Skip to content

Adding workflow to push to ghcr #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Adding workflow to push to ghcr #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d558982
Adding workflow to push to ghcr
bvigar Nov 7, 2025
bc16d98
Fixed push to ghcr
bvigar Nov 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/docker-push-to-ecr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Docker push for main branch
name: Docker push to ECR for main branch

on:
workflow_call:
Expand Down
78 changes: 78 additions & 0 deletions .github/workflows/docker-push-to-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: Docker push to GHCR for main branch

on:
workflow_call:
inputs:
image_name_suffix:
description: 'Custom suffix for the Docker image name. Defaults to "github.event.repository.name"'
required: false
type: string
dockerfile_name:
description: 'Custom Dockerfile name. Defaults to "Dockerfile"'
required: false
type: string
secrets:
SLACK_NOTIFY_URL:
required: true

jobs:
build-and-publish:
permissions:
contents: read
id-token: write
attestations: write
packages: write

runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
Copy link
Contributor

@Robin-Law Robin-Law Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need to be included in the secrets block above?


- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/decisiveai/${{ inputs.image_name_suffix || github.event.repository.name }}
Copy link

@arcanez arcanez Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

decisiveai isn't a bad hardcode, but ${{ github.repository_owner }} would make it portable

tags: |
type=sha,enable=true,priority=100,prefix=sha-,suffix=,format=short
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.0') }}
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and push
id: push
uses: docker/build-push-action@v6
with:
context: .
cache-from: type=gha
cache-to: type=gha,mode=max
file: ${{ inputs.dockerfile_name || 'Dockerfile' }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
provenance: true
sbom: true

- name: Generate artifact attestation
uses: actions/attest-build-provenance@v3
with:
subject-name: ghcr.io/decisiveai/${{ inputs.image_name_suffix || github.event.repository.name }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

notify-on-failure:
needs: build-and-publish
if: failure() && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
uses: DecisiveAI/ci/.github/workflows/slack-notify.yml@main
secrets:
SLACK_NOTIFY_URL: ${{ secrets.SLACK_NOTIFY_URL }}