GitHub Actions

Use Codefresh Hosted GitOps with any popular Continuous Integration (CI) solution, not just with Codefresh CI.
GitHub Actions is one of the third-party CI solutions that you can connect to Codefresh for deployment with image reporting and enrichment.

For information on how to use the image reporting action in your GitHub Action pipeline and how to configure the integration, see CI Integrations.

GitHub Action-Codefresh integration arguments

The table describes the arguments required to connect a GitHub Action to Codefresh.

Argument Description Required/Optional/Default
CF_HOST Deprecated from v 0.0.460 and higher. Recommend using CF_RUNTIME_NAME instead.
CF_HOST has been deprecated because the URL is not static, and any change can fail the enrichment.

The URL to the cluster with the Codefresh runtime to integrate with. If you have more than one runtime, select the runtime from the list. Codefresh displays the URL of the selected runtime cluster.
CF_RUNTIME_NAME The runtime to use for the integration. If you have more than one runtime, select the runtime from the list. Required
CF_API_KEY The API key to authenticate the GitHub Actions user to Codefresh. Generate the key for the GitHub Action.
Enter this token in GitHub Actions as a secret with the name CF_API_KEY. You can then reference it in all GitHub pipelines as you would any other secret.
CF_CONTAINER_REGISTRY_INTEGRATION The name of the container registry integration created in Codefresh where the image is stored.
  • For a GitHub Container registry, select GHCR_GITHUB_TOKEN_AUTHENTICATION even if you have not created an integration in Codefresh.
    Codefresh retrieves and provides the explicit credentials for the container registry on generating the integration manifest.
  • To create a container registry integration if you don't have one, click Create Container Registry Integration, and then configure the settings.
    See Container registry integrations.
CF_JIRA_INTEGRATION The name of the Jira integration created in Codefresh to use for the report image action. Relevant only if Jira enrichment is required for the image. If you don’t have a Jira integration, click Create Atlassian Jira Integration and configure settings. See Jira integration. Optional
CF_IMAGE The image to be enriched and reported in Codefresh. Pass the [account-name]/[image-name]:[tag] built in your CI. Required
CF_WORKFLOW_NAME The name assigned to the workflow that builds the image. When defined, the name is displayed in the Codefresh platform. Example, Staging step Optional
CF_GIT_BRANCH The Git branch with the commit and PR (pull request) data to add to the image. Pass the Branch from the event payload used to trigger your action. Required
CF_GITHUB_TOKEN The GitHub authentication token. The token must have repo scope. See Git tokens. Required
CF_JIRA_PROJECT_PREFIX Relevant only when CF_JIRA_INTEGRATION is defined. The Jira project prefix that identifies the ticket number to use. Required
CF_JIRA_MESSAGE Relevant only when CF_JIRA_INTEGRATION is defined. The Jira issue IDs matching the string to associate with the image. Required
CF_JIRA_FAIL_ON_NOT_FOUND Relevant only when CF_JIRA_INTEGRATION is defined. The report image action when the CF_JIRA_MESSAGE is not found. When set to true, the report image action is failed. Required

GitHub Action integration for image enrichment

GitHub Action integration for image enrichment

For how-to instructions, see Connect a third-party CI platform/tool to Codefresh.

GitHub Actions pipeline example

Here is an example pipeline that uses GitHub Actions to build a container image, and the Codefresh action to enrich and report the resulting image to Codefresh.

Because a Jira integration account is configured in Codefresh, the step needs only the name for CF_JIRA_INTEGRATION, instead of explicit credentials CF_JIRA_API_TOKEN, CF_JIRA_HOST_URL, and CF_JIRA_EMAIL.

name: Docker Image CI

    branches: [ main ]
    branches: [ main ]
      name: test
    runs-on: ubuntu-latest
      - name: Checkout
        uses: actions/checkout@v3
      - name: Login to DockerHub
        uses: docker/login-action@v2
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build & push the Docker image
          CF_IMAGE: ${{ secrets.DOCKERHUB_USERNAME }}/build-by-github-action:0.0.1
        run: |
          docker build . --file Dockerfile --tag $CF_IMAGE && docker push $CF_IMAGE
          echo "Image should be accessible to your local machine (after docker login) by:"
          echo "docker pull $CF_IMAGE"
          docker pull $CF_IMAGE
          echo "On the next step, the report image would use the integration to pull information on the reported image, using the specified enrichers."
      - name: report image by action
          # Name of runtime to implement the enrichment
          CF_RUNTIME_NAME: 'codefresh-hosted'

          # Codefresh API key !! Committing a plain text token is a security risk. We highly recommend using encrypted secrets. !!
          # Documentation -
          CF_API_KEY: ${{ secrets.USER_TOKEN }}

          # Name of Container registry integration

          # The git branch which is related for the commit
          CF_GIT_BRANCH: 'main'

          # Image path to enrich 
          CF_IMAGE: ${{ secrets.DOCKERHUB_USERNAME }}/build-by-github-action:0.0.1

          # GitHub Access token !! Committing a plain text token is a security risk. We highly recommend using encrypted secrets. !!
          # Documentation -
          CF_GITHUB_TOKEN: ${{ secrets.CF_GITHUB_TOKEN }}    

          # Name of Jira integration
          CF_JIRA_INTEGRATION: 'jira' 

         # String starting with the issue ID to associate with image
          CF_JIRA_MESSAGE: 'CR-11027'

          # Jira project filter
        uses: codefresh-io/codefresh-report-image@latest

GitHub Action logs

View and analyze logs for GitHub Action workflows through the Logs tab. When a GitHub Action is run, it is added to the Logs tab.
You can:

  • Filter by status or by date range to view a subset of actions
  • Navigate to the build file in GitHub Actions, and view the Codefresh report image step

GitHub Action: Logs tab

GitHub Action: Logs tab

Build YAML in GitHub Action

The Run column includes the link to the build files for the actions.

Here are examples of the build file for the GitHub Action (top) and of the Codefresh report image step in the action (down).

Build file in GitHub Action

Build file in GitHub Action

Codefresh report image step in GitHub Action build file

Codefresh report image step in GitHub Action build file

Shared configuration repo
Image enrichment with integrations
Container registry integrations
Issue-tracking integrations