{"id":32597862,"url":"https://github.com/vaultvulp/gp-docker-action","last_synced_at":"2026-02-25T21:01:48.363Z","repository":{"id":45431710,"uuid":"231101533","full_name":"VaultVulp/gp-docker-action","owner":"VaultVulp","description":"GitHub Action to build and publish Docker Images to GitHub Container Registry","archived":false,"fork":false,"pushed_at":"2024-05-07T05:46:23.000Z","size":84,"stargazers_count":59,"open_issues_count":1,"forks_count":37,"subscribers_count":1,"default_branch":"develop","last_synced_at":"2025-10-30T05:48:40.434Z","etag":null,"topics":["actions","docker","docker-image","github-actions","hacktoberfest","registry"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VaultVulp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-12-31T14:21:11.000Z","updated_at":"2025-09-29T22:27:06.000Z","dependencies_parsed_at":"2024-06-18T14:02:38.905Z","dependency_job_id":null,"html_url":"https://github.com/VaultVulp/gp-docker-action","commit_stats":{"total_commits":91,"total_committers":7,"mean_commits":13.0,"dds":"0.21978021978021978","last_synced_commit":"38ebcec449f7d8e81a3e42be7fcfeb840b78e03b"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/VaultVulp/gp-docker-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VaultVulp%2Fgp-docker-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VaultVulp%2Fgp-docker-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VaultVulp%2Fgp-docker-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VaultVulp%2Fgp-docker-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VaultVulp","download_url":"https://codeload.github.com/VaultVulp/gp-docker-action/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VaultVulp%2Fgp-docker-action/sbom","scorecard":{"id":147419,"data":{"date":"2025-08-11","repo":{"name":"github.com/VaultVulp/gp-docker-action","commit":"38ebcec449f7d8e81a3e42be7fcfeb840b78e03b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating docker:20-dind to docker:20-dind@sha256:af96c680a7e1f853ebdd50c1e0577e5df4089b033102546dd6417419564df3b5","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'develop'","Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-16T09:40:31.010Z","repository_id":45431710,"created_at":"2025-08-16T09:40:31.011Z","updated_at":"2025-08-16T09:40:31.011Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29839930,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-25T20:42:33.054Z","status":"ssl_error","status_checked_at":"2026-02-25T20:42:21.322Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","docker","docker-image","github-actions","hacktoberfest","registry"],"created_at":"2025-10-30T05:02:48.342Z","updated_at":"2026-02-25T21:01:48.348Z","avatar_url":"https://github.com/VaultVulp.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Action to build and publish Docker Images to GitHub Container registry\n\n## Usage examples:\n\n### Build and publish Docker Image with the `head` tag for the `develop` branch\n\n#### Complete workflow example\n```yaml\nname: Build and publish\n\non: \n  push:\n    branches:\n    - \"develop\" # Running this workflow only for develop branch\n\njobs:\n  build-and-publish-head:\n    runs-on: ubuntu-latest\n\n    steps:\n    - uses: actions/checkout@v2.5.0 # Checking out the repo\n\n    - name: Build and publish \"head\" Docker image\n      uses: VaultVulp/gp-docker-action@1.6.0\n      with:\n        github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages\n        image-name: my-cool-service # Provide Docker image name\n        image-tag: head # Provide Docker image tag\n```\n\n### Build and publish Docker Image with a `latest` tag for the `master` branch with different dockerfile\n\n#### Complete workflow example\n```yaml\nname: Build and publish\n\non: \n  push:\n    branches:\n    - \"master\" # Running this workflow only for master branch\n\njobs:\n  build-and-publish-latest:\n    runs-on: ubuntu-latest\n\n    steps:\n    - uses: actions/checkout@v2.5.0 # Checking out the repo\n\n    - name: Build and publish \"latest\" Docker image\n      uses: VaultVulp/gp-docker-action@1.6.0\n      with:\n        github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages\n        image-name: my-cool-service # Provide only Docker image name, tag will be automatically set to latest\n        dockerfile: Alternative.Dockerfile # Provide custom Dockerfile name\n```\n\n### Build and publish Docker Image with a tag equal to a git tag\n\n#### Complete workflow example\n```yaml\nname: Build and publish\n\non: \n  push:\n    tags:\n    - \"*\" # Running this workflow for any tag\n\njobs:\n  build-and-publish-tag:\n    runs-on: ubuntu-latest\n\n    steps:\n    - uses: actions/checkout@v2.5.0 # Checking out the repo\n    \n    - name: Build and publish Docker image tagged according to a git-tag\n      uses: VaultVulp/gp-docker-action@1.6.0\n      with:\n        github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages\n        image-name: my-cool-service # Provide only Docker image name\n        extract-git-tag: true # Provide flag to extract Docker image tag from git reference\n```\n\n### Build and publish Docker Image with a different build context\n\n#### Complete workflow example\n```yaml\nname: Build and publish\n\non: push\n\njobs:\n  build-and-publish-context:\n    runs-on: ubuntu-latest\n\n    steps:\n    - uses: actions/checkout@v2.5.0 # Checking out the repo\n    \n    - name: Build and publish Docker image from a different context\n      uses: VaultVulp/gp-docker-action@1.6.0\n      with:\n        github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages\n        image-name: my-cool-service # Provide Docker image name\n        build-context: ./dev # Provide path to the folder with a Dockerfile\n```\n\n### Pulling an image before building it\n\n#### Complete workflow example\n```yaml\nname: Build and publish\n\non: push\n\njobs:\n  pull-and-build-and-publish:\n    runs-on: ubuntu-latest\n\n    steps:\n    - uses: actions/checkout@v2.5.0 # Checking out the repo\n\n    - name: Pull, build and publish Docker image\n      uses: VaultVulp/gp-docker-action@1.6.0\n      with:\n        github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages\n        image-name: my-cool-service # Provide Docker image name\n        pull-image: true # Provide the flag to pull image\n```\n\n### Passing additional image tags\n\n**NB**, `additional-image-tags` will **not** replace `image-tag` argument - additional tags will be appended to the list. If no `image-tag` was specified, then image will be tagged with the `latest` tag.\n\n#### Examples\n\n##### `image-tag` was specified: \n```yaml\nimage-name: my-cool-service\nimage-tags: first\nadditional-image-tags: second third\n```\nAction will produce one image with three tags:\n- `my-cool-service:first`\n- `my-cool-service:second`\n- `my-cool-service:third`\n\n##### No `image-tag` was specified: \n\nIn this case action will use the default `latest` tag.\n\n```yaml\nimage-name: my-cool-service\nadditional-image-tags: second third\n```\nAction will produce one image with three tags:\n- `my-cool-service:latest`\n- `my-cool-service:second`\n- `my-cool-service:third`\n\n#### Complete workflow example\n```yaml\nname: Build and publish \n\non: push\n\njobs:\n  build-with-multiple-tags:\n    runs-on: ubuntu-latest\n\n    steps:\n    - uses: actions/checkout@v2.5.0 # Checking out the repo\n \n    - name: Build and publish Docker image with multiple tags\n      uses: VaultVulp/gp-docker-action@1.6.0\n      with:\n        github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages\n        image-name: my-cool-service # Provide Docker image name\n        image-tags: first # if ommitted will be replaced with \"latest\"\n        additional-image-tags: second third # two additional tags for an image\n```\n\n### Cross-platform builds\n\nIt's possible to leverage `custom-args` to build images for different architectures.\n\n#### Examples\n##### One architeture\n```yaml\ncustom-args: --platform=linux/arm64 # target architecture\n```\n##### Multiple architetures\n```yaml\ncustom-args: --platform=linux/arm64,linux/amd64 # multiple target architectures\n```\n\n#### Complete workflow example\n```yaml\nname: Build and publish\n\non: push\n\njobs:\n  cross-platform-builds:\n    runs-on: ubuntu-latest\n\n    steps:\n    - uses: actions/checkout@v2.5.0 # Checking out the repo\n \n    - name: Build and publish Docker image for ARM64 and AMD64 architectures at the same time\n      uses: VaultVulp/gp-docker-action@1.6.0\n      with:\n        github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages\n        image-name: my-cool-service # Provide Docker image name\n        custom-args: --platform=linux/arm64,linux/amd64 # specify target architectures via the `custom-args` agrument\n```\n\n### Passing additional arguments to the docker build command\n\n**NB**, additional arguments should be passed with the `=` sign istead of a ` `(space) between argument name and values.\n\nCorrect example: \n```yaml\ncustom-args: --build-arg=some=\"value\" \n                      # ^ this \"=\" is mandatory\n```\nIncorrect example:\n```yaml\ncustom-args: --build-arg some=\"value\" \n                      # ^ this space might break the action\n```\n\n#### Complete workflow example\n```yaml\nname: Build and publish\n\non: push\n\njobs:\n  build-with-custom-args:\n    runs-on: ubuntu-latest\n\n    steps:\n    - uses: actions/checkout@v2.5.0 # Checking out the repo\n \n    - name: Build and publish Docker image with arbitrary --build-arg(s)\n      uses: VaultVulp/gp-docker-action@1.6.0\n      with:\n        github-token: ${{ secrets.GITHUB_TOKEN }} # Provide GITHUB_TOKEN to login into the GitHub Packages\n        image-name: my-cool-service # Provide Docker image name\n        custom-args: --build-arg=some=\"value\" --build-arg=some_other=\"value\" # Pass some additional arguments to the docker build command\n```\n\n## My own repo with examples\n\n[VaultVulp/test-gp-docker-action](https://github.com/VaultVulp/test-gp-docker-action)\n\n## Security considerations\n\nYou will encounter the following log message in your GitHub Actions Pipelines:\n\n```\nWARNING! Using --password via the CLI is insecure. Use --password-stdin.\nWARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.\nLogin Succeeded\n```\n\nI would like to ensure you, that I do not store your secrets, passwords, token, or any other information.\n\nThis warning informs you about the fact, that this Action passes your GitHub token via the command line argument:\n```bash\ndocker login -u publisher -p ${DOCKER_TOKEN} ghcr.io\n```\n\nIn a non-safe environment, this could raise a security issue, but this is not the case. We are passing a temporary authorization token, which will expire once the pipeline is completed. It would also require additional code to extract this token from the environment or `docker` internals, that this Action does not have.\n\n[This](https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-a-registry-using-a-personal-access-token\n) is the detailed explanation about the `${{ secrets.GITHUB_TOKEN }}` and it's relations with the GCR.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvaultvulp%2Fgp-docker-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvaultvulp%2Fgp-docker-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvaultvulp%2Fgp-docker-action/lists"}