Lucien Cartier-Tilet
67142aceaa
Some checks failed
Publish Docker Images / build-and-publish (push) Has been cancelled
GitHub Actions Workflows
Docker Image Publishing
The publish-docker.yml workflow automatically builds and publishes Docker images for the backend service using Nix.
Triggers and Tagging Strategy
| Event | Condition | Published Tags | Example |
|---|---|---|---|
| Tag push | Tag pushed to main branch |
latest + version tag |
latest, 1.0.0 |
| Branch push | Push to develop branch |
develop |
develop |
| Pull request | PR opened or updated | pr<number> |
pr12 |
| Branch push | Push to main (no tag) |
latest |
latest |
Required GitHub Secrets
Configure these secrets in your repository settings (Settings → Secrets and variables → Actions):
| Secret Name | Description | Example Value |
|---|---|---|
DOCKER_USERNAME |
Username for Docker registry authentication | phundrak (Docker Hub) or phundrak (ghcr.io) |
DOCKER_PASSWORD |
Password or token for Docker registry | Personal Access Token (PAT) or password |
CACHIX_AUTH_TOKEN |
(Optional) Token for Cachix caching | Your Cachix auth token |
For GitHub Container Registry (ghcr.io)
-
Create a Personal Access Token (PAT):
- Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
- Click "Generate new token (classic)"
- Select scopes:
write:packages,read:packages,delete:packages - Copy the generated token
-
Add secrets:
DOCKER_USERNAME: Your GitHub usernameDOCKER_PASSWORD: The PAT you just created
For Docker Hub
-
Create an access token:
- Go to Docker Hub → Account Settings → Security → Access Tokens
- Click "New Access Token"
- Set permissions to "Read, Write, Delete"
- Copy the generated token
-
Add secrets:
DOCKER_USERNAME: Your Docker Hub usernameDOCKER_PASSWORD: The access token you just created
For Custom Registry (e.g., labs.phundrak.com)
-
Obtain credentials from your registry administrator
-
Add secrets:
DOCKER_USERNAME: Your registry usernameDOCKER_PASSWORD: Your registry password or token
Configuring the Docker Registry
The target registry is set via the DOCKER_REGISTRY environment variable in the workflow file. To change it:
- Edit
.github/workflows/publish-docker.yml - Modify the
envsection:
env:
DOCKER_REGISTRY: ghcr.io # Change to your registry (e.g., docker.io, labs.phundrak.com)
IMAGE_NAME: phundrak/phundrak-dot-com-backend
Or set it as a repository variable:
- Go to
Settings→Secrets and variables→Actions→Variablestab - Add
DOCKER_REGISTRYwith your desired registry URL
Image Naming
Images are published with the name: ${DOCKER_REGISTRY}/${IMAGE_NAME}:${TAG}
For example:
ghcr.io/phundrak/phundrak-dot-com-backend:latestghcr.io/phundrak/phundrak-dot-com-backend:1.0.0ghcr.io/phundrak/phundrak-dot-com-backend:developghcr.io/phundrak/phundrak-dot-com-backend:pr12
Local Testing
To test the Docker image build locally:
# Build the image with Nix
nix build .#backendDockerLatest
# Load it into Docker
docker load < result
# Run the container
docker run -p 3100:3100 localhost/phundrak/backend-rust:latest
Troubleshooting
Authentication Failures
If you see authentication errors:
- Verify your
DOCKER_USERNAMEandDOCKER_PASSWORDsecrets are correct - For ghcr.io, ensure your PAT has the correct permissions
- Check that the
DOCKER_REGISTRYmatches your credentials
Build Failures
If the Nix build fails:
- Test the build locally first:
nix build .#backendDockerLatest - Check the GitHub Actions logs for specific error messages
- Ensure all dependencies in
flake.nixare correctly specified
Image Not Appearing in Registry
- Verify the workflow completed successfully in the Actions tab
- Check that the registry URL is correct
- For ghcr.io, images appear at:
https://github.com/users/USERNAME/packages/container/IMAGE_NAME - Ensure your token has write permissions