Skip to content

Publish Artifacts Workflow

File: .github/workflows/docker-publish.yml

Purpose

Builds Docker images and publishes them to GitHub Container Registry (GHCR), and creates a GitHub Release with the service changelog.

How It Works

Triggers on the same event and conditions as Create Release Tag:

  • PR closed to main
  • PR was merged
  • Has release label
  • Branch matches release/* pattern

This workflow typically runs in parallel with tag creation, not sequentially.

Steps

  1. Checkout main at merge commit (without shallow clone)
  2. Extract service and version from branch name
  3. Branch format: release/<service>-v<version>
  4. Example: release/api-v1.2.3 becomes service=api, version=1.2.3
  5. Validates that services/<service>/ directory exists
  6. Log in to GHCR using ${{ secrets.GITHUB_TOKEN }}
  7. Generate Docker metadata
  8. Images: ghcr.io/<owner>/<service>
  9. Tags: <version> and latest
  10. Build and push Docker image
  11. Context: services/<service>/
  12. Pushes to GHCR with both version and latest tags
  13. Create GitHub Release
  14. Release name: <service> v<version>
  15. Tag: Parsed from branch name (e.g., api-v1.2.3)
  16. Body: Contents of services/<service>/CHANGELOG.md
  17. Not marked as draft or prerelease
  18. Print summary with published image URI

Outputs

Output Value
tag Version tag (e.g., api-v1.2.3)
service Service name (e.g., api)
version Version number (e.g., 1.2.3)

Permissions Required

  • contents: write - Create GitHub Release
  • packages: write - Push to container registry

Docker Image URI

Published images are publicly accessible at:

ghcr.io/<owner>/<service>:<version>
ghcr.io/<owner>/<service>:latest

For example:

ghcr.io/HYP3R00T/api:1.2.3
ghcr.io/HYP3R00T/api:latest

Dockerfile Location

Each service must have a Dockerfile in its directory:

  • API: services/api/Dockerfile
  • Web: services/web/Dockerfile

The build context is the service directory itself.

Changelog Integration

The GitHub Release body is populated from the service's CHANGELOG.md, generated by the Bump API workflow during version bump.

If CHANGELOG.md is missing or empty, the release creation will fail.

Service Directory Requirement

The workflow validates that services/<service>/ exists. The workflow exits with an error if:

services/<extracted_service>/ not found

This prevents accidental releases for non-existent services from malformed branch names.