{"id":20542427,"url":"https://github.com/mp-es/build-push-action","last_synced_at":"2026-05-07T05:39:27.696Z","repository":{"id":45432301,"uuid":"372590516","full_name":"MP-ES/build-push-action","owner":"MP-ES","description":"Composite action to build and push docker image into docker registry in the expected format of on-premises k8s-deploy.","archived":false,"fork":false,"pushed_at":"2024-05-08T21:17:45.000Z","size":11,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-27T01:21:44.446Z","etag":null,"topics":["continuous-delivery","docker","docker-image","github-actions","hacktoberfest"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MP-ES.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-31T18:01:44.000Z","updated_at":"2024-05-08T21:15:10.000Z","dependencies_parsed_at":"2024-05-08T22:28:47.102Z","dependency_job_id":"ab0af8f0-6e01-4735-86c3-f45318427177","html_url":"https://github.com/MP-ES/build-push-action","commit_stats":{"total_commits":5,"total_committers":2,"mean_commits":2.5,"dds":"0.19999999999999996","last_synced_commit":"f6333e882db5cedb174f733abf590e51c0a0c412"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/MP-ES/build-push-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MP-ES%2Fbuild-push-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MP-ES%2Fbuild-push-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MP-ES%2Fbuild-push-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MP-ES%2Fbuild-push-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MP-ES","download_url":"https://codeload.github.com/MP-ES/build-push-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MP-ES%2Fbuild-push-action/sbom","scorecard":{"id":87885,"data":{"date":"2025-08-11","repo":{"name":"github.com/MP-ES/build-push-action","commit":"c5077ae1336b5c85eb3c552825bd169afc6ea71e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":2,"reason":"Found 2/7 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/integration.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/MP-ES/build-push-action/integration.yml/main?enable=pin","Info: 0 out of 1 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T07:18:48.309Z","repository_id":45432301,"created_at":"2025-08-15T07:18:48.309Z","updated_at":"2025-08-15T07:18:48.309Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278678108,"owners_count":26027049,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-06T02:00:05.630Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["continuous-delivery","docker","docker-image","github-actions","hacktoberfest"],"created_at":"2024-11-16T01:32:07.117Z","updated_at":"2025-10-06T20:48:41.676Z","avatar_url":"https://github.com/MP-ES.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# build-push-action\n\nComposite action to build and push docker image into docker registry in the expected format of [on-premises k8s-deploy](https://github.com/MP-ES/k8s-deploy).\n\n[![License](https://img.shields.io/github/license/MP-ES/build-push-action.svg)](LICENSE)\n[![Integration](https://github.com/MP-ES/build-push-action/workflows/Integration/badge.svg)](https://github.com/MP-ES/build-push-action/actions?query=workflow%3AIntegration)\n\n## Usage\n\n```yaml\n- name: Build and push docker image\n uses: MP-ES/build-push-action@v1\n with:\n # Server address of Docker registry. If not set then will default to Docker Hub\n # DEFAULT: hub.docker.com\n registry: registry.domain.com\n\n # Username used to log against the Docker registry\n username: ${{ secrets.USERNAME }}\n \n # Password or personal access token used to log against the Docker registry\n password: ${{ secrets.PASSWORD }}\n\n # List of build-time variables\n build-args: |\n arg1=value1\n arg2=value2\n\n # Relative path under $GITHUB_WORKSPACE to place the repository checkout code\n checkout-path: \".\"\n\n # Build's context is the set of files located in the specified PATH or URL\n context: \".\"\n\n # Path to the Dockerfile\n file: \"Dockerfile\"\n\n # The name of docker image, generally the same as the project name\n image: \"service name\"\n\n # Control if the image have to be pushed to the registry\n # DEFAULT: true\n push: \"true\"\n```\n\n### Simplified use\n\nIf you have a Dockerfile in the root path with no build args and want to build and push the docker image to a private registry you can write something such as:\n\n```yaml\n- name: Build and push docker image\n uses: MP-ES/build-push-action@v1\n with:\n registry: ${{ secrets.REGISTRY_URL }}\n username: ${{ secrets.REGISTRY_USERNAME }}\n password: ${{ secrets.REGISTRY_PASSWORD }}\n image: \"service name\"\n```\n\n## Outputs\n\nFollowing outputs are available:\n\n| Name | Type | Description |\n| ---------- | ------ | --------------------------------------------------------- |\n| `tag` | String | Tag assigned to docker image |\n| `digest` | String | Image content-addressable identifier also called a digest |\n| `metadata` | JSON | Build result metadata |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmp-es%2Fbuild-push-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmp-es%2Fbuild-push-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmp-es%2Fbuild-push-action/lists"}