Publish container images to GHCR instead of Docker Hub#18
Merged
Conversation
The release pushed images to Docker Hub (txn2/rtbeat), which needed DOCKERHUB_USERNAME / DOCKERHUB_TOKEN org secrets that don't exist, so the v1.2.0 release failed at the Docker Hub login step. Switch to the GitHub Container Registry, which authenticates with the built-in GITHUB_TOKEN (no external secret; the release job already has packages: write) and is free for public repos: - release.yml: log in to ghcr.io with github.actor + GITHUB_TOKEN. - .goreleaser.yml: image txn2/rtbeat -> ghcr.io/txn2/rtbeat (Cosign signing, multi-arch, and the image.source repo link are unchanged). - Drop all DOCKERHUB_* references. - Docs (README badge + docker run, docs/index.md, SECURITY.md, CLAUDE.md) point at ghcr.io/txn2/rtbeat. Migration: production pulls txn2/rtbeat:1.1.1 from Docker Hub today; new releases publish to ghcr.io/txn2/rtbeat:<version>, and the package must be set public once so it pulls without a secret. Closes #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #17.
The
v1.2.0release failed at Login to Docker Hub (Username and password required) because the pipeline pushes to Docker Hub (txn2/rtbeat) usingDOCKERHUB_USERNAME/DOCKERHUB_TOKENorg secrets that don't exist. Rather than provision Docker Hub credentials, publish to the GitHub Container Registry.Changes
release.yml— log in toghcr.iowithgithub.actor+ the built-inGITHUB_TOKEN(no external secret; the release job already haspackages: write)..goreleaser.yml— imagetxn2/rtbeat→ghcr.io/txn2/rtbeat. Cosign keyless signing, multi-arch (linux/amd64,arm64), and theorg.opencontainers.image.sourcerepo link are unchanged.DOCKERHUB_*reference.README.md(badge +docker run),docs/index.md,SECURITY.md,CLAUDE.md.Why GHCR
GITHUB_TOKEN.After merge (to actually cut a release)
v1.2.0tag predates this fix, so re-running the failed run won't help (it checks out the old tagged commit). Delete & re-pushv1.2.0(or tagv1.2.1) at the newmaster.rtbeatpackage to public (repo → Packages → rtbeat → Package settings) so it pulls without a secret.Migration note
Production currently pulls
txn2/rtbeat:1.1.1from Docker Hub; new releases publish toghcr.io/txn2/rtbeat:<version>. k8s image references move to ghcr on the next upgrade.Doc/YAML only — no Go build impact; action SHA pins validated.