\n        with:\n          push: true\n          tags: user/app:latest\n```\n\nBe careful because **any file mutation in the steps that precede the build step\nwill be ignored, including processing of the `.dockerignore` file** since\nthe context is based on the Git reference. However, you can use the\n[Path context](#path-context) using the [`context` input](#inputs) alongside\nthe [`actions/checkout`](https://github.com/actions/checkout/) action to remove\nthis restriction.\n\nDefault Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)\nexpression `{{defaultContext}}`. Here we can use it to provide a subdirectory\nto the default Git context:\n\n```yaml\n      -\n        name: Build and push\n        uses: docker/build-push-action@v6\n        with:\n          context: \"{{defaultContext}}:mysubdir\"\n          push: true\n          tags: user/app:latest\n```\n\nBuilding from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),\nso it does not need to be passed. If you want to authenticate against another\nprivate repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets)\nnamed `GIT_AUTH_TOKEN` to be able to authenticate against it with Buildx:\n\n```yaml\n      -\n        name: Build and push\n        uses: docker/build-push-action@v6\n        with:\n          push: true\n          tags: user/app:latest\n          secrets: |\n            GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}\n```\n\n### Path context\n\n```yaml\nname: ci\n\non:\n  push:\n\njobs:\n  docker:\n    runs-on: ubuntu-latest\n    steps:\n      -\n        name: Checkout\n        uses: actions/checkout@v5\n      -\n        name: Login to Docker Hub\n        uses: docker/login-action@v3\n        with:\n          username: ${{ vars.DOCKERHUB_USERNAME }}\n          password: ${{ secrets.DOCKERHUB_TOKEN }}\n      -\n        name: Set up QEMU\n        uses: docker/setup-qemu-action@v3\n      -\n        name: Set up Docker Buildx\n        uses: docker/setup-buildx-action@v3\n      -\n        name: Build and push\n        uses: docker/build-push-action@v6\n        with:\n          context: .\n          push: true\n          tags: user/app:latest\n```\n\n## Examples\n\n* [Multi-platform image](https://docs.docker.com/build/ci/github-actions/multi-platform/)\n* [Secrets](https://docs.docker.com/build/ci/github-actions/secrets/)\n* [Push to multi-registries](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)\n* [Manage tags and labels](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)\n* [Cache management](https://docs.docker.com/build/ci/github-actions/cache/)\n* [Export to Docker](https://docs.docker.com/build/ci/github-actions/export-docker/)\n* [Test before push](https://docs.docker.com/build/ci/github-actions/test-before-push/)\n* [Validating build configuration](https://docs.docker.com/build/ci/github-actions/checks/)\n* [Local registry](https://docs.docker.com/build/ci/github-actions/local-registry/)\n* [Share built image between jobs](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)\n* [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)\n* [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)\n* [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)\n* [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/)\n* [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/)\n* [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/)\n\n## Summaries\n\nThis action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)\nthat provides a detailed overview of the build execution. The summary shows an\noverview of all the steps executed during the build, including the build inputs\nand eventual errors.\n\n![build-push-action job summary](./.github/build-push-summary.png)\n\nThe summary also includes a link for downloading the build record with\nadditional details about the build, including build stats, logs, outputs, and\nmore. The build record can be imported to Docker Desktop for inspecting the\nbuild in greater detail.\n\n\u003e [!WARNING]\n\u003e\n\u003e If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)\n\u003e action in your workflow, you need to ignore the build record artifacts\n\u003e if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),\n\u003e otherwise the action will fail:\n\u003e ```yaml\n\u003e - uses: actions/download-artifact@v4\n\u003e   with:\n\u003e     pattern: \"!*.dockerbuild\"\n\u003e ```\n\u003e More info: https://github.com/actions/toolkit/pull/1874\n\nSummaries are enabled by default, but can be disabled with the\n`DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).\n\nFor more information about summaries, refer to the\n[documentation](https://docs.docker.com/go/build-summary/).\n\n## Customizing\n\n### inputs\n\nThe following inputs can be used as `step.with` keys:\n\n\u003e `List` type is a newline-delimited string\n\u003e ```yaml\n\u003e cache-from: |\n\u003e   user/app:cache\n\u003e   type=local,src=path/to/dir\n\u003e ```\n\n\u003e `CSV` type is a comma-delimited string\n\u003e ```yaml\n\u003e tags: name/app:latest,name/app:1.0.0\n\u003e ```\n\n| Name               | Type        | Description                                                                                                                                                                       |\n|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `add-hosts`        | List/CSV    | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`)      |\n| `allow`            | List/CSV    | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`)                         |\n| `annotations`      | List        | List of annotation to set to the image                                                                                                                                            |\n| `attests`          | List        | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`)                                                                 | \n| `builder`          | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                                       |\n| `build-args`       | List        | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg)                                                                      |\n| `build-contexts`   | List        | List of additional [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., `name=path`)                                         |\n| `cache-from`       | List        | List of [external cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from) (e.g., `type=local,src=path/to/dir`)                              |\n| `cache-to`         | List        | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`)                            |\n| `call`             | String      | Set [method for evaluating build](https://docs.docker.com/reference/cli/docker/buildx/build/#call) (e.g., `check`)                                                                |\n| `cgroup-parent`    | String      | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build              |\n| `context`          | String      | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |\n| `file`             | String      | Path to the Dockerfile. (default `{context}/Dockerfile`)                                                                                                                          |\n| `labels`           | List        | List of metadata for an image                                                                                                                                                     |\n| `load`             | Bool        | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`)                                       |\n| `network`          | String      | Set the networking mode for the `RUN` instructions during build                                                                                                                   |\n| `no-cache`         | Bool        | Do not use cache when building the image (default `false`)                                                                                                                        |\n| `no-cache-filters` | List/CSV    | Do not cache specified stages                                                                                                                                                     |\n| `outputs`          | List        | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`)                                         |\n| `platforms`        | List/CSV    | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build                                                                 |\n| `provenance`       | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`)                           |\n| `pull`             | Bool        | Always attempt to pull all referenced images (default `false`)                                                                                                                    |\n| `push`             | Bool        | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`)                                     |\n| `sbom`             | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`)                                                  |\n| `secrets`          | List        | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`)                |\n| `secret-envs`      | List/CSV    | List of [secret env vars](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=envname`, `MY_SECRET=MY_ENV_VAR`)         |\n| `secret-files`     | List        | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`)         |\n| `shm-size`         | String      | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`)                                                                    |\n| `ssh`              | List        | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build                                                 |\n| `tags`             | List/CSV    | List of tags                                                                                                                                                                      |\n| `target`           | String      | Sets the target stage to build                                                                                                                                                    |\n| `ulimit`           | List        | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`)                                                            |\n| `github-token`     | String      | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`)                                                            |\n\n### outputs\n\nThe following outputs are available:\n\n| Name       | Type    | Description           |\n|------------|---------|-----------------------|\n| `imageid`  | String  | Image ID              |\n| `digest`   | String  | Image digest          |\n| `metadata` | JSON    | Build result metadata |\n\n### environment variables\n\n| Name                                 | Type   | Default | Description                                                                                                                                                                                                                                                        |\n|--------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `DOCKER_BUILD_CHECKS_ANNOTATIONS`    | Bool   | `true`  | If `false`, GitHub annotations are not generated for [build checks](https://docs.docker.com/build/checks/)                                                                                                                                                         |\n| `DOCKER_BUILD_SUMMARY`               | Bool   | `true`  | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled                                                                                                                                                 |\n| `DOCKER_BUILD_RECORD_UPLOAD`         | Bool   | `true`  | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled                                                                                                            |\n| `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number |         | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |\n| `DOCKER_BUILD_EXPORT_LEGACY`         | Bool   | `false` | If `true`, exports build using legacy export-build tool instead of [`buildx history export` command](https://docs.docker.com/reference/cli/docker/buildx/history/export/)                                                                                          |\n\n## Troubleshooting\n\nSee [TROUBLESHOOTING.md](TROUBLESHOOTING.md)\n\n## Contributing\n\nWant to contribute? Awesome! You can find information about contributing to\nthis project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocker%2Fbuild-push-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdocker%2Fbuild-push-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocker%2Fbuild-push-action/lists"}