Add GitHub Actions workflow to publish Docker images to GHCR#106
Merged
Conversation
Publishes ghcr.io/automattic/jetmon and ghcr.io/automattic/veriflier on pushes to the v2 branch (tagged latest) and on pull requests labeled "Docker Build" (tagged with the PR head short SHA). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds docs/docker-images.md covering pull, tag scheme, env vars, ports, volume mounts, validate-config, reload/drain, and PR-build pinning. Links the new doc from the README documentation table. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds a comment-pr job that runs after build-and-push on pull_request events and upserts a sticky PR comment containing docker pull commands for the freshly built jetmon and veriflier images. Uses an HTML marker to identify the comment so subsequent runs update it in place rather than appending duplicates. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Docker images built for this PRBuilt from docker pull ghcr.io/automattic/jetmon:4b93118
docker pull ghcr.io/automattic/veriflier:4b93118Images are |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/docker-publish.yml, a new GitHub Actions workflow that buildsdocker/Dockerfile_jetmonanddocker/Dockerfile_veriflierand publishes the images toghcr.io/automattic/jetmonandghcr.io/automattic/veriflier.v2branch publish both images tagged:latest. PRs labeledDocker Buildpublish both images tagged with the PR head short SHA (e.g.:a1b2c3d) for test deploys. Unlabeled PRs skip the job.linux/amd64only, with per-image GitHub Actions layer cache (type=gha, scoped per image) so the two builds don't invalidate each other.One-time setup before this is fully usable
gh label create "Docker Build" --description "Build & publish Docker images for this PR".v2push, flip the GHCR package visibility / link to repo in the GHCR UI if the images should be pullable without auth.Notes
GITHUB_TOKENis read-only. We're an internal repo and this is acceptable; deferringpull_request_targetdue to its security implications..dockerignorechanges — the existing.dockerignorealready excludes secrets and build artifacts.Test plan
v2and confirm both images appear underghcr.io/automattic/{jetmon,veriflier}:latestviagh api /orgs/Automattic/packages/container/jetmonand…/veriflier.docker pull ghcr.io/automattic/jetmon:latestand…/veriflier:latest; run each container briefly to confirm the binary starts.v2, apply theDocker Buildlabel, confirm a run starts and the resulting tags are:<short-sha>(no:latest).v2workflow with no code changes and confirm the second run is materially faster (GHA cache hits visible in the buildx logs).🤖 Generated with Claude Code