Skip to content

Publish to Docker Hub via GAR#1455

Draft
martincostello wants to merge 7 commits into
mainfrom
publish-to-dockerhub-via-gar
Draft

Publish to Docker Hub via GAR#1455
martincostello wants to merge 7 commits into
mainfrom
publish-to-dockerhub-via-gar

Conversation

@martincostello

@martincostello martincostello commented Jun 8, 2026

Copy link
Copy Markdown
Member

Publish released images to Docker Hub via a Google Artifact Repository mirror.

@martincostello martincostello added dependencies Pull requests that update a dependency file github-actions pir-action-item Action Item from Post Incident Review labels Jun 8, 2026
zeitlinger
zeitlinger previously approved these changes Jun 8, 2026
View reviewed changes
@martincostello
Publish to Docker Hub via GAR
d2a300c 
Publish released images to Docker Hub via a Google Artifact Repository mirror.
@martincostello
Workflow refactoring
ecd9153 
- Use output instead of env to set `GIT_COMMIT_EPOCH`.
- Simplify step ID.
- Add step name.
@martincostello martincostello force-pushed the publish-to-dockerhub-via-gar branch from ea7ccc4 to ecd9153 Compare June 12, 2026 09:13
@martincostello
Add release environment
d6a52ad 
Associate the release publishing with an environment so we can lock down the refs that are allowed to do so.
@martincostello
Add job timeout
e859c1b 
Allow maximum of 30 minutes to publish (longest I could see was 11 minutes).
@martincostello
Wait for mirroring
d2f046a 
- Wait for the image to be mirrored after publish.
- Parameterise some things.
- Add TODO regarding attestation and signing.
@martincostello
Verify attestation and signature
8e56e89 
Add steps to verify the container image's attestation and signature immediately after they are created.
@martincostello
Add missing condition
6f15a26 
Don't verify nothing.
@martincostello martincostello mentioned this pull request Jun 16, 2026
Merged
martincostello added a commit that referenced this pull request Jun 16, 2026
@martincostello
Publish refactoring (#1482)
9dc3c51 
Changes cherry-picked from #1455 and #1467:

- Use output instead of env for `SOURCE_DATE_EPOCH,
- Verify attestations and signatures.
- Associate ghcr publishing with an environment.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zeitlinger zeitlinger zeitlinger left review comments

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github-actions pir-action-item Action Item from Post Incident Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martincostello @zeitlinger