Shared action to configure Docker tooling and OCI registry authentication.
- uses: hoverkraft-tech/ci-github-container/actions/docker/setup@bcbbcaff24e053e38ebab02dd0e41442df196719 # 0.32.0
with:
# OCI registry configuration used to pull, push and cache images.
# Accepts either a registry hostname string (default format) or a JSON object.
# JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}`
#
# This input is required.
# Default: `ghcr.io`
oci-registry: ghcr.io
# Username configuration used to log against OCI registries.
# Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`.
oci-registry-username: ""
# Password or personal access token configuration used to log against OCI registries.
# Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`.
oci-registry-password: ""
# Inline BuildKit daemon configuration.
# See https://github.com/docker/setup-buildx-action#inputs.
# Example for insecure registry:
# ```ini
# [registry."my-registry.local:5000"]
# http = true
# insecure = true
# ```
buildkitd-config-inline: ""
# Optional built images payload used to resolve manifest publication registries.
# When provided, registry authentication targets are inferred from the built image data.
built-images: ""
# Whether to install and configure Docker Buildx.
#
# Default: `true`
setup-buildx: true
# Whether the Buildx builder should be removed during post-job cleanup.
#
# Default: `true`
buildx-cleanup: true| Input | Description | Required | Default |
|---|---|---|---|
oci-registry |
OCI registry configuration used to pull, push and cache images. | true | ghcr.io |
| Accepts either a registry hostname string (default format) or a JSON object. | |||
JSON example: {"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"} |
|||
oci-registry-username |
Username configuration used to log against OCI registries. | false | - |
Accepts either a single username string (default format) or a JSON object using the same keys as oci-registry. |
|||
oci-registry-password |
Password or personal access token configuration used to log against OCI registries. | false | - |
Accepts either a single password/token string (default format) or a JSON object using the same keys as oci-registry. |
|||
buildkitd-config-inline |
Inline BuildKit daemon configuration. | false | - |
| See https://github.com/docker/setup-buildx-action#inputs. | |||
| Example for insecure registry: | |||
[registry."my-registry.local:5000"]
http = true
insecure = true |
|||
built-images |
Optional built images payload used to resolve manifest publication registries. | false | - |
| When provided, registry authentication targets are inferred from the built image data. | |||
setup-buildx |
Whether to install and configure Docker Buildx. | false | true |
buildx-cleanup |
Whether the Buildx builder should be removed during post-job cleanup. | false | true |
The default single-registry format still works:
oci-registry: ghcr.io
oci-registry-username: ${{ github.repository_owner }}
oci-registry-password: ${{ github.token }}To configure distinct pull, push and cache registries, pass JSON objects:
oci-registry: |
{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}
oci-registry-username: |
{"pull:private":"${{ github.repository_owner }}","push":"${{ github.repository_owner }}"}
oci-registry-password: |
{"pull:private":"${{ github.token }}","push":"${{ github.token }}"}Registry credentials are resolved by role using the same keys as oci-registry.
pull is the default pull registry, while pull:<name> can be repeated for additional pull registries.
When no pull registry is provided, the push registry is also used for pulls.
Optional pull registries without credentials are skipped, which is useful for public registries such as Docker Hub.
| Output | Description |
|---|---|
push-registry |
Registry used for published images/manifests. |
cache-registry |
Registry used for registry-backed build cache. |
pull-registries |
JSON array of registries used to pull base images. |
buildx-name |
Docker Buildx builder name. |
Contributions are welcome! Please see the contributing guidelines for more details.
This project is licensed under the MIT License.
SPDX-License-Identifier: MIT
Copyright © 2026 hoverkraft
For more details, see the license.
This documentation was automatically generated by CI Dokumentor.