We wanted to make it simple to try Depot in your existing GitHub Action workflows. So, we released depot/build-push-action, that implements the same inputs and outputs as docker/build-push-action but makes uses of our depot CLI to run your build.

Bonus: We now support OIDC token authentication in GitHub Actions 🎉

Our new GitHub Action also allows you to use GitHub's OIDC token as authentication to depot build. No more static access keys in GitHub Actions!

If you set the permissions block in your action workflow and make use of depot/build-push-action you can authenticate builds via OIDC and don't need to generate a user access token.

jobs:
  build:
    runs-on: ubuntu-20.04
    permissions:
      contents: read
      id-token: write
    steps:
      - uses: actions/checkout@v3
      # The depot CLI still needs to be available in your workflow
      - uses: depot/setup-action@v1
      - uses: depot/build-push-action@v1
        with:
          context: .
          push: true

If you want to see an example of this new authentication method in action, you can check out our moby/moby benchmark workflow.