docker/build-push-action: Build & Push Images in CI
build-push-action builds your image with BuildKit and pushes it to a registry in one step.
It wraps docker buildx build with workflow-friendly inputs: tags, labels, build args, caching, and multi-platform output. Pair it with setup-buildx-action and login-action.
Key inputs (with:)
- context: build context path (default .).
- file: Dockerfile path.
- push: true to push after build.
- tags: one or more image tags.
- platforms: e.g. linux/amd64,linux/arm64.
- cache-from / cache-to: BuildKit layer cache sources.
- build-args / secrets: pass build-time values.
Example workflow
.github/workflows/ci.yml
jobs:
image:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: docker/build-push-action@v6
with:
context: .
push: true
tags: myorg/myapp:latest
cache-from: type=gha
cache-to: type=gha,mode=maxOn any runner
build-push-action runs on any runner with Docker. Latchkey managed runners run it unchanged and offer a fast ECR-backed layer cache as an alternative to type=gha.
Key takeaways
- Combine with setup-buildx-action and login-action.
- cache-from/cache-to with type=gha speeds repeat builds.
- platforms builds multi-arch images in one step.
Related guides
docker/setup-buildx-action: Enable BuildKit in CIReference for docker/setup-buildx-action: create a Buildx builder so you can use BuildKit features, cache exp…
docker/login-action: Authenticate to a RegistryReference for docker/login-action: log in to Docker Hub, GHCR, ECR, or any registry before pushing images, wi…
docker/metadata-action: Generate Tags & LabelsReference for docker/metadata-action: derive Docker image tags and OCI labels from Git refs, SHAs, and semver…