Release Docker Image
Contract
Prereqs:
- •Run in repo root (git work tree) for default behavior.
- •
ghauthenticated (gh auth status) with access to this repository. - •GitHub workflow
.github/workflows/release-docker.ymlavailable. - •Repo secrets for Docker Hub publish:
- •
DOCKERHUB_USERNAME - •
DOCKERHUB_TOKEN
- •
- •GHCR publish uses GitHub Actions
GITHUB_TOKENwithpackages: write(already defined in workflow permissions). - •
VERSIONS.envmust containAGENT_KIT_REF.
Local fallback prereqs (only when forcing local publish):
- •
dockerwithbuildxenabled. - •Docker Hub + GHCR credentials via
AWL_DOCKER_RELEASE_*env vars.
Inputs:
- •CI entrypoint CLI:
- •
--version <vX.Y.Z>(recommended) - •
--input-ref <git-ref> - •
--workflow-ref <git-ref>(which ref to load workflow file from) - •
--repo <owner/name> - •
--publish-version-tag|--no-publish-version-tag - •
--no-wait
- •
- •Local fallback env/CLI: same contract as
release-docker-image.sh(AWL_DOCKER_RELEASE_*).
Outputs:
- •CI workflow dispatch + optional wait for completion (
release-docker.yml). - •Multi-arch image publish to Docker Hub + GHCR (linux/amd64, linux/arm64 by default).
- •Tags include
latest,sha-<short_sha>, and optionalvX.Y.Z.
Exit codes:
- •
0: success - •
1: failure - •
2: usage error
Failure modes:
- •Missing/invalid release tag/ref or publish policy mismatch.
- •Missing repo secrets (Docker Hub publish disabled/failed).
- •GHCR permission issues (
packages: writemissing or token scope mismatch). - •Workflow dispatch/watch failure.
- •Docker login/buildx/push failure (local fallback mode).
Scripts (only entrypoints)
- •CI-first entrypoint:
- •
<PROJECT_ROOT>/.agents/skills/release-docker-image/scripts/release-docker-image-ci.sh
- •
- •Local fallback entrypoint:
- •
<PROJECT_ROOT>/.agents/skills/release-docker-image/scripts/release-docker-image.sh
- •
Workflow
- •CI-first release (recommended):
- •
.agents/skills/release-docker-image/scripts/release-docker-image-ci.sh --version vX.Y.Z
- •
- •Non-blocking dispatch only (do not wait):
- •
.agents/skills/release-docker-image/scripts/release-docker-image-ci.sh --version vX.Y.Z --no-wait
- •
- •Local fallback publish (only when CI path is unavailable):
- •
.agents/skills/release-docker-image/scripts/release-docker-image.sh --version vX.Y.Z
- •
- •Verify pushed manifests:
- •
docker buildx imagetools inspect graysurf/agent-workspace-launcher:vX.Y.Z - •
docker buildx imagetools inspect ghcr.io/graysurf/agent-workspace-launcher:vX.Y.Z
- •