CI/CD
GitHub Actions — docker-publish.yml
Located at .github/workflows/docker-publish.yml.
Triggers
- •Schedule: daily at 12:28 UTC
- •Push: to
mainbranch or semver tags (v*.*.*) - •Pull request: against
main
Pipeline steps
- •Checkout repo
- •Install cosign (skipped on PRs)
- •Set up Docker Buildx
- •Log into GHCR (
ghcr.io) usingGITHUB_TOKEN - •Extract Docker metadata (tags, labels)
- •Build and push image (push skipped on PRs, uses GHA cache)
- •Sign image with cosign (skipped on PRs, uses Sigstore/Fulcio)
Registry
- •GHCR:
ghcr.io/sudocarlos/haven-docker(automated via Actions) - •DockerHub:
sudocarlos/haven(manual viamake release)
Manual DockerHub Release — Makefile
bash
make release
This runs the push and tag targets:
- •Extracts version from the
TAG=line inDockerfile - •Builds with
docker buildx(no cache), pusheslatest+ version tags - •Commits all changes, creates an annotated git tag
dockerhub-<version> - •Pushes commits and tags
Individual steps can be run separately with make push or make tag.
Prerequisites
- •Logged into DockerHub (
docker login) - •Docker Buildx configured
Version Management
The Haven version is pinned in Dockerfile:
dockerfile
ARG TAG=v1.2.0-rc2 ARG COMMIT=986c21b79c93779a449a52f6414ea267c83428bb
The Makefile extracts the version with:
makefile
VERSION := $(shell awk -F '=' '/TAG=/{print $$NF}' Dockerfile)
To bump: update TAG and COMMIT in Dockerfile, then run make release.