If you're looking to use our fully-managed GitHub Actions Runners as a drop-in replacement for your existing runners, head over to Quickstart for GitHub Actions Runners.
If you're looking to use Depot just for your container image builds in GitHub Actions, read on.
Authentication
For GitHub Actions, you can use OIDC, project, or user access tokens for authenticating your build with Depot. Because GitHub Actions supports the OIDC flow, we recommend using that for the best experience.
You can inject a project access token into the Action workflow for depot CLI authentication. Project tokens are tied to a specific project in your organization and not a user.
You can inject a user access token into the Action workflow for depot CLI authentication. User tokens are tied to a specific user and not a project. Therefore, it can be used to build all projects across all organizations that the user can access.
Another option is to make use of the GitHub Action (depot/bake-action) that
allows you to build all of the images defined in an HCL, JSON or Docker Compose file. Bake is a great action to use when you are looking to build multiple images with a single build request.
Option 3 — Depot CLI
You can also use the GitHub Action (depot/setup-action) that installs the depot CLI to run Docker builds directly from your existing workflows.
Examples
Build multi-platform images natively without emulation
This example shows how you can use the platforms input to build a multi-platform image for Intel and Arm architectures natively without emulation.
Build and push to Docker Hub with OIDC token exchange
This example uses our recommended way of authenticating builds from GitHub Actions to Depot via OIDC trust relationships. It builds an image with a tag to be pushed to DockerHub.
Build and push to Docker Hub with Depot API tokens
This example uses the token input for our depot/build-push-action to authenticate builds from GitHub Actions to Depot. Of course, the token input can be a user token. Still, we recommended using a project token to limit the token's scope to a single project.
Build and push an image to Amazon ECR
Use the configure-aws-credentials and amazon-ecr-login actions from AWS to configure GitHub Actions to authenticate to your ECR registry. Then build and push the image to your ECR registry using the depot/build-push-action.
Build and push an image to GCP Artifact Registry
Use the setup-gcloud action from GCP to configure gcloud in GitHub Actions to authenticate to your Artifact Registry. Then build and push the image to your GCP registry using the depot/build-push-action.
Build and push an image to Azure Container Registry with OIDC
After adding a trust relationship between Depot and GitHub Actions, you'll be able to log in to Azure Container Registry using the docker/login-action and build and push an image to the registry using the depot/build-push-action via the image tag(s).
Build and push to multiple registries
Build and tag an image to push to multiple registries by logging into each one individually.
Export an image to Docker
By default, like docker buildx, Depot doesn't return the built image to the client. However, for cases where you need the built image in your GitHub Actions workflow, you can pass the load: true input, and Depot will return the image to the workflow.
Build an image with Software Bill of Materials
Build an image with a Software Bill of Materials (SBOM) using the sbom and sbom-dir inputs. The sbom input will generate an SBOM for the image, and the sbom-dir input will output the SBOM to the specified directory. You can then use the actions/upload-artifact action to upload the SBOM directory as a build artifact.