From dcfcc52855bf891fbe0fab186885e1e293a72d9b Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 2 Nov 2025 22:47:49 -0500 Subject: [PATCH 1/6] Standardize Docker CI to use ghcr and include repo owner in tags --- .github/workflows/cd-workflow.yml | 12 +++++------- .github/workflows/ci-container.yml | 10 +++------- .github/workflows/docker-build-push.yml | 22 ++++++++-------------- 3 files changed, 16 insertions(+), 28 deletions(-) diff --git a/.github/workflows/cd-workflow.yml b/.github/workflows/cd-workflow.yml index 24b377950..b5ba9e9ee 100644 --- a/.github/workflows/cd-workflow.yml +++ b/.github/workflows/cd-workflow.yml @@ -1,4 +1,4 @@ -name: Continuous Deployment to Staging +name: Continuous Deployment of Master on: push: @@ -9,9 +9,7 @@ jobs: uses: ./.github/workflows/docker-build-push.yml with: push: true - tags: dticarriage/carriage-service:latest - registry: docker.io - secrets: - inherit: true - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + tags: | + ghcr.io/${{ github.repository_owner }}/${{ github.repository }}:latest + ghcr.io/${{ github.repository_owner }}/${{ github.repository }}:${{ github.sha }} + secrets: inherit diff --git a/.github/workflows/ci-container.yml b/.github/workflows/ci-container.yml index 1aca2ed7d..2460b2d20 100644 --- a/.github/workflows/ci-container.yml +++ b/.github/workflows/ci-container.yml @@ -12,14 +12,10 @@ jobs: with: push: ${{ github.event.pull_request.head.repo.full_name == github.repository }} tags: | - ghcr.io/${{ github.repository }}/pr-${{ github.event.pull_request.number }}:latest - ghcr.io/${{ github.repository }}/pr-${{ github.event.pull_request.number }}:${{ github.sha }} + ghcr.io/${{ github.repository_owner }}/${{ github.repository }}/pr-${{ github.event.pull_request.number }}:latest + ghcr.io/${{ github.repository_owner }}/${{ github.repository }}/pr-${{ github.event.pull_request.number }}:${{ github.sha }} labels: | org.opencontainers.image.source=${{ github.event.pull_request.html_url }} org.opencontainers.image.title=PR-${{ github.event.pull_request.number }} org.opencontainers.image.description=${{ github.event.pull_request.title }} - registry: ghcr.io - secrets: - inherit: true - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + secrets: inherit diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml index c8048288d..9ef8e6f0f 100644 --- a/.github/workflows/docker-build-push.yml +++ b/.github/workflows/docker-build-push.yml @@ -1,4 +1,5 @@ name: Docker Build and Push +# must be run with `secrets: inherit` to ensure secrets are given on: workflow_call: @@ -16,17 +17,10 @@ on: required: false default: '' type: string - registry: - description: 'Registry URL (optional)' - required: false - type: string - secrets: - username: - description: 'Registry password (optional)' - required: false - password: - description: 'Registry password (optional)' - required: false + +permissions: + contents: write + packages: write jobs: build: @@ -42,9 +36,9 @@ jobs: - name: Log in to registry uses: docker/login-action@v3 with: - registry: ${{ inputs.registry }} - username: ${{ inputs.username }} - password: ${{ inputs.password }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Docker image uses: docker/build-push-action@v6 From 03fb7f747f66089532d39618a089f68e76f28220 Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 2 Nov 2025 22:53:14 -0500 Subject: [PATCH 2/6] Remove unnecessary `permissions` allocation in `ci-container` --- .github/workflows/ci-container.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/ci-container.yml b/.github/workflows/ci-container.yml index 2460b2d20..1c487575a 100644 --- a/.github/workflows/ci-container.yml +++ b/.github/workflows/ci-container.yml @@ -4,10 +4,6 @@ on: pull_request jobs: build: - permissions: - contents: read - packages: write - uses: ./.github/workflows/docker-build-push.yml with: push: ${{ github.event.pull_request.head.repo.full_name == github.repository }} From 6e6adf1e27b04540f933a7644d8da8820471ddb1 Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 3 Nov 2025 00:14:22 -0500 Subject: [PATCH 3/6] Add bek76/docker-ci to `cd-workflow.yml` to test workflow changes --- .github/workflows/cd-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-workflow.yml b/.github/workflows/cd-workflow.yml index b5ba9e9ee..33175c79f 100644 --- a/.github/workflows/cd-workflow.yml +++ b/.github/workflows/cd-workflow.yml @@ -2,7 +2,7 @@ name: Continuous Deployment of Master on: push: - branches: [master] + branches: [master, bek76/docker-ci] jobs: deploy: From c68360b2b52239a21452eda55e9dd788a7233af4 Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 3 Nov 2025 00:17:32 -0500 Subject: [PATCH 4/6] Revert 6e6adf1e so CI/CD only runs on `master` branch --- .github/workflows/cd-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-workflow.yml b/.github/workflows/cd-workflow.yml index 33175c79f..b5ba9e9ee 100644 --- a/.github/workflows/cd-workflow.yml +++ b/.github/workflows/cd-workflow.yml @@ -2,7 +2,7 @@ name: Continuous Deployment of Master on: push: - branches: [master, bek76/docker-ci] + branches: [master] jobs: deploy: From 7f9254678f0e0f441b94720345329183f1fa7ee0 Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 3 Nov 2025 00:29:42 -0500 Subject: [PATCH 5/6] Don't create separeate GitHub "packages" for every PR, instead distinguish in the tag --- .github/workflows/ci-container.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-container.yml b/.github/workflows/ci-container.yml index 1c487575a..3bd868a22 100644 --- a/.github/workflows/ci-container.yml +++ b/.github/workflows/ci-container.yml @@ -8,8 +8,8 @@ jobs: with: push: ${{ github.event.pull_request.head.repo.full_name == github.repository }} tags: | - ghcr.io/${{ github.repository_owner }}/${{ github.repository }}/pr-${{ github.event.pull_request.number }}:latest - ghcr.io/${{ github.repository_owner }}/${{ github.repository }}/pr-${{ github.event.pull_request.number }}:${{ github.sha }} + ghcr.io/${{ github.repository_owner }}/${{ github.repository }}:pr-${{ github.event.pull_request.number }}-latest + ghcr.io/${{ github.repository_owner }}/${{ github.repository }}:pr-${{ github.event.pull_request.number }}-${{ github.sha }} labels: | org.opencontainers.image.source=${{ github.event.pull_request.html_url }} org.opencontainers.image.title=PR-${{ github.event.pull_request.number }} From 03895ffb2951a6a6d780e332148a5db5b5943a14 Mon Sep 17 00:00:00 2001 From: Ben Date: Mon, 3 Nov 2025 00:49:27 -0500 Subject: [PATCH 6/6] Update image name in docker compose to utilize new ghcr name --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 8500eff4c..ce1f30942 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,5 +28,5 @@ services: - REACT_APP_ENCRYPTION_KEY=${REACT_APP_ENCRYPTION_KEY} ports: - '3001:3001' - image: dticarriage/carriage-service:latest + image: ghcr.io/cornell-dti/carriage-web:${IMAGE_TAG:-latest} restart: always