ci(docker): add Docker publishing workflow and Dockerfile #157
Reference in New Issue
Block a user
No description provided.
Delete Branch "ci/docker-hub-publishing"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Introduce GitHub Actions workflow for automated Docker image publishing to Docker Hub.
Fixes #140
9a69ede91bto2bad80b015Runtime image may not be usable as-is
A local build of
ci/Dockerfilecompletes fine, but the resulting image doesn't seem to start —lddon the installed binary reports a couple of missing shared libraries:Two things appear to be going on:
/usr/lib/libstrophe.so.0.14.0), but it doesn't look like it's carried over into the runtime stage — theCOPY --from=builderblock only pulls the binary,libprofanity*, the header andshare/. Since it's not an Ubuntu package, the runtimeapt-get installcan't cover it either.--enable-python-plugins(the binary links-lpython3.14), but the runtime installs onlypython3, which may not bring the shared library along.One possible fix:
It might also be worth running
lddon the final binary as a build step, since other hand-pinned runtime packages could hide similar gaps. Worth noting thatdocker buildexits 0 here regardless — nothing actually runs the image — so a green build alone may not confirm it works.Workflow tag conditions might not behave as intended
docker/metadata-actiondoesn't appear to have anenable-if-refattribute — the supported one seems to beenable(with helpers like{{is_default_branch}}). If that's right,enable-if-refwould be silently ignored and every tag would apply unconditionally, so a push tomastercould end up taggedlatest, and a release could pick updev/nightly-<sha>. Something along these lines might match the intent more closely:Smaller things
actions/checkout@v7— the rest of the repo pins@v4, and v7 may not exist as a tag, so this step could fail to resolve. Pinning to@v4(or a SHA, to match the other actions here) might be safer.permissions: packages: writelooks like it's aimed at GHCR; since the push targets Docker Hub viaDOCKER_USERNAME/DOCKER_PASSWORD,contents: readalone may be enough.cache-from/cache-to: type=ghacould cut that down considerably..dockerignore, soCOPY . .seems to drag the whole.gitand any local build artifacts into the context.Since
docker-publish.ymlonly triggers on push-to-master / release, none of the above would show up on the PR checks — the first real exercise would be after merge, which is why it might be worth verifying manually first.3dc5f4df16to41c9a9777c41c9a9777ctoe282bf9f36e282bf9f36to5906c009d8e302430c08tob665f6060eb665f6060eto2be16df905