ci(release): publish multi-arch Docker image to ghcr.io on tag#3
Conversation
Unblocks bundling hugin-agent as a sidecar in other Docker-native
products (forty-two-watts being the immediate consumer).
What lands:
Dockerfile (repo root)
Multi-stage build (golang:1.25-alpine → alpine:3.21). Runs as
non-root `hugin` user. Container-friendly defaults:
HUGIN_AGENT_HOST=0.0.0.0 (reachable from outside the container)
HUGIN_AGENT_PORT=19090
HUGIN_AGENT_CREDS=/var/lib/hugin-agent/creds.json
CMD --no-browser because there's no browser to open inside the
container. The pairing URL is printed to stderr; the parent
product's UI or `docker logs` surfaces it. /var/lib/hugin-agent
is a named volume so creds.json survives container restarts.
.goreleaser.yml
dockers: + docker_manifests: blocks for linux/amd64 + linux/arm64.
arm64 explicitly for Raspberry Pi installs (a big 42W use case).
Three tag aliases per release: vX.Y.Z, vX.Y, latest.
.github/workflows/release.yml
Adds packages: write permission and three pre-goreleaser steps:
QEMU setup, buildx setup, GHCR login (using GITHUB_TOKEN — no
extra secret needed for same-org GHCR publish).
README.md
New Docker section between Scoop and "From source", with a
docker-compose snippet showing the sidecar pattern.
The brew tap + scoop bucket auto-publish PR (#2) is independent;
both can land in either order. Same release tag drives all three
publishers (tarballs, image, brew/scoop) when both PRs are merged.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d64c7e63e1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| COPY go.mod go.sum ./ | ||
| RUN go mod download | ||
|
|
||
| COPY . . | ||
| RUN CGO_ENABLED=0 go build \ |
There was a problem hiding this comment.
This Dockerfile assumes the repository source is present (COPY go.mod go.sum ./ and COPY . .), but GoReleaser’s Docker pipeline builds from a temporary artifact context rather than the repo root, so release-tag runs will fail with COPY failed: file not found in build context before any image can be pushed. In other words, this change breaks the new GHCR publish path in .github/workflows/release.yml; the Dockerfile used by GoReleaser needs to copy prebuilt artifacts from the context instead of running go build from source.
Useful? React with 👍 / 👎.
1 participant
Summary
Publishes
ghcr.io/srcfl/hugin-agent:vX.Y.Z(linux/amd64 + linux/arm64 manifest) alongside the existing tarballs on every release tag. Unblocks the 42W docker-compose sidecar story.Changes
Dockerfile— multi-stage build, non-roothuginuser, named volume for creds persistence,--no-browserCMD default.goreleaser.yml—dockers:block per-arch +docker_manifests:to combine into a single multi-arch tag.github/workflows/release.yml—packages: writepermission + QEMU + buildx + GHCR login steps (usingGITHUB_TOKEN; no extra secret needed)README.md— new Docker section with a compose snippet showing the sidecar patternTest plan
v0.2.1or similar) and verify the image lands atghcr.io/srcfl/hugin-agentdocker pull ghcr.io/srcfl/hugin-agent:latestworks on x86 + arm64 hostsdocker run --rm -p 19191:19090 ghcr.io/srcfl/hugin-agent:latest --token=smokelistens + responds tocurl localhost:19191/v1/healthCompatibility with PR #2 (brew tap + scoop bucket auto-publish)
Independent. Both PRs touch
.github/workflows/release.ymlbut on different lines (this adds new steps + a new permission; #2 adds an env entry). Merge order doesn't matter; the second merger does a 1-line conflict resolution at most.Out of scope
🤖 Generated with Claude Code