TechQA.

Using docker buildx github action cache without official actions

1.5k views Asked by At

TL;DR:

How can I find manually ACTIONS_RUNTIME_TOKEN and ACTIONS_CACHE_URL in GitHub actions?

Context

I am trying to cache docker layers during a buildkit build in GitHub actions.

In theory, it's easy with the docker/setup-buildx-action, docker/build-push-action and crazy-max/ghaction-github-runtime actions. The thing is, I cannot use them (organization policy).

The relevant part of my workflow is now:

$repo_url= "<ECR repo in aws>"
docker buildx create --use --driver=docker-container
docker buildx build --tag "${repo_url}:latest"  --file docker/Dockerfile . --cache-to "type=gha,mode=max" --cache-from type=gha

The caching requires 2 variables/configuration: ACTIONS_RUNTIME_TOKEN and ACTIONS_CACHE_URL. They would be set up by the ghaction-github-runtime, which I thus cannot use. Looking at the code, it seems to export 2 variables from the environment, but I cannot find them.

How can I manually, without the help of other actions, find them?

docker caching github-actions docker-buildkit github-actions-artifacts
Original Q&A
2

There are 2 answers

1
Guillaume On BEST ANSWER

It is a bit disgusting, but this is the solution I came up with:

First, add permissions to the workflow

permissions:
  id-token: write # Important for at least docker gha cache
  contents: read

This will give you the environment variables ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN.

The Docker gha cache wants 2 variables:

  • ACTIONS_RUNTIME_TOKEN, which is actually ACTIONS_ID_TOKEN_REQUEST_TOKEN
  • ACTIONS_CACHE_URL, which can be inferred from ACTIONS_ID_TOKEN_REQUEST_URL. The GitHub variable looks like https://pipelines.actions.githubusercontent.com/<a long id>/<a lot of things> and ACTIONS_CACHE_URL, the docker variable, should be https://artifactcache.actions.githubusercontent.com/<the long id from above>/

So my final solution is:

export ACTIONS_CACHE_URL=$(echo "$ACTIONS_ID_TOKEN_REQUEST_URL" | grep -Po 'https://[^/]+/[^/]+/' | sed 's/pipelines/artifactcache/')
export ACTIONS_RUNTIME_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN

docker buildx build --load --file docker/Dockerfile . --cache-to "type=gha,mode=max" --cache-from type=gha

Now I can use the cache without external actions.

0
Anton Kaymakchi On

Depending on what "official" actions you can actually use, you probably can do more or less same thing as doing with actions/github-script. Step will look like:

    - name: Expose actions cache variables
      uses: actions/github-script@v6
      with:
        script: |
          core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL'])
          core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN'])

Related Questions in DOCKER

Related Questions in CACHING

Related Questions in GITHUB-ACTIONS

Related Questions in DOCKER-BUILDKIT

Related Questions in GITHUB-ACTIONS-ARTIFACTS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions