Rewrote build and push pipeline to accomodate ghcr.io, build in parallel

[tenekev]

I noticed the build & push workflow is a bit lacking. I added an option to push both for Docker Hub and GHCR.io as the native Container Registry.

• The workflow pushes to Docker Hub only if DOCKER_USERNAME is specified, otherwise it's skipped. The push to GHCR.io is native.
• You might need to review your repo settings - Settings > Actions > General in order to run & push to GHCR.io.
• Once the image is published, it can be found in the Packages section of the repo. You might need to change the accessibility settings of the image to make it public but it should inherit the accessibility from the repo.

⚠️WARNING: DOCKER_PASSWORD secret was changed to DOCKER_TOKEN for accuracy. Docker Hub should be used with tokens. Update the secret's name.

[clusterzx]

Thank you for your work, I really appriciate that! I am not that much of a DevOps (CI/CD) Guy 😆
I will look into it later and get back to you.

[tenekev]

I'm not a professional (yet), so take it with a grain of salt. The only opinionated thing is the preference to GHCR.io. The rest should work like the old pipeine. I haven't tested with different branches.

[ilijamt]

Can you also add linux/arm64 to the build process?
I use it on linux/arm64 so it works perfectly there as well.

[pixil98]

I should read things before I post. To make this post still useful, I'll just let @ilijamt know that this is adding support for building linux/arm64.

[clusterzx]

I will merge this today. @tenekev thanks again for you work, really appreciate it.

[rafaribe]

Why complicate with the matrix approach? This will indeed build them in parallel, but it will build two images with different sha256 with effectively the same content, why not do something like this:

https://github.com/rafaribe/paperless-ai/blob/main/.github/workflows/docker-build-push.yml

It will build once, tag twice, with the same sha and push to both GHCR and Dockerhub.

I would agree to keep ubuntu-24.04 and package permissions and the rest of the steps.

[clusterzx]

Can you revert DOCKER_TOKEN to DOCKER_PASSWORD as this is just naming. There is a token behind it ?
Also where do I generate the token for ghcr? :)

[tenekev]

The Docker hub token can be generated from the docker hub interface. https://app.docker.com/settings/personal-access-tokens

The GitHub token should be accessible inside the workflow without any extra work from you.

[clusterzx]

Ah sorry dunno why I added a questionmark at the end behind "There is a token behind it". I wanted to say THERE IS a token behind it already. I just did a non normal name coversion for that. xD