mirror/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-06-28 04:04:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
docker-docs/content/guides/python/configure-github-actions.md
T
Craig Osterhout 5862e80e5b guides: update python & add files component (#25206) 
<!--Delete sections as needed -->

## Description

Updated Python guide

- Removed DOI in favor of DHI only. DHI Community is now free, so
there's no reason to keep the DOI fallback path.
- Removed the git clone sample-app pattern. Maintaining external sample
repos is a burden, and split source of truth between the docs and the
sample.
- New file browser / scaffolding component. Lets users copy individual
files or scaffold the whole project with one command. Replaces the role
the cloned sample repo used to play.
- New "Secure your supply chain" topic highlighting what DHI gives you
and how to attach matching attestations to your own image in CI.
- A bunch of smaller improvements: clearer intros for each topic,
progressively updating the same app in all topics, ran and fixed issues,
etc.

https://deploy-preview-25206--docsdocker.netlify.app/guides/python/

## Related issues or tickets

ENGDOCS-3308

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review

---------

Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
2026-06-08 12:07:31 -07:00

7.2 KiB
Raw Permalink Blame History

title, linkTitle, weight, keywords, description, aliases
title linkTitle weight keywords description aliases
Automate your builds with GitHub Actions GitHub Actions CI 40 ci/cd, github actions, python, flask Learn how to configure CI/CD using GitHub Actions for your Python application.
/language/python/configure-ci-cd/
/guides/language/python/configure-ci-cd/
/guides/python/configure-ci-cd/

Prerequisites

Complete all the previous sections of this guide, starting with Containerize a Python application. You must have a GitHub account and a verified Docker account to complete this section.

If you didn't create a GitHub repository for your project yet, it is time to do it. After creating the repository, don't forget to add a remote and ensure you can commit and push your code to GitHub.

  1. In your project's GitHub repository, open Settings, and go to Secrets and variables > Actions.

  2. Under the Variables tab, create a new Repository variable named DOCKER_USERNAME and your Docker ID as a value.

  3. Create a new Personal Access Token (PAT) for Docker Hub. You can name this token docker-tutorial. Make sure access permissions include Read and Write.

  4. Add the PAT as a Repository secret in your GitHub repository, with the name DOCKERHUB_TOKEN.

Overview

GitHub Actions is a CI/CD automation tool built into GitHub. A workflow is a YAML file that tells GitHub which jobs to run when something happens in your repository, like a push to a branch or a pull request opening. Workflows live in the .github/workflows/ directory of your repository.

In this section, you'll add a workflow that runs your linting, formatting, and type checks on every push to the main branch, then builds your Docker image and pushes it to Docker Hub.

1. Define the GitHub Actions workflow

You can create a GitHub Actions workflow by creating a YAML file in the .github/workflows/ directory of your repository. To do this use your favorite text editor or the GitHub web interface. The following steps show you how to create a workflow file using the GitHub web interface.

If you prefer to use the GitHub web interface, follow these steps:

  1. Go to your repository on GitHub and then select the Actions tab.

  2. Select set up a workflow yourself.

    This takes you to a page for creating a new GitHub Actions workflow file in your repository. By default, the file is created under .github/workflows/main.yml. Change the file name to build.yml.

If you prefer to use your text editor, create a new file named build.yml in the .github/workflows/ directory of your repository.

Add the following content to the file:

{{< files name="python-docker-example" >}}

{{< file path=".github/workflows/build.yml" status="new" >}}

# GitHub Actions workflow that runs on every push to main.
# - lint-test: runs pre-commit hooks (Ruff) and Pyright type checks.
# - build_and_push: signs in to Docker Hub and the DHI registry, then
#   builds and pushes the image (with SBOM and provenance attestations).
name: Build and push Docker image

on:
  push:
    branches:
      - main

jobs:
  lint-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@{{% param "checkout_action_version" %}}

      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: '3.12'

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements.txt
          pip install pre-commit pyright

      - name: Run pre-commit hooks
        run: pre-commit run --all-files

      - name: Run pyright
        run: pyright

  build_and_push:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@{{% param "checkout_action_version" %}}

      - name: Login to Docker Hub
        uses: docker/login-action@{{% param "login_action_version" %}}
        with:
          username: ${{ vars.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Docker Hardened Images
        uses: docker/login-action@{{% param "login_action_version" %}}
        with:
          registry: dhi.io
          username: ${{ vars.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@{{% param "setup_buildx_action_version" %}}

      - name: Build and push
        uses: docker/build-push-action@{{% param "build_push_action_version" %}}
        with:
          push: true
          tags: ${{ vars.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest

{{< /file >}}

{{< /files >}}

Each GitHub Actions workflow includes one or several jobs. Each job consists of steps. Each step can either run a set of commands or use already existing actions. The action above has three steps:

  1. Login to Docker Hub: Action logs in to Docker Hub using the Docker ID and Personal Access Token (PAT) you created earlier.

  2. Set up Docker Buildx: Action sets up Docker Buildx, a CLI plugin that extends the capabilities of the Docker CLI.

  3. Build and push: Action builds and pushes the Docker image to Docker Hub. The tags parameter specifies the image name and tag. The latest tag is used in this example.

2. Run the workflow

Commit the changes and push them to the main branch. This workflow is runs every time you push changes to the main branch. You can find more information about workflow triggers in the GitHub documentation.

Go to the Actions tab of you GitHub repository. It displays the workflow. Selecting the workflow shows you the breakdown of all the steps.

When the workflow is complete, go to your repositories on Docker Hub. If you see the new repository in that list, it means the GitHub Actions workflow successfully pushed the image to Docker Hub.

Summary

In this section, you learned how to set up a GitHub Actions workflow for your Python application that includes:

  • Running pre-commit hooks for linting and formatting
  • Static type checking with Pyright
  • Building and pushing Docker images

Related information:

Next steps

In the next section, you'll learn how to inspect and generate supply chain attestations for your image. See Secure your supply chain.

Reference in New Issue View Git Blame Copy Permalink