Skip to content

feat(release): publish multi-arch Docker images to ghcr.io (26.10)#13

Merged
CryptoJones merged 1 commit into
mainfrom
sprint/26.10-ghcr-publish
May 27, 2026
Merged

feat(release): publish multi-arch Docker images to ghcr.io (26.10)#13
CryptoJones merged 1 commit into
mainfrom
sprint/26.10-ghcr-publish

Conversation

@CryptoJones
Copy link
Copy Markdown
Owner

@CryptoJones CryptoJones commented May 27, 2026

Summary

Adds the `docker pull` install path. After this lands and v26.10 is tagged, the GitHub Packages tile on the repo home will populate with a multi-arch (linux/amd64 + linux/arm64) image at `ghcr.io/cryptojones/networkinventoryagent`.

```bash
docker pull ghcr.io/cryptojones/networkinventoryagent:latest
docker run --rm ghcr.io/cryptojones/networkinventoryagent:latest -version
```

Mechanics

  • New `Dockerfile.goreleaser` — slim COPY-only image consumed by goreleaser. The existing top-level `Dockerfile` is unchanged so `docker build .` still works.
  • `.goreleaser.yaml` gains `dockers:` (per-arch builds), `docker_manifests:` (multi-arch stitch under `:version` + `:latest`), and `docker_signs:` (cosign keyless on the manifests, same Fulcio + Rekor flow as the binary signing).
  • `.github/workflows/release.yml` sets up QEMU + Buildx and runs `docker login ghcr.io` (via `GITHUB_TOKEN`) before invoking goreleaser, so cross-arch arm64 layers succeed on the amd64-only runner.

Test plan

  • PR merges, sprint branch deleted
  • `git tag v26.10 && git push --tags github` triggers the release workflow
  • Workflow's docker_build + docker_publish + cosign steps go green
  • `docker pull ghcr.io/cryptojones/networkinventoryagent:26.10` from a clean host succeeds and `-version` prints `agent 26.10`
  • `cosign verify ghcr.io/cryptojones/networkinventoryagent:26.10` returns Verified OK

🤖 Generated with Claude Code

@claude
feat(release): publish multi-arch Docker images to ghcr.io (26.10)
eb58557 
The signed binary archives at /releases solve the "download a tarball"
install path. This adds the "docker pull" install path, populating the
GitHub Packages tile on the repo home.

- Dockerfile.goreleaser: slim COPY-only image consumed by goreleaser
  (the existing Dockerfile keeps working for `docker build .`).
- .goreleaser.yaml: dockers: amd64+arm64 per-arch builds,
  docker_manifests: stitches them under :{version} + :latest,
  docker_signs: cosign keyless on the published manifests.
- .github/workflows/release.yml: QEMU + Buildx setup, ghcr.io login
  via the GITHUB_TOKEN before goreleaser runs.
- README: Docker quickstart + cosign verify snippet.

The image's default entrypoint is `agent` (standalone). Wintermute and
Neuromancer ship in the same image; override the entrypoint to run
them. The existing docker-compose.yml still works — point its image:
at ghcr.io/cryptojones/networkinventoryagent:26.10.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@CryptoJones CryptoJones merged commit dc73216 into main May 27, 2026
@CryptoJones CryptoJones deleted the sprint/26.10-ghcr-publish branch May 27, 2026 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CryptoJones