# Automate your builds with GitHub Actions ## Prerequisites Complete all the previous sections of this guide, starting with [Containerize a Python application](/guides/python/configure-github-actions/containerize/). You must have a [GitHub](https://github.com/signup) account and a verified [Docker](https://hub.docker.com/signup) account to complete this section. If you didn't create a [GitHub repository](https://github.com/new) for your project yet, it is time to do it. After creating the repository, don't forget to [add a remote](https://docs.github.com/en/get-started/getting-started-with-git/managing-remote-repositories) and ensure you can commit and [push your code](https://docs.github.com/en/get-started/using-git/pushing-commits-to-a-remote-repository#about-git-push) to GitHub. 1. In your project's GitHub repository, open **Settings**, and go to **Secrets and variables** > **Actions**. 2. Under the **Variables** tab, create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. 3. Create a new [Personal Access Token (PAT)](/security/access-tokens/#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 4. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. ## Overview GitHub Actions is a CI/CD automation tool built into GitHub. A workflow is a YAML file that tells GitHub which jobs to run when something happens in your repository, like a push to a branch or a pull request opening. Workflows live in the `.github/workflows/` directory of your repository. In this section, you'll add a workflow that runs your linting, formatting, and type checks on every push to the main branch, then builds your Docker image and pushes it to Docker Hub. ## 1. Define the GitHub Actions workflow You can create a GitHub Actions workflow by creating a YAML file in the `.github/workflows/` directory of your repository. To do this use your favorite text editor or the GitHub web interface. The following steps show you how to create a workflow file using the GitHub web interface. If you prefer to use the GitHub web interface, follow these steps: 1. Go to your repository on GitHub and then select the **Actions** tab. 2. Select **set up a workflow yourself**. This takes you to a page for creating a new GitHub Actions workflow file in your repository. By default, the file is created under `.github/workflows/main.yml`. Change the file name to `build.yml`. If you prefer to use your text editor, create a new file named `build.yml` in the `.github/workflows/` directory of your repository. Add the following content to the file: **`python-docker-example/`** `.github/workflows/build.yml` (new): ```yaml # GitHub Actions workflow that runs on every push to main. # - lint-test: runs pre-commit hooks (Ruff) and Pyright type checks. # - build_and_push: signs in to Docker Hub and the DHI registry, then # builds and pushes the image (with SBOM and provenance attestations). name: Build and push Docker image on: push: branches: - main jobs: lint-test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: '3.12' - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt pip install pre-commit pyright - name: Run pre-commit hooks run: pre-commit run --all-files - name: Run pyright run: pyright build_and_push: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - name: Login to Docker Hub uses: docker/login-action@v4 with: username: ${{ vars.DOCKER_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to Docker Hardened Images uses: docker/login-action@v4 with: registry: dhi.io username: ${{ vars.DOCKER_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 - name: Build and push uses: docker/build-push-action@v7 with: push: true tags: ${{ vars.DOCKER_USERNAME }}/${{ github.event.repository.name }}:latest ``` Each GitHub Actions workflow includes one or several jobs. Each job consists of steps. Each step can either run a set of commands or use already [existing actions](https://github.com/marketplace?type=actions). The action above has three steps: 1. [Login to Docker Hub](https://github.com/docker/login-action): Action logs in to Docker Hub using the Docker ID and Personal Access Token (PAT) you created earlier. 2. [Set up Docker Buildx](https://github.com/docker/setup-buildx-action): Action sets up Docker [Buildx](https://github.com/docker/buildx), a CLI plugin that extends the capabilities of the Docker CLI. 3. [Build and push](https://github.com/docker/build-push-action): Action builds and pushes the Docker image to Docker Hub. The `tags` parameter specifies the image name and tag. The `latest` tag is used in this example. ## 2. Run the workflow Commit the changes and push them to the `main` branch. This workflow is runs every time you push changes to the `main` branch. You can find more information about workflow triggers [in the GitHub documentation](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows). Go to the **Actions** tab of you GitHub repository. It displays the workflow. Selecting the workflow shows you the breakdown of all the steps. When the workflow is complete, go to your [repositories on Docker Hub](https://hub.docker.com/repositories). If you see the new repository in that list, it means the GitHub Actions workflow successfully pushed the image to Docker Hub. ## Summary In this section, you learned how to set up a GitHub Actions workflow for your Python application that includes: - Running pre-commit hooks for linting and formatting - Static type checking with Pyright - Building and pushing Docker images Related information: - [Introduction to GitHub Actions](/guides/gha/) - [Docker Build GitHub Actions](/build/ci/github-actions/) - [docker/login-action](https://github.com/docker/login-action) - [docker/build-push-action](https://github.com/docker/build-push-action) - [Create a Docker Hub access token](/security/access-tokens/#create-an-access-token) ## Next steps In the next section, you'll learn how to inspect and generate supply chain attestations for your image. See [Secure your supply chain](/guides/python/configure-github-actions/secure-supply-chain/).