GitHub Actions 自动打包 python 项目到 Docker 并推送
- 在项目根目录下新建
.github/workflows/publish.yml文件。 - 内容如下:
name: Build and Publish Docker Image
on:
push:
branches: [ main ]
workflow_dispatch:
jobs:
build-and-publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT || secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ghcr.io/${{ github.repository_owner }}/local-monitor:latest
- name: Show published image
run: echo "Published to ghcr.io/${{ github.repository_owner }}/local-monitor:latest"
- 提交并推送到 main 分支,GitHub Actions 会自动构建并推送镜像。
二、为什么需要 permissions 配置?
在组织仓库或部分个人仓库中,GitHub Actions 默认的 GITHUB_TOKEN 没有推送容器包(package)的权限。如果 workflow 没有显式声明 permissions,会出现如下报错:
installation not allowed to Create organization package
三、如何解决?
只需在 workflow 的 jobs 下添加如下配置:
permissions:
contents: read
packages: write
完整示例见上。
contents: read允许读取仓库内容(如 checkout 代码)。packages: write允许推送 Docker 镜像到 GitHub Container Registry(ghcr.io)。
最后修改于 2025-08-23