[CI] Add automated Docker Hub publishing workflow #140

Closed
opened 2026-06-29 08:53:45 +00:00 by jabber.developer · 1 comment

Description

CProof currently relies on manual builds or external package repositories for distribution. To align with our open-source, decentralized philosophy and simplify deployment for users, we should provide an officially maintained Docker image.

This issue tracks the creation of a GitHub Actions workflow that automatically builds and publishes CProof Docker images to Docker Hub. Since we host on Gitea, this workflow will use the standard .github/workflows/ directory, which is fully supported by Gitea's Actions implementation.

Goals

  • Create a GitHub Actions workflow that builds the CProof Docker image
  • Publish images to Docker Hub (cproof/cproof)
  • Apply semantic versioning tags on release (v1.2.3, 1.2, 1)
  • Push latest and dev tags on main branch updates
  • Support multi-architecture builds (linux/amd64, linux/arm64)
  • Update README.md with Docker installation instructions

Implementation Details

1. Workflow Location

Create the file at: .github/workflows/docker-publish.yml

2. Workflow Configuration

Use the modern Docker Actions ecosystem (docker/login-action, docker/build-push-action, docker/metadata-action) for reliable tagging, caching, and multi-arch support.

name: Docker Build & Publish

on:
  push:
    branches: [ main ]
    tags: [ 'v*' ]
  pull_request:
    branches: [ main ]

permissions:
  contents: read
  packages: write

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Docker Hub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: cproof/cproof
          tags: |
            type=ref,event=branch
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=sha

      - name: Build and push Docker image
        id: push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/amd64,linux/arm64
          cache-from: type=gha
          cache-to: type=gha,mode=max

3. Dockerfile Considerations

  • Use a lightweight base image (e.g., alpine or distroless)
  • Run as a non-root user for security
  • Include all dependencies for OTR, PGP, OMEMO, and OX support
  • Reference existing Profanity Dockerfiles for dependency baseline

🔐 Secrets Required

Add the following to your Gitea repository settings:

  • DOCKER_USERNAME: Your Docker Hub username
  • DOCKER_TOKEN: A Docker Hub Access Token (preferred over password for security & 2FA compatibility)

Acceptance Criteria

  • Workflow file is added to .github/workflows/docker-publish.yml
  • CI pipeline passes on main branch pushes and v* tag creations
  • Images appear on Docker Hub with correct tags (latest, dev, vX.Y.Z)
  • Multi-arch images are built and pushed successfully
  • README.md is updated with a Docker quick-start section
  • Workflow does not attempt to push on pull_request events

📚 References

### Description CProof currently relies on manual builds or external package repositories for distribution. To align with our open-source, decentralized philosophy and simplify deployment for users, we should provide an officially maintained Docker image. This issue tracks the creation of a GitHub Actions workflow that automatically builds and publishes CProof Docker images to Docker Hub. Since we host on Gitea, this workflow will use the standard `.github/workflows/` directory, which is fully supported by Gitea's Actions implementation. ### Goals - [ ] Create a GitHub Actions workflow that builds the CProof Docker image - [ ] Publish images to Docker Hub (`cproof/cproof`) - [ ] Apply semantic versioning tags on release (`v1.2.3`, `1.2`, `1`) - [ ] Push `latest` and `dev` tags on `main` branch updates - [ ] Support multi-architecture builds (`linux/amd64`, `linux/arm64`) - [ ] Update `README.md` with Docker installation instructions ### Implementation Details #### 1. Workflow Location Create the file at: `.github/workflows/docker-publish.yml` #### 2. Workflow Configuration Use the modern Docker Actions ecosystem (`docker/login-action`, `docker/build-push-action`, `docker/metadata-action`) for reliable tagging, caching, and multi-arch support. ```yaml name: Docker Build & Publish on: push: branches: [ main ] tags: [ 'v*' ] pull_request: branches: [ main ] permissions: contents: read packages: write jobs: docker: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: images: cproof/cproof tags: | type=ref,event=branch type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha - name: Build and push Docker image id: push uses: docker/build-push-action@v5 with: context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max ``` #### 3. Dockerfile Considerations - Use a lightweight base image (e.g., `alpine` or `distroless`) - Run as a non-root user for security - Include all dependencies for OTR, PGP, OMEMO, and OX support - Reference existing Profanity Dockerfiles for dependency baseline ### 🔐 Secrets Required Add the following to your Gitea repository settings: - `DOCKER_USERNAME`: Your Docker Hub username - `DOCKER_TOKEN`: A Docker Hub Access Token (preferred over password for security & 2FA compatibility) ### ✅ Acceptance Criteria - [x] Workflow file is added to `.github/workflows/docker-publish.yml` - [x] CI pipeline passes on `main` branch pushes and `v*` tag creations - [x] Images appear on Docker Hub with correct tags (`latest`, `dev`, `vX.Y.Z`) - [x] Multi-arch images are built and pushed successfully - [ ] `README.md` is updated with a Docker quick-start section - [x] Workflow does not attempt to push on `pull_request` events ### 📚 References - [GitHub Actions: Building and pushing Docker images](https://docs.github.com/en/actions/publishing-packages/publishing-docker-images) - [Gitea Actions Documentation](https://docs.gitea.com/usage/actions/introduction) - [Docker Buildx & Metadata Actions](https://github.com/docker/metadata-action) - [Profanity Dockerfiles (Reference)](https://git.jabber.space/devs/profanity)
jabber.developer added this to the Plans (2025-2026) project 2026-06-29 08:53:57 +00:00
jabber.developer self-assigned this 2026-06-29 08:54:02 +00:00
jabber.developer added the
Priority
Medium
3
label 2026-06-29 08:54:11 +00:00
jabber.developer moved this to In Progress in Plans (2025-2026) on 2026-06-29 08:54:25 +00:00
jabber.developer moved this to Verification in Plans (2025-2026) on 2026-07-10 10:39:07 +00:00
Author
Owner

Resolved by #157

Resolved by #157
jabber.developer moved this to Done in Plans (2025-2026) on 2026-07-11 21:39:33 +00:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: devs/cproof#140
No description provided.