👷 Docker push to GHCR

Also publish to the GitHub Container Registry as a fallback method, refs TODO-1887

Author: AndreMiras

.github/workflows/docker.yml

@@ -6,39 +6,59 @@ on:
   workflow_dispatch:
 
 env:
-  IMAGE_NAME: kivy/buildozer
-  SHOULD_PUBLISH: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) }}
+  DOCKERHUB_IMAGE: kivy/buildozer
+  GHCR_IMAGE: ghcr.io/${{ github.repository }}
+  # TODO
+  # SHOULD_PUBLISH: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) }}
+  SHOULD_PUBLISH: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/feature/github_container_registry' || startsWith(github.ref, 'refs/tags/')) }}
 
 jobs:
   build:
     runs-on: ubuntu-24.04
     timeout-minutes: 60
+    permissions:
+      contents: read
+      packages: write
     steps:
       - uses: actions/checkout@v4
       - uses: docker/setup-buildx-action@v3
+
+      # Login to DockerHub
       - uses: docker/login-action@v3
         if: ${{ env.SHOULD_PUBLISH == 'true' }}
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # Login to GHCR
+      - uses: docker/login-action@v3
+        if: ${{ env.SHOULD_PUBLISH == 'true' }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build and Push Multi-platform Image
         uses: docker/build-push-action@v6
         with:
           push: ${{ env.SHOULD_PUBLISH == 'true' }}
-          tags: ${{ env.IMAGE_NAME }}:latest
+          tags: |
+            ${{ env.DOCKERHUB_IMAGE }}:latest
+            ${{ env.GHCR_IMAGE }}:latest
           platforms: linux/amd64,linux/arm64
-          cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:latest
-          cache-to: ${{ env.SHOULD_PUBLISH == 'true' && format('type=registry,ref={0}:latest,mode=max', env.IMAGE_NAME) || '' }}
+          cache-from: type=registry,ref=${{ env.DOCKERHUB_IMAGE }}:latest
+          cache-to: ${{ env.SHOULD_PUBLISH == 'true' && format('type=registry,ref={0}:latest,mode=max', env.DOCKERHUB_IMAGE) || '' }}
+
       - name: Local Build for Testing
         uses: docker/build-push-action@v6
         with:
           # Load image into local Docker daemon
           load: true
-          cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:latest
-          tags: ${{ env.IMAGE_NAME }}:latest
+          cache-from: type=registry,ref=${{ env.DOCKERHUB_IMAGE }}:latest
+          tags: ${{ env.DOCKERHUB_IMAGE }}:latest
       # Run the locally built image to test it
       - name: Docker run
-        run: docker run ${{ env.IMAGE_NAME }} --version
+        run: docker run ${{ env.DOCKERHUB_IMAGE }} --version
 
   update-readme:
     runs-on: ubuntu-24.04
@@ -50,5 +70,5 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-          repository: ${{ env.IMAGE_NAME }}
+          repository: ${{ env.DOCKERHUB_IMAGE }}
           readme-filepath: README.md