build and publish packages with github actions

Table of Contents

Introduction

GitHub Actions not only automates your CI/CD pipelines but also integrates seamlessly with GitHub Packages, a service for hosting and managing your software packages and container images. By leveraging these tools, you can automate the building, testing, and publishing of packages or container images directly from your GitHub repository.

In this article, we’ll explore:

• How to use GitHub Actions to build and publish container images.
• How to publish software packages (like npm packages) using GitHub Actions.

1. Introduction to GitHub Packages

What is GitHub Packages?

GitHub Packages is a service that allows you to host software packages and container images in your GitHub repository. It supports various package formats:

• Container Images: Docker, OCI
• Programming Languages: npm (JavaScript), RubyGems (Ruby), NuGet (.NET), Maven (Java), and more.

Why Use GitHub Packages?

• Integration: Seamlessly integrates with GitHub Actions and your repository.
• Access Control: Permissions and visibility inherit from your repository settings.
• Convenience: Use familiar tools and workflows to publish and manage packages.

2. Publishing Container Images with GitHub Actions

2.1 Workflow Steps

To publish a container image using GitHub Actions, you’ll generally follow these steps:

1. Checkout Code: Use actions/checkout to pull your code.
2. Login to Container Registry: Authenticate with GitHub’s container registry using the GITHUB_TOKEN.
3. Set Up Metadata: Use docker/metadata-action to generate tags and labels for your image.
4. Build and Push Image: Use docker/build-push-action to build and publish your image.

2.2 Example Workflow for Docker Image

Workflow File: .github/workflows/docker-publish.yml

name: Publish Docker Image

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v3

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ghcr.io/${{ github.repository }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

Explanation:

• Checkout Code: Retrieves your repository’s code.
• Set up QEMU and Buildx: Enables cross-platform builds.
• Login to Registry: Authenticates using GITHUB_TOKEN.
• Metadata Extraction: Generates image tags and labels.
• Build and Push: Builds the Docker image and pushes it to GitHub Container Registry.

Using the Published Image

You can pull and use the image from GitHub Container Registry:

docker pull ghcr.io/your-username/your-repo:latest

3. Publishing Software Packages with GitHub Actions

3.1 Workflow Steps

To publish a software package (e.g., npm package), follow these general steps:

1. Checkout Code: Use actions/checkout to pull your code.
2. Set Up Language Environment: Use language-specific actions (e.g., actions/setup-node for Node.js).
3. Authenticate with Package Registry: Configure authentication using GITHUB_TOKEN.
4. Build the Package: Install dependencies and build your package.
5. Publish the Package: Use language-specific commands (e.g., npm publish).

3.2 Example Workflow for npm Package

Workflow File: .github/workflows/npm-publish.yml

name: Publish npm Package

on:
  release:
    types: [published]

jobs:
  build-and-publish:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v3

      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: "16"
          registry-url: "https://npm.pkg.github.com"

      - name: Authenticate with GitHub Packages
        run: npm config set //npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}

      - name: Install Dependencies
        run: npm install

      - name: Build Package
        run: npm run build

      - name: Publish Package
        run: npm publish

Explanation:

• Trigger: Workflow runs when a release is published.
• Setup Node.js: Configures Node.js environment and registry URL.
• Authenticate: Sets up npm to use GITHUB_TOKEN for authentication.
• Build and Publish: Installs dependencies, builds the package, and publishes it to GitHub Packages.

Using the Published Package

To install the package:

1. Authenticate with GitHub Packages:

   npm login --registry=https://npm.pkg.github.com
   

2. Install the Package:

   npm install @your-username/your-package
   

4. Conclusion

By integrating GitHub Actions with GitHub Packages, you can automate the entire process of building, testing, and publishing your software packages and container images. This not only streamlines your development workflow but also ensures consistency and reliability in your deployments.

Key Takeaways

• GitHub Packages: A unified place to host packages and container images.
• Automation with GitHub Actions: Seamlessly build, test, and publish from your repository.
• Secure Authentication: Use GITHUB_TOKEN for secure operations within workflows.
• Testing: Always include tests to verify your packages or images work as expected.