You build and push Docker images in GitHub Actions by creating a workflow file that logs into a container registry, builds the image, and pushes it using specialized actions like docker/login-action and docker/build-push-action.
GitHub Actions provides a fully integrated CI/CD platform to automate Docker image builds and pushes. The process involves creating a workflow file (YAML) in your repository's .github/workflows directory. This workflow defines the trigger events, the runner environment, and a series of steps that typically include: checking out the code, authenticating with a container registry (like Docker Hub, GitHub Container Registry, or Amazon ECR), setting up Docker Buildx for advanced features, building the image, and finally pushing it to the registry .
The recommended approach uses official Docker GitHub Actions rather than running raw docker commands. The docker/login-action handles registry authentication securely using secrets stored in your repository. The docker/setup-buildx-action configures Buildx for enhanced build capabilities like multi-platform builds and cache management. The docker/build-push-action performs the actual build and push, accepting parameters for context, tags, platforms, and build arguments .
Before the workflow can run, you must configure secrets in your GitHub repository. Navigate to Settings > Secrets and variables > Actions and add your Docker Hub credentials (username and access token). For GitHub Container Registry, you can use the built-in GITHUB_TOKEN secret with appropriate permissions. For AWS ECR, you'll need to configure AWS credentials as secrets .
For production workflows, consider adding additional steps like running tests before building, using Docker metadata action to generate consistent tags, implementing caching strategies to speed up builds, and adding security scanning. You can also use matrix strategies to build multiple variants or deploy to different environments . The docker/build-push-action automatically generates a build summary with detailed information about the build execution, which appears in the GitHub Actions run summary .
Store all credentials as GitHub secrets, never hardcode them in workflow files
Use specific version tags for actions (v3, v4, v5, v6) to ensure stability and reproducibility
Implement caching with build-push-action's cache-from and cache-to parameters to speed up subsequent builds
Tag images meaningfully using the Docker metadata action to generate consistent tags based on Git context
Consider using multi-stage builds in your Dockerfile to keep final images small and secure