From 7f129b9cf002f3bda3a4c54f3be507352e766a53 Mon Sep 17 00:00:00 2001 From: Ian Mancini Date: Sun, 21 Jun 2026 16:28:34 -0300 Subject: [PATCH 1/5] fix: use repository owner to allow forks to push images to Docker Hub --- .github/workflows/test-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml index e69208de6..c12d6a361 100644 --- a/.github/workflows/test-build.yml +++ b/.github/workflows/test-build.yml @@ -69,7 +69,7 @@ jobs: uses: docker/metadata-action@v5.8.0 with: images: | - name=rommapp/romm-testing + name=${{ github.repository_owner }}/romm-testing tags: | type=raw,value=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.branch || github.head_ref }} @@ -95,5 +95,5 @@ jobs: comment_id: ${{ steps.build-comment.outputs.comment-id }}, owner: context.repo.owner, repo: context.repo.repo, - body: `✅ Preview build completed!\n\nDocker image: \`rommapp/romm-testing:${process.env.HEAD_REF}\`` + body: `✅ Preview build completed!\n\nDocker image: \`${{ github.repository_owner }}/romm-testing:${process.env.HEAD_REF}\`` }) From 0f17e70350deb0ed77dd8beb8d4c62d8781b7623 Mon Sep 17 00:00:00 2001 From: Ian Mancini Date: Sun, 21 Jun 2026 17:38:09 -0300 Subject: [PATCH 2/5] feat: add action option to push test images to ghcr --- .github/workflows/test-build.yml | 47 ++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml index c12d6a361..8537878c0 100644 --- a/.github/workflows/test-build.yml +++ b/.github/workflows/test-build.yml @@ -9,6 +9,14 @@ on: branch: description: "Git branch to build" required: true + registry: + description: "Container registry to push to" + required: true + default: "ghcr" + type: choice + options: + - ghcr + - dockerhub permissions: id-token: write @@ -28,6 +36,8 @@ jobs: contents: write packages: write pull-requests: write + env: + USE_GHCR: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.registry == 'ghcr' }} steps: - name: Run only once per workflow run: echo "Triggered by ${{ github.event_name }}" @@ -58,14 +68,34 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3.11.1 + - name: Login to GHCR + if: env.USE_GHCR == 'true' + uses: docker/login-action@v3.5.0 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Login to Docker Hub + if: env.USE_GHCR == 'false' uses: docker/login-action@v3.5.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Generate Docker metadata - id: meta + - name: Generate Docker metadata (GHCR) + if: env.USE_GHCR == 'true' + id: meta-ghcr + uses: docker/metadata-action@v5.8.0 + with: + images: | + name=ghcr.io/${{ github.repository_owner }}/romm-testing + tags: | + type=raw,value=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.branch || github.head_ref }} + + - name: Generate Docker metadata (Docker Hub) + if: env.USE_GHCR == 'false' + id: meta-dockerhub uses: docker/metadata-action@v5.8.0 with: images: | @@ -81,7 +111,7 @@ jobs: context: . push: true platforms: linux/arm64,linux/amd64 - tags: ${{ steps.meta.outputs.tags }} + tags: ${{ env.USE_GHCR == 'true' && steps.meta-ghcr.outputs.tags || steps.meta-dockerhub.outputs.tags }} target: full-image - name: Comment PR with Docker image link @@ -89,11 +119,18 @@ jobs: uses: actions/github-script@v7 env: HEAD_REF: ${{ github.head_ref }} + USE_GHCR: ${{ env.USE_GHCR }} with: script: | + const owner = context.repo.owner; + const tag = process.env.HEAD_REF; + const useGhcr = process.env.USE_GHCR === 'true'; + const image = useGhcr + ? `ghcr.io/${owner}/romm-testing:${tag}` + : `${owner}/romm-testing:${tag}`; github.rest.issues.updateComment({ comment_id: ${{ steps.build-comment.outputs.comment-id }}, - owner: context.repo.owner, + owner: owner, repo: context.repo.repo, - body: `✅ Preview build completed!\n\nDocker image: \`${{ github.repository_owner }}/romm-testing:${process.env.HEAD_REF}\`` + body: `✅ Preview build completed!\n\nDocker image: \`${image}\`` }) From 967c146fe9166371eff3d387651d52a1ccb5a52f Mon Sep 17 00:00:00 2001 From: Ian Mancini Date: Sun, 21 Jun 2026 17:54:58 -0300 Subject: [PATCH 3/5] feat: add option to push experimental image to both registries --- .github/workflows/test-build.yml | 36 ++++++++++++-------------------- 1 file changed, 13 insertions(+), 23 deletions(-) diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml index 8537878c0..dc93c4e14 100644 --- a/.github/workflows/test-build.yml +++ b/.github/workflows/test-build.yml @@ -17,6 +17,7 @@ on: options: - ghcr - dockerhub + - both permissions: id-token: write @@ -37,7 +38,8 @@ jobs: packages: write pull-requests: write env: - USE_GHCR: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.registry == 'ghcr' }} + USE_GHCR: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.registry == 'ghcr' || github.event.inputs.registry == 'both' }} + USE_DOCKERHUB: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.registry == 'dockerhub' || github.event.inputs.registry == 'both') }} steps: - name: Run only once per workflow run: echo "Triggered by ${{ github.event_name }}" @@ -77,29 +79,19 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Docker Hub - if: env.USE_GHCR == 'false' + if: env.USE_DOCKERHUB == 'true' uses: docker/login-action@v3.5.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Generate Docker metadata (GHCR) - if: env.USE_GHCR == 'true' - id: meta-ghcr + - name: Generate Docker metadata + id: meta uses: docker/metadata-action@v5.8.0 with: images: | - name=ghcr.io/${{ github.repository_owner }}/romm-testing - tags: | - type=raw,value=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.branch || github.head_ref }} - - - name: Generate Docker metadata (Docker Hub) - if: env.USE_GHCR == 'false' - id: meta-dockerhub - uses: docker/metadata-action@v5.8.0 - with: - images: | - name=${{ github.repository_owner }}/romm-testing + ${{ env.USE_GHCR == 'true' && format('name=ghcr.io/{0}/romm-testing', github.repository_owner) || '' }} + ${{ env.USE_DOCKERHUB == 'true' && format('name={0}/romm-testing', github.repository_owner) || '' }} tags: | type=raw,value=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.branch || github.head_ref }} @@ -111,7 +103,7 @@ jobs: context: . push: true platforms: linux/arm64,linux/amd64 - tags: ${{ env.USE_GHCR == 'true' && steps.meta-ghcr.outputs.tags || steps.meta-dockerhub.outputs.tags }} + tags: ${{ steps.meta.outputs.tags }} target: full-image - name: Comment PR with Docker image link @@ -119,18 +111,16 @@ jobs: uses: actions/github-script@v7 env: HEAD_REF: ${{ github.head_ref }} - USE_GHCR: ${{ env.USE_GHCR }} with: script: | const owner = context.repo.owner; const tag = process.env.HEAD_REF; - const useGhcr = process.env.USE_GHCR === 'true'; - const image = useGhcr - ? `ghcr.io/${owner}/romm-testing:${tag}` - : `${owner}/romm-testing:${tag}`; + const images = [ + `ghcr.io/${owner}/romm-testing:${tag}`, + ]; github.rest.issues.updateComment({ comment_id: ${{ steps.build-comment.outputs.comment-id }}, owner: owner, repo: context.repo.repo, - body: `✅ Preview build completed!\n\nDocker image: \`${image}\`` + body: `✅ Preview build completed!\n\nDocker image: \`${images[0]}\`` }) From da7658a4aaccaeadf2f360645002a189e660c2e4 Mon Sep 17 00:00:00 2001 From: Georges-Antoine Assi Date: Wed, 24 Jun 2026 10:26:30 -0400 Subject: [PATCH 4/5] Clarify GHCR-only preview build PR comment Rename the comment step to reflect that PR builds only push to GHCR, add a note explaining the hardcoded registry, and inline the image string into the updateComment call. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/test-build.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml index dc93c4e14..a6983e326 100644 --- a/.github/workflows/test-build.yml +++ b/.github/workflows/test-build.yml @@ -7,10 +7,10 @@ on: inputs: # trunk-ignore(checkov/CKV_GHA_7) branch: - description: "Git branch to build" + description: "Git branch" required: true registry: - description: "Container registry to push to" + description: "Container registry" required: true default: "ghcr" type: choice @@ -106,7 +106,8 @@ jobs: tags: ${{ steps.meta.outputs.tags }} target: full-image - - name: Comment PR with Docker image link + # PR builds always push to GHCR only, so the image link is hardcoded to GHCR. + - name: Comment PR with GHCR image link if: github.event_name == 'pull_request' uses: actions/github-script@v7 env: @@ -115,12 +116,9 @@ jobs: script: | const owner = context.repo.owner; const tag = process.env.HEAD_REF; - const images = [ - `ghcr.io/${owner}/romm-testing:${tag}`, - ]; github.rest.issues.updateComment({ comment_id: ${{ steps.build-comment.outputs.comment-id }}, owner: owner, repo: context.repo.repo, - body: `✅ Preview build completed!\n\nDocker image: \`${images[0]}\`` + body: `✅ Preview build completed!\n\nDocker image: \`ghcr.io/${owner}/romm-testing:${tag}\`` }) From 93922faf91a34f0a50383d4e4fc4a4fb33f4f8e8 Mon Sep 17 00:00:00 2001 From: Georges-Antoine Assi Date: Wed, 24 Jun 2026 11:43:03 -0400 Subject: [PATCH 5/5] Key Docker Hub namespace off push credential Derive the Docker Hub namespace from DOCKER_NAMESPACE, falling back to DOCKER_USERNAME and then github.repository_owner, so forks whose GitHub owner name differs from their writable Docker Hub namespace can push. GHCR is unaffected. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/test-build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml index a6983e326..3539c4e65 100644 --- a/.github/workflows/test-build.yml +++ b/.github/workflows/test-build.yml @@ -40,6 +40,8 @@ jobs: env: USE_GHCR: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.registry == 'ghcr' || github.event.inputs.registry == 'both' }} USE_DOCKERHUB: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.registry == 'dockerhub' || github.event.inputs.registry == 'both') }} + # Key the Docker Hub namespace off the push credential rather than the GitHub owner. + DOCKERHUB_NAMESPACE: ${{ secrets.DOCKER_NAMESPACE || secrets.DOCKER_USERNAME || github.repository_owner }} steps: - name: Run only once per workflow run: echo "Triggered by ${{ github.event_name }}" @@ -91,7 +93,7 @@ jobs: with: images: | ${{ env.USE_GHCR == 'true' && format('name=ghcr.io/{0}/romm-testing', github.repository_owner) || '' }} - ${{ env.USE_DOCKERHUB == 'true' && format('name={0}/romm-testing', github.repository_owner) || '' }} + ${{ env.USE_DOCKERHUB == 'true' && format('name={0}/romm-testing', env.DOCKERHUB_NAMESPACE) || '' }} tags: | type=raw,value=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.branch || github.head_ref }}