About GitHub Packages with GitHub Actions
GitHub Actions 帮助您在您存储代码的同一位置自动执行软件开发工作流程,并协作处理拉取请求和议题。 您可以写入个别任务,称为操作,并结合它们创建一个自定义的工作流程。 通过 GitHub Actions 可直接在仓库中构建端到端持续集成 (CI) 和持续部署 (CD) 功能。 For more information, see "About GitHub Actions."
You can extend the CI and CD capabilities of your repository by publishing or installing packages as part of your workflow.
Authenticating to GitHub Container Registry
注:GitHub Container Registry 目前处于公测阶段,可能会更改。 在测试阶段,存储和带宽是免费的。 要使用 GitHub Container Registry,您必须启用功能预览。 更多信息请参阅“关于 GitHub Container Registry”和“启用改进的容器支持”。
如果要向
GitHub Actions 工作流程中的 GitHub Container Registry 验证,则您必须使用个人访问令牌 (PAT)。 GITHUB_TOKEN 目前没有所需的权限。 在 GitHub Container Registry 测试阶段,唯一支持的身份验证形式是 PAT 。
PAT 可以授予对您的帐户的广泛访问权限。 在创建 PAT 以向 container registry 验证时,我们建议只选择必要的读取、写入或删除 package 作用域。 避免在 GitHub Actions 工作流程使用的 PAT 中包括 repo 作用域,因为它会授予不必要的额外访问权限。
如果要在测试期间的操作中使用 container registry,请遵循我们在“GitHub Actions 的安全强化”中的 PAT 使用安全最佳实践。
For an authentication example, see "Authenticating with the container registry."
Authenticating to package registries on GitHub
If you want your workflow to authenticate to GitHub Packages to access a package registry other than the container registry on GitHub, then we recommend using the GITHUB_TOKEN that GitHub automatically creates for your repository when you enable GitHub Actions instead of a personal access token for authentication. The GITHUB_TOKEN has read:packages and write:packages scopes to the current repository. For forks, the token also has the read:packages scope for the parent repository.
You can reference the GITHUB_TOKEN in your workflow file using the {{secrets.GITHUB_TOKEN}} context. For more information, see "Authenticating with the GITHUB_TOKEN."
Publishing a package using an action
You can use GitHub Actions to automatically publish packages as part of your continuous integration (CI) flow. This approach to continuous deployment (CD) allows you to automate the creation of new package versions, if the code meets your quality standards. For example, you could create a workflow that runs CI tests every time a developer pushes code to a particular branch. If the tests pass, the workflow can publish a new package version to GitHub Packages.
配置步骤因包客户端而异。 有关为 GitHub Actions 配置工作流程的一般信息,请参阅“配置工作流程”。
The following example demonstrates how you can use GitHub Actions to build and test your app, and then automatically create a Docker image and publish it to GitHub Packages:
-
Create a new workflow file in your repository (such as
.github/workflows/deploy-image.yml), and add the following YAML:name: Create and publish a package on: push: branches: ['release'] jobs: run-npm-build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: npm install and build webpack run: | npm install npm run build - uses: actions/upload-artifact@main with: name: webpack artifacts path: public/ run-npm-test: runs-on: ubuntu-latest needs: run-npm-build strategy: matrix: os: [ubuntu-latest] node-version: [12.x, 14.x] steps: - uses: actions/checkout@v2 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v1 with: node-version: ${{ matrix.node-version }} - uses: actions/download-artifact@main with: name: webpack artifacts path: public - name: npm install, and test run: | npm install npm test env: CI: true build-and-push-image: runs-on: ubuntu-latest needs: run-npm-test steps: - name: Checkout uses: actions/checkout@v2 - name: Build container image uses: docker/build-push-action@v1 with: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} registry: docker.pkg.github.com repository: ${{ github.repository }}/octo-image tag_with_sha: true tag_with_ref: true
The relevant settings are explained in the following table:
|
Configures the Create and publish a package workflow to run every time a change is pushed to the branch called release.
|
|
This job installs NPM and uses it to build the app. |
|
This job uses npm test to test the code. The needs: run-npm-build command makes this job dependent on the run-npm-build job.
|
|
Creates a new step called Build container image. This step runs as part of the build-and-push-image job. The needs: run-npm-test command makes this job dependent on the run-npm-test job.
|
|
Uses the Docker build-push-action action to build the image, based on your repository's Dockerfile. If the build succeeds, it pushes the image to GitHub Packages.
|
|
Sends the required parameters to the build-push-action action. This are defined in the subsequent lines.
|
|
Defines the user account that will publish the packages. Once published, the packages are owned by the account defined here. |
|
Defines the password that is used to access GitHub Packages. |
|
Defines the registry that will host the resulting packages. This example uses GitHub Packages. |
|
Defines which repository will host the resulting package, and sets the name of the published package. Replace octo-image with the name you want for your package.
|
|
Tags the published package with the first seven characters of the commit's SHA. For example, sha-2f2d842.
|
|
Tags the published package with the git ref. This can be the name of the branch used to create the package. |
- This new workflow will run automatically every time you push a change to the repository. You can view the progress in the Actions tab.
- A few minutes after the workflow has completed, the new package will visible in your repository. To find your available packages, see "Viewing a repository's packages."
Installing a package using an action
You can install packages as part of your CI flow using GitHub Actions. For example, you could configure a workflow so that anytime a developer pushes code to a pull request, the workflow resolves dependencies by downloading and installing packages hosted by GitHub Packages. Then, the workflow can run CI tests that require the dependencies.
Installing packages hosted by GitHub Packages through GitHub Actions requires minimal configuration or additional authentication when you use GITHUB_TOKEN. Data transfer is also free when an action installs a package. For more information, see "About billing for GitHub Packages."
GITHUB_TOKEN cannot install packages from any private repository besides the repository where the action runs. You cannot currently use GITHUB_TOKEN to authenticate to GitHub Container Registry.
配置步骤因包客户端而异。 有关为 GitHub Actions 配置工作流程的一般信息,请参阅“配置工作流程”。