How to Publish a Docker Image Tagged by Release in GitHub Actions
docker/metadata-action turns the pushed git tag into semver image tags (for example 1.2.3, 1.2, latest) that build-push-action then pushes.
On a tag push, run docker/metadata-action with a type=semver tag rule, log in to the registry, and pass its tags output to docker/build-push-action.
Steps
- Trigger on
push.tagsfor your version glob. - Run
docker/metadata-actionwithtype=semverpatterns. - Log in, then run
build-push-actionwith the derived tags.
Workflow
.github/workflows/release.yml
on:
push:
tags: ['v*.*.*']
permissions:
contents: read
packages: write
jobs:
image:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action@v6
with:
push: true
tags: ${{ steps.meta.outputs.tags }}Gotchas
- A
vprefix on the tag is handled by metadata-action; the image tags drop it. - Grant
packages: writefor GHCR, or the push fails with a 403.
Related guides
How to Upload Cross-Platform Binaries to a Release in GitHub ActionsBuild binaries for Linux, macOS, and Windows with a matrix in GitHub Actions and attach each to one GitHub Re…
How to Mirror a Release to Multiple Registries in GitHub ActionsPush the same Docker image to GHCR and Docker Hub from one GitHub Actions release job by logging into both an…