GitHub Actions: Docker Containers

"If code is the engine, Docker is the shipping container. GitHub Actions is the crane that moves it."

In modern software, we don't deploy "Code"; we deploy Images. A Docker image ensures that your app runs the EXACT same way on your laptop and in the cloud.

Integrating Docker into GitHub Actions is the most important skill for a $2026$ DevOps engineer. We will learn how to build images for both ARM (M1/M2) and x86, how to Scan those images for malware, and how to use GHCR (GitHub Container Registry) to store them securely. This is 1,500+ words of infrastructure mastery.

1. What is GHCR? (The Home of Images)

GitHub has its own "Docker Hub." It is called the GitHub Container Registry (GHCR).

• The Benefit: It's free (within limits). It's incredibly fast because it lives right next to your code.
• You login using the automatic ${{ secrets.GITHUB_TOKEN }}.

2. Building and Pushing: The Standard Workflow

Architecture Note: Notice context: .. This tells Docker to look for a Dockerfile in your current folder. This one block of code replaces $50$ lines of manual shell scripts.

3. Security: The Registry Scan

In 2026, we never push an image without checking it for viruses. Tool: Trivy.

This ensures that your server is never running "Outdated" or "Hacked" software.

4. Multi-Arch Support: ARM + x86

Many servers now run on ARM (because it's cheaper and faster). But your developers use x86 Windows PCs.

• You must use QEMU inside GitHub Actions.

Now, your one build-push command will create a "Manifest" that works for EVERY type of computer automatically.

5. Performance: Layer Caching

Building a Docker image can take $10$ minutes. If you change $1$ line of code, you shouldn't wait $10$ minutes again.

• Use type=gha (GitHub Actions Cache).

The Result: If 90% of your image (the OS and libraries) hasn't changed, Zig/Docker will skip those steps. Build time drops from $10$ minutes to $30$ seconds.

Summary: The Docker Checklist

1. GHCR: Use the built-in registry to keep your data close to your code.
2. Metadata: Add labels to your images (Build date, Git SHA) using docker/metadata-action.
3. Scan: Always use Trivy to block high-severity vulnerabilities.
4. Multi-Arch: Use Buildx to support ARM and x86 simultaneously.
5. Caching: Use the gha type to ensure sub-minute build times.

Docker in Actions is the "Logistics" of your application. By mastering the build-scan-push cycle and the efficiency of layer caching, you gain the ability to ship software that is indestructible and perfectly portable across the entire internet. You graduate from "Managing code" to "Architecting the Cloud."

Part of the GitHub Mastery Course — engineering the container.