From d5030e5cc2d9cecb4b39e6c9a46a02d64108d097 Mon Sep 17 00:00:00 2001
From: Spencer Bryngelson <sbryngelson@gmail.com>
Date: Mon, 11 May 2026 12:48:11 -0400
Subject: [PATCH 1/3] feat: add GitHub deployment environments for containers,
 docs, and homebrew

---
 .github/workflows/deploy-tap.yml       |  3 +++
 .github/workflows/docker.yml           |  3 +++
 .github/workflows/docs.yml             | 23 ++++++++++++++++++++---
 .github/workflows/homebrew-release.yml |  3 +++
 4 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy-tap.yml b/.github/workflows/deploy-tap.yml
index 5e4a56d87e..1779a1d42b 100644
--- a/.github/workflows/deploy-tap.yml
+++ b/.github/workflows/deploy-tap.yml
@@ -28,6 +28,9 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
+    environment:
+      name: homebrew
+      url: https://github.com/MFlowCode/homebrew-mfc
     steps:
       - name: Checkout MFC repository
         uses: actions/checkout@v4
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 7704b71669..0f55b39efc 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -135,6 +135,9 @@ jobs:
   manifests:
     runs-on: ubuntu-latest
     needs: Container
+    environment:
+      name: containers
+      url: https://hub.docker.com/r/mflowcode/mfc
     steps:
       - name: Login to Docker Hub
         uses: docker/login-action@v3
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 72ae5952a8..8d62f26cf9 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -9,8 +9,8 @@ on:
   pull_request:
 
 jobs:
-  docs:
-    name:    Build & Publish
+  build:
+    name: Build & Verify
     runs-on: ubuntu-latest
 
     steps:
@@ -73,8 +73,25 @@ jobs:
         args: -c .lychee.toml build/install/docs/mfc/
         fail: true
 
+  publish:
+    name: Publish
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.repository == 'MFlowCode/MFC' && github.ref == 'refs/heads/master' && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
+    environment:
+      name: docs
+      url: https://mflowcode.github.io/
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Download Built Documentation Artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: mfc-docs
+        path: build/install/docs/mfc
+
     - name: Publish Documentation
-      if:   github.repository == 'MFlowCode/MFC' && github.ref == 'refs/heads/master' &&  (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' )
       run:  |
         set +e
         git ls-remote "${{ secrets.DOC_PUSH_URL }}" -q
diff --git a/.github/workflows/homebrew-release.yml b/.github/workflows/homebrew-release.yml
index a09543e5c5..64f8b1504a 100644
--- a/.github/workflows/homebrew-release.yml
+++ b/.github/workflows/homebrew-release.yml
@@ -25,6 +25,9 @@ jobs:
   update-homebrew-tap:
     name: Update homebrew-mfc tap
     runs-on: ubuntu-latest
+    environment:
+      name: homebrew
+      url: https://github.com/MFlowCode/homebrew-mfc
 
     steps:
       - name: Determine version

From 8f64bec63dbd43299b4a582d84851b3b219df57c Mon Sep 17 00:00:00 2001
From: Spencer Bryngelson <sbryngelson@gmail.com>
Date: Mon, 11 May 2026 13:13:08 -0400
Subject: [PATCH 2/3] fix: lowercase GHCR owner to satisfy registry naming
 requirement

github.repository_owner returns 'MFlowCode' (mixed case), but GHCR
requires all-lowercase repository names, causing tag validation errors.
Compute GH_REGISTRY=ghcr.io/${OWNER,,}/mfc in a shell step so the
lowercasing happens at runtime rather than at expression-eval time.
---
 .github/workflows/docker.yml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 0f55b39efc..da4caa815f 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -71,6 +71,8 @@ jobs:
           fi
           echo "tag=$TAG" >> $GITHUB_OUTPUT
           echo "TAG=$TAG" >> $GITHUB_ENV
+          OWNER="${{ github.repository_owner }}"
+          echo "GH_REGISTRY=ghcr.io/${OWNER,,}/mfc" >> $GITHUB_ENV
           git clone --branch "$BRANCH" --depth 1 ${{ github.server_url }}/${{ github.repository }}.git mfc
 
       - name: Stage
@@ -107,7 +109,7 @@ jobs:
             org.opencontainers.image.source=https://github.com/${{ github.repository }}
           tags: |
             ${{ secrets.DOCKERHUB_USERNAME }}/mfc:${{ env.TAG }}-${{ matrix.config.name }}-${{ matrix.config.runner }}
-            ghcr.io/${{ github.repository_owner }}/mfc:${{ env.TAG }}-${{ matrix.config.name }}-${{ matrix.config.runner }}
+            ${{ env.GH_REGISTRY }}:${{ env.TAG }}-${{ matrix.config.name }}-${{ matrix.config.runner }}
           push: true
 
       - name: Build and push image (gpu)
@@ -129,7 +131,7 @@ jobs:
             org.opencontainers.image.source=https://github.com/${{ github.repository }}
           tags: |
             ${{ secrets.DOCKERHUB_USERNAME }}/mfc:${{ env.TAG }}-${{ matrix.config.name }}-${{ matrix.config.runner }}
-            ghcr.io/${{ github.repository_owner }}/mfc:${{ env.TAG }}-${{ matrix.config.name }}-${{ matrix.config.runner }}
+            ${{ env.GH_REGISTRY }}:${{ env.TAG }}-${{ matrix.config.name }}-${{ matrix.config.runner }}
           push: true
 
   manifests:
@@ -155,12 +157,17 @@ jobs:
       - name: Setup Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Set GHCR registry (lowercase)
+        run: |
+          OWNER="${{ github.repository_owner }}"
+          echo "GH_REGISTRY=ghcr.io/${OWNER,,}/mfc" >> $GITHUB_ENV
+
       - name: Create and Push Manifest Lists
         env:
           TAG: ${{ needs.Container.outputs.tag }}
           DH: ${{ secrets.DOCKERHUB_USERNAME }}/mfc
-          GH: ghcr.io/${{ github.repository_owner }}/mfc
         run: |
+          GH="${{ env.GH_REGISTRY }}"
           for R in "$DH" "$GH"; do
             docker buildx imagetools create -t $R:$TAG-cpu $R:$TAG-cpu-ubuntu-22.04 $R:$TAG-cpu-ubuntu-22.04-arm
             docker buildx imagetools create -t $R:$TAG-gpu $R:$TAG-gpu-ubuntu-22.04 $R:$TAG-gpu-ubuntu-22.04-arm
@@ -171,8 +178,8 @@ jobs:
         env:
           TAG: ${{ needs.Container.outputs.tag }}
           DH: ${{ secrets.DOCKERHUB_USERNAME }}/mfc
-          GH: ghcr.io/${{ github.repository_owner }}/mfc
         run: |
+          GH="${{ env.GH_REGISTRY }}"
           for R in "$DH" "$GH"; do
             docker buildx imagetools create -t $R:latest-cpu $R:$TAG-cpu-ubuntu-22.04 $R:$TAG-cpu-ubuntu-22.04-arm
             docker buildx imagetools create -t $R:latest-gpu $R:$TAG-gpu-ubuntu-22.04 $R:$TAG-gpu-ubuntu-22.04-arm

From 4c640ac8911f102ea70697bf5e31490be793c2ff Mon Sep 17 00:00:00 2001
From: Spencer Bryngelson <sbryngelson@gmail.com>
Date: Mon, 11 May 2026 14:18:29 -0400
Subject: [PATCH 3/3] fix: use DOCKERHUB_USERNAME secret in containers
 environment URL

---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index da4caa815f..faa3d46fd9 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -139,7 +139,7 @@ jobs:
     needs: Container
     environment:
       name: containers
-      url: https://hub.docker.com/r/mflowcode/mfc
+      url: https://hub.docker.com/r/${{ secrets.DOCKERHUB_USERNAME }}/mfc
     steps:
       - name: Login to Docker Hub
         uses: docker/login-action@v3