phundrak/phundrak.com

Fork 0

Lucien Cartier-Tilet 67142aceaa

Publish Docker Images / build-and-publish (push) Has been cancelled

Details

feat: add CI for backend

2025-11-05 02:16:42 +01:00

4.4 KiB

Raw Blame History

GitHub Actions Workflows

Docker Image Publishing

The publish-docker.yml workflow automatically builds and publishes Docker images for the backend service using Nix.

Triggers and Tagging Strategy

Event	Condition	Published Tags	Example
Tag push	Tag pushed to `main` branch	`latest` + version tag	`latest`, `1.0.0`
Branch push	Push to `develop` branch	`develop`	`develop`
Pull request	PR opened or updated	`pr<number>`	`pr12`
Branch push	Push to `main` (no tag)	`latest`	`latest`

Required GitHub Secrets

Configure these secrets in your repository settings (Settings → Secrets and variables → Actions):

Secret Name	Description	Example Value
`DOCKER_USERNAME`	Username for Docker registry authentication	`phundrak` (Docker Hub) or `phundrak` (ghcr.io)
`DOCKER_PASSWORD`	Password or token for Docker registry	Personal Access Token (PAT) or password
`CACHIX_AUTH_TOKEN`	(Optional) Token for Cachix caching	Your Cachix auth token

For GitHub Container Registry (ghcr.io)

Create a Personal Access Token (PAT):
- Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
- Click "Generate new token (classic)"
- Select scopes: write:packages, read:packages, delete:packages
- Copy the generated token
Add secrets:
- DOCKER_USERNAME: Your GitHub username
- DOCKER_PASSWORD: The PAT you just created

For Docker Hub

Create an access token:
- Go to Docker Hub → Account Settings → Security → Access Tokens
- Click "New Access Token"
- Set permissions to "Read, Write, Delete"
- Copy the generated token
Add secrets:
- DOCKER_USERNAME: Your Docker Hub username
- DOCKER_PASSWORD: The access token you just created

For Custom Registry (e.g., labs.phundrak.com)

Obtain credentials from your registry administrator
Add secrets:
- DOCKER_USERNAME: Your registry username
- DOCKER_PASSWORD: Your registry password or token

Configuring the Docker Registry

The target registry is set via the DOCKER_REGISTRY environment variable in the workflow file. To change it:

Edit .github/workflows/publish-docker.yml
Modify the env section:

env:
  DOCKER_REGISTRY: ghcr.io  # Change to your registry (e.g., docker.io, labs.phundrak.com)
  IMAGE_NAME: phundrak/phundrak-dot-com-backend

Or set it as a repository variable:

Go to Settings → Secrets and variables → Actions → Variables tab
Add DOCKER_REGISTRY with your desired registry URL

Image Naming

Images are published with the name: ${DOCKER_REGISTRY}/${IMAGE_NAME}:${TAG}

For example:

ghcr.io/phundrak/phundrak-dot-com-backend:latest
ghcr.io/phundrak/phundrak-dot-com-backend:1.0.0
ghcr.io/phundrak/phundrak-dot-com-backend:develop
ghcr.io/phundrak/phundrak-dot-com-backend:pr12

Local Testing

To test the Docker image build locally:

# Build the image with Nix
nix build .#backendDockerLatest

# Load it into Docker
docker load < result

# Run the container
docker run -p 3100:3100 localhost/phundrak/backend-rust:latest

Troubleshooting

Authentication Failures

If you see authentication errors:

Verify your DOCKER_USERNAME and DOCKER_PASSWORD secrets are correct
For ghcr.io, ensure your PAT has the correct permissions
Check that the DOCKER_REGISTRY matches your credentials

Build Failures

If the Nix build fails:

Test the build locally first: nix build .#backendDockerLatest
Check the GitHub Actions logs for specific error messages
Ensure all dependencies in flake.nix are correctly specified

Image Not Appearing in Registry

Verify the workflow completed successfully in the Actions tab
Check that the registry URL is correct
For ghcr.io, images appear at: https://github.com/users/USERNAME/packages/container/IMAGE_NAME
Ensure your token has write permissions

4.4 KiB Raw Blame History