refactor(workflows): streamline Docker Hub and GCP Artifact Registry integration (#2326)

dkosowski87 · PawelPeczek-Roboflow · web-flow · commit 566d53bd88be · 2026-05-14T11:59:33.000+02:00
- Consolidate Docker Hub and Google Artifact Registry login steps in both CPU and GPU workflows.
- Replace separate build variable setup with a combined tag processing step for streamlined image tagging.
- Ensure both Docker Hub and GCP images are built and pushed in a single step, enhancing efficiency.

This update improves the clarity and maintainability of the CI/CD workflows.

Co-authored-by: Paweł Pęczek &lt;146137186+PawelPeczek-Roboflow@users.noreply.github.com&gt;
diff --git a/.github/workflows/docker.cpu.yml b/.github/workflows/docker.cpu.yml
@@ -31,11 +31,6 @@ jobs:
       id-token: write
       contents: read
     steps:
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Checkout
         uses: actions/checkout@v4
       - name: Read version from file
@@ -51,49 +46,47 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Set up Depot CLI
         uses: depot/setup-action@v1
-      - name: Build and Push
-        uses: depot/build-push-action@v1
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
         with:
-          push: ${{ github.event_name == 'release' || (github.event.inputs.force_push == 'true') }}
-          project: grl7ffzxd7
-          tags: ${{ steps.tags.outputs.image_tags }}
-          platforms: linux/amd64,linux/arm64
-          file: ${{ env.DOCKERFILE }}
-
-
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Authenticate gcloud
-        uses: 'google-github-actions/auth@v2'
+        uses: google-github-actions/auth@v2
         id: auth
         with:
-          workload_identity_provider: 'projects/878913763597/locations/global/workloadIdentityPools/github-actions/providers/github'
-          service_account: 'gha-inference@roboflow-staging.iam.gserviceaccount.com'
-          token_format: 'access_token'
+          workload_identity_provider: "projects/878913763597/locations/global/workloadIdentityPools/github-actions/providers/github"
+          service_account: "gha-inference@roboflow-staging.iam.gserviceaccount.com"
+          token_format: access_token
       - name: Login to Google Artifact Registry
         uses: docker/login-action@v3
         with:
           registry: us-docker.pkg.dev
           username: oauth2accesstoken
           password: ${{ steps.auth.outputs.access_token }}
-      - name: Set up build variables
-        id: set_up_build_variables
+      - name: Combine Docker Hub and Artifact Registry tags
+        id: all_tags
         run: |
-            TAGS=""
-            IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.image_tags }}"
-            for tag in "${TAG_ARRAY[@]}"; do
-              if [ -n "$TAGS" ]; then
-                TAGS="${TAGS}","us-docker.pkg.dev/roboflow-artifacts/${tag}"
-              else
-                TAGS="us-docker.pkg.dev/roboflow-artifacts/${tag}"
-              fi
-            done
-            echo "PROCESSED_TAGS=${TAGS}" >> "$GITHUB_OUTPUT"
-            echo "GCP artifacts to be pushed:"
-            echo "$TAGS"
-      - name: Build and push CPU image to GCP Artifact Registry
+          DH_TAGS="${{ steps.tags.outputs.image_tags }}"
+          GCP_PREFIX="us-docker.pkg.dev/roboflow-artifacts/"
+          GCP_TAGS=""
+          IFS=',' read -ra TAG_ARRAY <<< "$DH_TAGS"
+          for tag in "${TAG_ARRAY[@]}"; do
+            [ -z "$tag" ] && continue
+            if [ -n "$GCP_TAGS" ]; then
+              GCP_TAGS="${GCP_TAGS},${GCP_PREFIX}${tag}"
+            else
+              GCP_TAGS="${GCP_PREFIX}${tag}"
+            fi
+          done
+          echo "all_tags=${DH_TAGS},${GCP_TAGS}" >> "$GITHUB_OUTPUT"
+          echo "Single build will push to Docker Hub and Artifact Registry:"
+          echo "${DH_TAGS},${GCP_TAGS}"
+      - name: Build and push (Docker Hub and GCP from one build)
         uses: depot/build-push-action@v1
         with:
           push: ${{ github.event_name == 'release' || (github.event.inputs.force_push == 'true') }}
           project: grl7ffzxd7
-          tags: ${{ steps.set_up_build_variables.outputs.PROCESSED_TAGS }}
-          platforms: linux/amd64
+          tags: ${{ steps.all_tags.outputs.all_tags }}
+          platforms: linux/amd64,linux/arm64
           file: ${{ env.DOCKERFILE }}
diff --git a/.github/workflows/docker.gpu.yml b/.github/workflows/docker.gpu.yml
@@ -31,11 +31,6 @@ jobs:
       id-token: write
       contents: read
     steps:
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Checkout
         uses: actions/checkout@v4
       - name: Read version from file
@@ -51,47 +46,47 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Set up Depot CLI
         uses: depot/setup-action@v1
-      - name: Build and Push
-        uses: depot/build-push-action@v1
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
         with:
-          push: ${{ github.event_name == 'release' || (github.event.inputs.force_push == 'true') }}
-          project: grl7ffzxd7
-          tags: ${{ steps.tags.outputs.image_tags }}
-          platforms: linux/amd64
-          file: ${{ env.DOCKERFILE }}
-      - name: 'Authenticate gcloud'
-        uses: 'google-github-actions/auth@v2'
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Authenticate gcloud
+        uses: google-github-actions/auth@v2
         id: auth
         with:
-          workload_identity_provider: 'projects/878913763597/locations/global/workloadIdentityPools/github-actions/providers/github'
-          service_account: 'gha-inference@roboflow-staging.iam.gserviceaccount.com'
-          token_format: 'access_token'
+          workload_identity_provider: "projects/878913763597/locations/global/workloadIdentityPools/github-actions/providers/github"
+          service_account: "gha-inference@roboflow-staging.iam.gserviceaccount.com"
+          token_format: access_token
       - name: Login to Google Artifact Registry
         uses: docker/login-action@v3
         with:
           registry: us-docker.pkg.dev
           username: oauth2accesstoken
           password: ${{ steps.auth.outputs.access_token }}
-      - name: Set up build variables
-        id: set_up_build_variables
+      - name: Combine Docker Hub and Artifact Registry tags
+        id: all_tags
         run: |
-          TAGS=""
-          IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.image_tags }}"
+          DH_TAGS="${{ steps.tags.outputs.image_tags }}"
+          GCP_PREFIX="us-docker.pkg.dev/roboflow-artifacts/"
+          GCP_TAGS=""
+          IFS=',' read -ra TAG_ARRAY <<< "$DH_TAGS"
           for tag in "${TAG_ARRAY[@]}"; do
-            if [ -n "$TAGS" ]; then
-              TAGS="${TAGS}","us-docker.pkg.dev/roboflow-artifacts/${tag}"
+            [ -z "$tag" ] && continue
+            if [ -n "$GCP_TAGS" ]; then
+              GCP_TAGS="${GCP_TAGS},${GCP_PREFIX}${tag}"
             else
-              TAGS="us-docker.pkg.dev/roboflow-artifacts/${tag}"
+              GCP_TAGS="${GCP_PREFIX}${tag}"
             fi
           done
-          echo "PROCESSED_TAGS=${TAGS}" >> "$GITHUB_OUTPUT"
-          echo "GCP artifacts to be pushed:"
-          echo "$TAGS"
-      - name: Build and push GPU image to GCP Artifact Registry
+          echo "all_tags=${DH_TAGS},${GCP_TAGS}" >> "$GITHUB_OUTPUT"
+          echo "Single build will push to Docker Hub and Artifact Registry:"
+          echo "${DH_TAGS},${GCP_TAGS}"
+      - name: Build and push (Docker Hub and GCP from one build)
         uses: depot/build-push-action@v1
         with:
           push: ${{ github.event_name == 'release' || (github.event.inputs.force_push == 'true') }}
           project: grl7ffzxd7
-          tags: ${{ steps.set_up_build_variables.outputs.PROCESSED_TAGS }}
+          tags: ${{ steps.all_tags.outputs.all_tags }}
           platforms: linux/amd64
           file: ${{ env.DOCKERFILE }}
