Skip to content

Commit c1ee7df

Browse files
claudeclaude
committed
refactor: Switch from GCR to GHCR for container registry
Switch Docker image publishing from Google Container Registry (GCR) to GitHub Container Registry (GHCR) for better integration with GitHub-native workflows. Changes: - Replace GCR workflow with GHCR workflow - Use GITHUB_TOKEN instead of GCP service account - Update all documentation references from GCR to GHCR - Simplify authentication (no external secrets needed) - Update README with GHCR pull commands - Create comprehensive GHCR_SETUP.md guide - Remove GCP_SETUP.md documentation - Update docker-compose.yml with GHCR image option Benefits of GHCR over GCR: ✅ No external setup required - works automatically ✅ Uses built-in GITHUB_TOKEN (no secrets to manage) ✅ Free for public images (unlimited storage/bandwidth) ✅ Native GitHub integration ✅ Automatic authentication in GitHub Actions ✅ Simpler configuration and troubleshooting GitHub Actions Workflow: - Publishes to ghcr.io/owner/repo/kb-processor-webapp - Authenticates with GITHUB_TOKEN automatically - Multi-architecture builds (amd64, arm64) - Same tagging strategy (latest, stable, SHA, timestamp, branch) - No repository secrets required Image URLs: - Latest: ghcr.io/owner/repo/kb-processor-webapp:latest - By SHA: ghcr.io/owner/repo/kb-processor-webapp:a1b2c3d - By branch: ghcr.io/owner/repo/kb-processor-webapp:branch-name Documentation: - GHCR_SETUP.md: Complete setup guide with authentication options - README.md: Updated with GHCR commands and references - docker-compose.yml: Shows both local build and GHCR image options The workflow triggers automatically on pushes to main or claude/** branches without any additional configuration.
1 parent 176be33 commit c1ee7df

File tree

5 files changed

+491
-356
lines changed

5 files changed

+491
-356
lines changed

.github/workflows/publish-webapp-gcr.yml renamed to .github/workflows/publish-webapp-ghcr.yml

Lines changed: 43 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: Build and Push Webapp to GCR
1+
name: Build and Push Webapp to GHCR
22

33
on:
44
push:
@@ -8,7 +8,7 @@ on:
88
paths:
99
- 'webapp/**'
1010
- 'knowledgebase_processor/**'
11-
- '.github/workflows/publish-webapp-gcr.yml'
11+
- '.github/workflows/publish-webapp-ghcr.yml'
1212
pull_request:
1313
branches:
1414
- main
@@ -23,17 +23,17 @@ on:
2323
default: 'latest'
2424

2525
env:
26-
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
27-
GCR_REGION: us-central1
28-
IMAGE_NAME: kb-processor-webapp
26+
REGISTRY: ghcr.io
27+
IMAGE_NAME: ${{ github.repository }}/kb-processor-webapp
2928

3029
jobs:
3130
build-and-push:
32-
name: Build and Push to GCR
31+
name: Build and Push to GHCR
3332
runs-on: ubuntu-latest
3433

3534
permissions:
3635
contents: read
36+
packages: write
3737
id-token: write
3838

3939
steps:
@@ -45,19 +45,12 @@ jobs:
4545
- name: Set up Docker Buildx
4646
uses: docker/setup-buildx-action@v3
4747

48-
- name: Authenticate to Google Cloud
49-
id: auth
50-
uses: google-github-actions/auth@v2
51-
with:
52-
credentials_json: ${{ secrets.GCP_SA_KEY }}
53-
token_format: 'access_token'
54-
55-
- name: Login to GCR
48+
- name: Log in to GitHub Container Registry
5649
uses: docker/login-action@v3
5750
with:
58-
registry: gcr.io
59-
username: _json_key
60-
password: ${{ secrets.GCP_SA_KEY }}
51+
registry: ghcr.io
52+
username: ${{ github.actor }}
53+
password: ${{ secrets.GITHUB_TOKEN }}
6154

6255
- name: Extract metadata
6356
id: meta
@@ -74,6 +67,10 @@ jobs:
7467
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
7568
echo "timestamp=${TIMESTAMP}" >> $GITHUB_OUTPUT
7669
70+
# Get repository name (lowercase)
71+
REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
72+
echo "repo_lower=${REPO_LOWER}" >> $GITHUB_OUTPUT
73+
7774
# Determine tags
7875
if [[ "${{ github.event_name }}" == "workflow_dispatch" && -n "${{ github.event.inputs.tag }}" ]]; then
7976
CUSTOM_TAG="${{ github.event.inputs.tag }}"
@@ -83,27 +80,27 @@ jobs:
8380
- name: Build Docker image tags
8481
id: docker_tags
8582
run: |
86-
GCR_IMAGE="gcr.io/${{ env.GCP_PROJECT_ID }}/${{ env.IMAGE_NAME }}"
83+
GHCR_IMAGE="ghcr.io/${{ steps.meta.outputs.repo_lower }}/kb-processor-webapp"
8784
88-
TAGS="${GCR_IMAGE}:${{ steps.meta.outputs.short_sha }}"
89-
TAGS="${TAGS},${GCR_IMAGE}:${{ steps.meta.outputs.timestamp }}"
85+
TAGS="${GHCR_IMAGE}:${{ steps.meta.outputs.short_sha }}"
86+
TAGS="${TAGS},${GHCR_IMAGE}:${{ steps.meta.outputs.timestamp }}"
9087
9188
# Add branch-specific tag
9289
if [[ "${{ steps.meta.outputs.branch }}" == "main" ]]; then
93-
TAGS="${TAGS},${GCR_IMAGE}:latest"
94-
TAGS="${TAGS},${GCR_IMAGE}:stable"
90+
TAGS="${TAGS},${GHCR_IMAGE}:latest"
91+
TAGS="${TAGS},${GHCR_IMAGE}:stable"
9592
else
9693
SAFE_BRANCH=$(echo "${{ steps.meta.outputs.branch }}" | sed 's/\//-/g')
97-
TAGS="${TAGS},${GCR_IMAGE}:${SAFE_BRANCH}"
94+
TAGS="${TAGS},${GHCR_IMAGE}:${SAFE_BRANCH}"
9895
fi
9996
10097
# Add custom tag if provided
10198
if [[ -n "${{ steps.meta.outputs.custom_tag }}" ]]; then
102-
TAGS="${TAGS},${GCR_IMAGE}:${{ steps.meta.outputs.custom_tag }}"
99+
TAGS="${TAGS},${GHCR_IMAGE}:${{ steps.meta.outputs.custom_tag }}"
103100
fi
104101
105102
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
106-
echo "gcr_image=${GCR_IMAGE}" >> $GITHUB_OUTPUT
103+
echo "ghcr_image=${GHCR_IMAGE}" >> $GITHUB_OUTPUT
107104
108105
- name: Build and push Docker image
109106
uses: docker/build-push-action@v5
@@ -122,15 +119,16 @@ jobs:
122119
org.opencontainers.image.source=https://github.com/${{ github.repository }}
123120
org.opencontainers.image.revision=${{ github.sha }}
124121
org.opencontainers.image.created=${{ steps.meta.outputs.timestamp }}
122+
org.opencontainers.image.licenses=MIT
125123
126124
- name: Generate deployment summary
127125
if: github.event_name != 'pull_request'
128126
run: |
129127
echo "## 🚀 Deployment Summary" >> $GITHUB_STEP_SUMMARY
130128
echo "" >> $GITHUB_STEP_SUMMARY
131129
echo "### Image Details" >> $GITHUB_STEP_SUMMARY
132-
echo "- **Registry:** GCR (Google Container Registry)" >> $GITHUB_STEP_SUMMARY
133-
echo "- **Image:** \`${{ steps.docker_tags.outputs.gcr_image }}\`" >> $GITHUB_STEP_SUMMARY
130+
echo "- **Registry:** GitHub Container Registry (GHCR)" >> $GITHUB_STEP_SUMMARY
131+
echo "- **Image:** \`${{ steps.docker_tags.outputs.ghcr_image }}\`" >> $GITHUB_STEP_SUMMARY
134132
echo "- **Commit SHA:** \`${{ steps.meta.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
135133
echo "- **Branch:** \`${{ steps.meta.outputs.branch }}\`" >> $GITHUB_STEP_SUMMARY
136134
echo "- **Timestamp:** \`${{ steps.meta.outputs.timestamp }}\`" >> $GITHUB_STEP_SUMMARY
@@ -142,44 +140,51 @@ jobs:
142140
echo "" >> $GITHUB_STEP_SUMMARY
143141
echo "### 📦 Pull Command" >> $GITHUB_STEP_SUMMARY
144142
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
145-
echo "docker pull ${{ steps.docker_tags.outputs.gcr_image }}:${{ steps.meta.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY
143+
echo "docker pull ${{ steps.docker_tags.outputs.ghcr_image }}:${{ steps.meta.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY
146144
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
147145
echo "" >> $GITHUB_STEP_SUMMARY
148146
echo "### 🚀 Run Command" >> $GITHUB_STEP_SUMMARY
149147
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
150-
echo "docker run -p 8000:8000 ${{ steps.docker_tags.outputs.gcr_image }}:${{ steps.meta.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY
148+
echo "docker run -p 8000:8000 ${{ steps.docker_tags.outputs.ghcr_image }}:${{ steps.meta.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY
151149
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
150+
echo "" >> $GITHUB_STEP_SUMMARY
151+
echo "### 🔗 Package URL" >> $GITHUB_STEP_SUMMARY
152+
echo "https://github.com/${{ github.repository }}/pkgs/container/kb-processor-webapp" >> $GITHUB_STEP_SUMMARY
152153
153154
- name: Output image URL
154155
if: github.event_name != 'pull_request'
155156
run: |
156157
echo "✅ Image published successfully!"
157-
echo "📍 Image URL: ${{ steps.docker_tags.outputs.gcr_image }}:${{ steps.meta.outputs.short_sha }}"
158+
echo "📍 Image URL: ${{ steps.docker_tags.outputs.ghcr_image }}:${{ steps.meta.outputs.short_sha }}"
158159
echo "🌐 Access the webapp at: http://localhost:8000 (after running the container)"
160+
echo "📦 View package: https://github.com/${{ github.repository }}/pkgs/container/kb-processor-webapp"
159161
160162
verify-image:
161163
name: Verify Published Image
162164
needs: build-and-push
163165
runs-on: ubuntu-latest
164166
if: github.event_name != 'pull_request'
165167

168+
permissions:
169+
packages: read
170+
166171
steps:
167-
- name: Authenticate to Google Cloud
168-
uses: google-github-actions/auth@v2
172+
- name: Log in to GitHub Container Registry
173+
uses: docker/login-action@v3
169174
with:
170-
credentials_json: ${{ secrets.GCP_SA_KEY }}
171-
172-
- name: Set up Cloud SDK
173-
uses: google-github-actions/setup-gcloud@v2
175+
registry: ghcr.io
176+
username: ${{ github.actor }}
177+
password: ${{ secrets.GITHUB_TOKEN }}
174178

175179
- name: Verify image exists
176180
run: |
177181
SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)
178-
IMAGE="gcr.io/${{ env.GCP_PROJECT_ID }}/${{ env.IMAGE_NAME }}:${SHORT_SHA}"
182+
REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
183+
IMAGE="ghcr.io/${REPO_LOWER}/kb-processor-webapp:${SHORT_SHA}"
179184
180185
echo "Verifying image: ${IMAGE}"
181186
182-
if gcloud container images describe ${IMAGE} --format="get(image_summary.fully_qualified_digest)"; then
187+
if docker manifest inspect ${IMAGE} > /dev/null 2>&1; then
183188
echo "✅ Image verified successfully!"
184189
else
185190
echo "❌ Image verification failed!"

0 commit comments

Comments
 (0)