Question posted in 
Can we build and push the docker image to the artifact registry with GitHub actions privately with the following code or do we need a docker hub
Here is my GitHub workflow
build-and-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Authenticate service account
uses: google-github-actions/auth@v2
with:
credentials_json: '${{ secrets.Key }}'
- name: Configure Docker to use the gcloud command-line tool as a credential helper
run: gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
- name: Build the Docker image
run: |
docker build . -t us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/simple-website:latest
- name: Push the Docker image to Google Artifact Registry
run: |
docker push us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/simple-website:latest
2
Answers
Yes, your GitHub Actions workflow can build and push a Docker image to Google Artifact Registry privately without needing Docker Hub. Your steps correctly set up Google Cloud authentication, build the Docker image, and push it to your private Artifact Registry repository.
Confirm your service account has the necessary permissions and your secrets (
KeyandPROJECT_ID) are correctly configured and added as GitHub action secrets.In addition from @helpinghand answer:
The provided workflow is a solid foundation for building and pushing Docker images. To make it even more secure, grant minimal permissions to service accounts, store credentials securely in GitHub Secrets Manager, implement error handling, and consider using dedicated runners for greater control. The improved example leverages Google Cloud Actions setup for streamlined service account management, separates Artifact Registry URL and service account location into distinct secrets, and includes example permissions for pushing images (which you can customize as needed).