ci(docker): add docker-publish workflow and clean up release.yml

Add dedicated docker-publish.yml with full CI/CD pipeline: - Build & push server/agent/web/mcp images on tag, main push, and PR - Publish to both Docker Hub and GHCR - Semver tag strategy (latest, version, major.minor, major, sha) - GHA build cache, SLSA provenance, and SBOM - PR builds validate without pushing Remove superseded dockerhub job from release.yml.
2026-04-25 07:00:48 +09:00 · 2026-02-20 03:37:41 +08:00
parent 3c1ab85349
commit fcb51e066e
2 changed files with 93 additions and 48 deletions
@@ -8,13 +8,9 @@ on:
  push:
    tags:
      - 'v*'
-  release:
-    types:
-      - published

 jobs:
  release:
-    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
@@ -39,47 +35,3 @@ jobs:
      #   env:
      #     NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
      #     NPM_CONFIG_PROVENANCE: true
-
-  dockerhub:
-    if: github.event_name == 'release'
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        include:
-          - image: server
-            dockerfile: docker/Dockerfile.server
-          - image: agent
-            dockerfile: docker/Dockerfile.agent
-          - image: web
-            dockerfile: docker/Dockerfile.web
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set build time
-        id: vars
-        run: echo "build_time=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> "$GITHUB_OUTPUT"
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build and push multi-arch image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ${{ matrix.dockerfile }}
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: memohai/${{ matrix.image }}:${{ github.event.release.tag_name }}
-          build-args: |
-            VERSION=${{ github.event.release.tag_name }}
-            COMMIT_HASH=${{ github.sha }}
-            BUILD_TIME=${{ steps.vars.outputs.build_time }}