Skip to content

ci(docker): auto-detect Docker Hub credentials for dual-registry publish#220

Open
parth0025 wants to merge 1 commit into
stagingfrom
ci/docker-hub-publishing
Open

ci(docker): auto-detect Docker Hub credentials for dual-registry publish#220
parth0025 wants to merge 1 commit into
stagingfrom
ci/docker-hub-publishing

Conversation

@parth0025

Copy link
Copy Markdown
Collaborator

Summary

Adds optional Docker Hub publishing alongside the existing GHCR publishing. The workflow auto-detects whether Docker Hub credentials are configured and adapts at runtime β€” so this PR can merge now, before the official Docker Hub account exists, and start working the moment the secrets are added later.

Why merge before the account is ready

The team will set up an official Docker Hub account later. Rather than leave commented-out code that needs editing in three places when that happens, this workflow:

  • βœ… Runs exactly as today (GHCR only) while no Docker Hub secrets exist β€” zero behavior change on merge
  • βœ… Auto-detects DOCKERHUB_USERNAME on each run and, when present, publishes to Docker Hub too
  • βœ… Needs no code change when the account is ready β€” just add the secrets

How it behaves

State GHCR Docker Hub
Today (no secrets) βœ… Publishes ⏭️ Skipped cleanly
After secrets added βœ… Publishes βœ… Publishes (same tag set)

Namespace is account-name-agnostic

The image namespace defaults to alianhub (docker.io/alianhub/alianhub) but is overridable without editing the workflow, via the repo variable DOCKERHUB_NAMESPACE:

Official account scenario Secrets / variables to set
Standalone account named alianhub DOCKERHUB_USERNAME=alianhub + token. Namespace defaults to alianhub βœ“
Account named something else (e.g. aliansoftware) DOCKERHUB_USERNAME=aliansoftware + token + set variable DOCKERHUB_NAMESPACE=aliansoftware
Personal login pushing into a brand org DOCKERHUB_USERNAME=<personal-login> + token + DOCKERHUB_NAMESPACE=alianhub

This covers every account shape without a future code edit.

Files changed (1)

File Change
.github/workflows/docker.yml New "Detect Docker Hub credentials" step (emits enabled + namespace outputs); conditional Docker Hub login step; format() expression in metadata images: list; updated header docs

Diff: +54 / -16.

What you (the team) do when the official account is ready

  1. Create the official Docker Hub account/org
  2. Generate a Docker Hub access token (Read + Write)
  3. Add repo secrets:
    gh secret set DOCKERHUB_USERNAME --body "<account>" --repo aliansoftwareteam/AlianHub-Project-Management-System
    gh secret set DOCKERHUB_TOKEN --body "dckr_pat_..." --repo aliansoftwareteam/AlianHub-Project-Management-System
  4. (Only if namespace β‰  alianhub) add the variable:
    gh variable set DOCKERHUB_NAMESPACE --body "<namespace>" --repo aliansoftwareteam/AlianHub-Project-Management-System
  5. Trigger workflow_dispatch on the Docker workflow (or wait for the next release) β†’ image publishes to Docker Hub

Test plan

  • After merge, with NO Docker Hub secrets set: push to main / cut a release β†’ workflow publishes to GHCR only, "Detect Docker Hub credentials" step logs "publishing to GHCR only", no failure
  • After adding secrets: trigger workflow_dispatch β†’ workflow logs "will publish to docker.io//alianhub", both registries get the image
  • Verify GHCR publishing is unaffected (still publishes latest, version tags, edge, main-<sha> as before)

Compatibility

βœ… GHCR publishing path is unchanged β€” still the always-on default
βœ… No new required secrets β€” Docker Hub is purely additive and optional
βœ… No conflict with other files β€” touches only .github/workflows/docker.yml

πŸ€– Generated with Claude Code

Adds optional Docker Hub publishing alongside GHCR. The workflow
detects DOCKERHUB_USERNAME at runtime and conditionally logs in to
docker.io and adds the docker.io image to the metadata image list.

Designed to merge BEFORE the official Docker Hub account exists:
  - If the secrets are absent, the workflow runs exactly as today
    (GHCR only) β€” the Docker Hub login + image line are skipped.
  - Once DOCKERHUB_USERNAME and DOCKERHUB_TOKEN secrets are added,
    the next run auto-detects them and publishes to both registries.

Namespace is account-name-agnostic:
  - Defaults to `alianhub` β†’ docker.io/alianhub/alianhub
  - Override with the repo VARIABLE DOCKERHUB_NAMESPACE if the
    official account/org lands on a different name, or when a
    personal login pushes into a brand org (e.g. login=rasheshmak,
    namespace=alianhub). No code change needed for either case.

Implementation:
  - "Detect Docker Hub credentials" step emits enabled + namespace
    outputs
  - Conditional `if:` on the Docker Hub login step
  - format() expression in the metadata images list, resolving to
    an empty line when disabled (silently dropped by the action)

GHCR publishing is unchanged and remains the always-on default.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

βš™οΈ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 51a4946b-8278-4a64-9c64-8ed35cb46f67

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • πŸ” Trigger review
✨ Finishing Touches
πŸ§ͺ Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/docker-hub-publishing

Comment @coderabbitai help to get the list of available commands and usage tips.

@parth0025 parth0025 self-assigned this Jun 10, 2026
@parth0025 parth0025 added enhancement New feature or request Hold labels Jun 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request Hold

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant