We use cookies to understand how people use Depot.
Integrations

GitHub Actions

Authentication

For GitHub Actions you can use OIDC, project, or user access tokens for authenticating your build with Depot.

OIDC token

The easiest option is to use GitHub's OIDC token as authentication for depot build. Our depot/build-push-action supports authentication via OIDC.

Project token

A project access token can be injected into the Action workflow for depot CLI authentication. This is a token that is tied to a specific project in your organization and not a user.

User access token

It is also possible to generate a user access token that can be injected into the Action workflow for depot CLI authentication. This is a token that is tied to a specific user and not a project. Therefore, it can be used to build all projects across all organizations that the user has access to.

Configuration

Option 1 — depot/build-push-action

We publish a GitHub Action (depot/build-push-action) that implements the same inputs and outputs of docker/build-push-action but uses the depot CLI to run the Docker build.

jobs:
  build:
    runs-on: ubuntu-20.04
    # Set permissions if you're using OIDC token authentication
    permissions:
      contents: read
      id-token: write
    steps:
      - uses: actions/checkout@v3
      # The depot CLI still needs to be available in your workflow
      - uses: depot/setup-action@v1
      - uses: depot/build-push-action@v1
        with:
          context: .
          push: true
          tags: |
            ...
          # Pass project token or user access token if you're not using OIDC token authentication
          token: ${{ secrets.DEPOT_TOKEN }}

Option 2 — depot/setup-action

Another option is to make use of the GitHub Action (depot/setup-action) that installs the depot CLI to run Docker builds directly from your existing workflows.

Note: This GitHub Action does not support the OIDC token authentication method.

jobs:
  build:
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v3
      - uses: depot/setup-action@v1
      - run: depot build --push --tag repo/image:tag .
        env:
          DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }}