Post

Quay.io Github Actions

Posted
By Joey
2 min read

type: post title: “Set up GitHub Actions to Build and Push Docker Images to Quay.io” date: 2025-03-16 tags: [“quay.io”, “github-actions”, “docker”]

🚀 How to Set Up GitHub Actions to Build and Push Docker Images to Quay.io

If you’re using GitHub Actions to automate your CI/CD workflow, and want to push your Docker images to Quay.io — a secure and reliable container registry — you’re in the right place.

This article walks you through how to:

  1. Set up a Quay.io repository
  2. Create a robot account for CI/CD access
  3. Add GitHub secrets for authentication
  4. Write a GitHub workflow to build and push your image

🔧 Step 1: Create a Repository on Quay.io

  1. Go to https://quay.io and sign in.

  2. Click “+ New Repository”.

  3. Choose:

    • Name (e.g., my-app)
    • Visibility (Public or Private)
    • Namespace: your username or an organization

  4. Click “Create Repository”.

🤖 Step 2: Create a Robot Account (Recommended for CI/CD)

  1. Go to your namespace page: https://quay.io/organization/<your-namespace>/robots (For personal accounts: https://quay.io/user/<your-username>?tab=robots)

  2. Click “Create Robot Account”.

    • Example: ci-bot
    • This will generate a username like yournamespace+ci-bot

  3. After creation:

    • Copy the generated token/password

    • Assign the robot write permissions on your repository:

      • Go to the repository settings → Permissions tab
      • Add the robot account and give it Write or Admin access

🔑 Step 3: Add Secrets to GitHub

In your GitHub repository:

  1. Go to SettingsSecrets and variablesActions
  2. Click “New repository secret” and add:
NameValue
QUAY_USERNAMEyournamespace+ci-bot
QUAY_PASSWORDThe robot account token

🛠 Step 4: Write a GitHub Actions Workflow

Create .github/workflows/docker-build.yml:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

name: Build and Push Docker Image

on:
  push:
    branches: [main] # Or your deployment branch

jobs:
  build-and-push:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Log in to Quay.io
        run: echo "$" | docker login quay.io -u "$" --password-stdin

      - name: Build Docker image
        run: |
          docker build -t quay.io/$/my-app:latest .

      - name: Push Docker image
        run: |
          docker push quay.io/$/my-app:latest

✅ Optional Enhancements

  • Tag with Git SHA or date:

    1
2
3

    IMAGE_TAG=$(git rev-parse --short HEAD)
docker build -t quay.io/$/my-app:$IMAGE_TAG .
docker push quay.io/$/my-app:$IMAGE_TAG

  • Support multiple tags (e.g., latest + commit):

    1
2
3
4
5

    - name: Tag and push
  run: |
    SHA=$
    docker tag quay.io/...:latest quay.io/...:$SHA
    docker push quay.io/...:$SHA

🎉 Conclusion

By using a robot account and GitHub secrets, you can securely build and push Docker images to Quay.io in your CI/CD pipeline. Quay.io offers strong security, image scanning, and flexible access control, making it a great alternative to Docker Hub.

This post is licensed under CC BY 4.0 by the author.

© Joey. Some rights reserved.

Using the Chirpy theme for Jekyll.