feat(release): add docker publishing to the release process#25
Conversation
There was a problem hiding this comment.
I've got 5 comments for you to consider
The PR title and description are not accurate. Here are my suggestions:
Title: feat: move docker publishing to release workflow and harden GitHub Actions security
Description: # Contributor Comments
This PR makes two main improvements:
-
Docker Publishing Workflow Changes: Moves Docker publishing from the CI pipeline to the manual release process, triggered when a release is created. The publishing is now conditional and integrated into the release workflow.
-
Security Hardening: Adds
persist-credentials: falseto all GitHub Actions checkout steps across workflows (ci.yml, commit.yml, security.yml, update.yml, release.yml) to prevent credential persistence as a security best practice. -
Taskfile Refactoring: Simplifies the Docker build process by using a PUBLISH flag instead of a separate publish task, removing complex cross-platform file handling logic.
Pull Request Checklist
Thank you for submitting a contribution!
Please address the following items:
- If you are adding a dependency, please explain how it was chosen.
- If manual testing is needed in order to validate the changes, provide a testing plan and the expected results.
- Validate that documentation is accurate and aligned to any project updates or additions.
Reviewed with 🤟 by Zenable
Contributor Comments
This moves the
task publish(i.e. pushing to Docker Hub) to the manualreleaseprocess, if the user answersyesto thedockerhubquestion.Pull Request Checklist
Thank you for submitting a contribution!
Please address the following items: