Skip to content

ci: mirror PHP images to ghcr.io alongside Docker Hub#107

Merged
andypost merged 1 commit into
masterfrom
ghcr-dual-push
Jun 24, 2026
Merged

ci: mirror PHP images to ghcr.io alongside Docker Hub#107
andypost merged 1 commit into
masterfrom
ghcr-dual-push

Conversation

@andypost

Copy link
Copy Markdown
Contributor

What

Push every built image (base, fpm, unit, unit-dev) to both registries in a single docker/build-push-action step:

  • Docker Hub — skilldlabs/php (unchanged)
  • GitHub Container Registry — ghcr.io/skilld-labs/php (new)

Both registries receive the same multi-arch digest — no rebuild, no re-pull.

Changes

  • build-php.yml (reusable, all 4 jobs): add GHCR_REGISTRY env, a second docker/login-action to ghcr.io (github.actor / GITHUB_TOKEN), workflow-level permissions: packages: write, and ghcr tags appended to every push (incl. optional :version).
  • build-83/84/85.yml (callers): add permissions: { contents: read, packages: write } — for workflow_call the caller governs the GITHUB_TOKEN scope handed to the reusable workflow.
  • CLAUDE.md: document the dual registry, the skilld-labs vs skilldlabs namespace difference, and the auth/permission model.

No extra secret needed: GITHUB_TOKEN can push because the package lives under the same org as the repo. FrankenPHP workflows are untouched (Docker Hub only).

Verification (PHP 8.3, run 28123024232)

  • All 4 jobs green; both login steps + dual push succeeded in each.
  • ghcr amd64 digest sha256:658c61e8… == Docker Hub amd64 digest (identical image).
  • Repo test suite passed 8/8 against the image pulled from ghcr.
  • Package set to Public; anonymous docker pull ghcr.io/skilld-labs/php:83 confirmed working.

Notes

  • New ghcr packages are private by default; the php package has already been set Public + org policy allows public packages.
  • 8.4 / 8.5 and future releases will dual-push automatically once this merges.

🤖 Generated with Claude Code

Push every built image (base, fpm, unit, unit-dev) to both
skilldlabs/php (Docker Hub) and ghcr.io/skilld-labs/php in a single
build-push-action step, so both registries get the same multi-arch
digest with no rebuild or re-pull.

- Add GHCR_REGISTRY env and ghcr.io login (github.actor/GITHUB_TOKEN)
  to all jobs in the reusable build-php.yml
- Append ghcr tags to base/fpm/unit/unit-dev pushes (incl. :version)
- Grant packages: write in build-php.yml and in the 8.3/8.4/8.5
  callers (caller governs GITHUB_TOKEN scope for workflow_call)
- Document the dual registry in CLAUDE.md

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@andypost andypost merged commit fbe5c51 into master Jun 24, 2026
4 checks passed
@andypost andypost deleted the ghcr-dual-push branch June 24, 2026 20:15

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the CLAUDE.md documentation to reflect that PHP Docker images are now published to both Docker Hub and GitHub Container Registry (GHCR) from a single build. It adds a new 'Container Registries' section detailing the registry configurations, authentication, permissions, and tagging strategies. There are no review comments, so I have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant