Automate Docker Image Build and Publish by chaptersix · Pull Request #877 · temporalio/cli

chaptersix · 2025-11-20T17:41:18Z

What was changed

added GHA to build and publish docker images
Updated go releaser to v2
Minor tweaks to other GHA

Why?

Make is easier to publish docker images on release.

CLAassistant · 2025-11-20T17:41:25Z

All committers have signed the CLA.

CLAassistant · 2025-11-20T17:41:26Z

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

.github/workflows/goreleaser.yml

.github/workflows/build-and-publish.yml

… using deprecated stuff.

Major improvements: - Add full parameterization (registry, namespace, image name) - Auto-detect registry: temporalio → docker.io, others → ghcr.io - Separate workflow for managing 'latest' tag on release events - Dynamic Docker labels using GITHUB_REPOSITORY variable - Add packages:write permission for GHCR - Remove artifact uploading (no longer needed) Benefits: - Works out-of-box for both upstream and forks - Flexible registry support (Docker Hub, GHCR, any registry) - Clean separation of release vs latest-tag concerns - Proper package association in GitHub Configuration requirements: - DOCKER_USERNAME and DOCKER_PASSWORD secrets needed for Docker Hub - GITHUB_TOKEN automatically provides GHCR access

.github/workflows/build-and-publish.yml

.github/docker/cli.Dockerfile

Makefile

.goreleaser.yml

.github/workflows/update-latest-tag.yml

.github/workflows/build-and-publish.yml

.github/docker/cli.Dockerfile

Address PR temporalio#877 Feedback: Simplify Dockerfile and Workflows

semgrep-managed-scans · 2025-11-22T01:21:33Z

Semgrep found 1 missing-explicit-permissions finding:

.github/workflows/trigger-docs.yml
- L8-55 - Triage

No explicit GITHUB_TOKEN permissions found at the workflow or job level. Add a permissions: block at the workflow root (applies to all jobs) or per job with least privilege (e.g., contents: read and only specific writes like pull-requests: write if needed).

Dockerfile

.github/workflows/update-latest-tag.yml

.github/workflows/build-and-publish.yml

bergundy

Overall LGTM. Didn't have anything major.

.github/scripts/check-latest-tag.js

.github/workflows/build-and-publish.yml

Dockerfile

chaptersix · 2025-12-03T00:20:32Z

just realized that this repo uses release candidates and those are not currently published to docker hub.

chaptersix · 2025-12-03T00:25:21Z

moving the image build to the manually triggered workflow.

.github/workflows/build-and-publish-docker.yml

chaptersix added 3 commits November 20, 2025 11:07

Automate Docker image builds

bc4f485

move the docker ignore file to the correct location

42cc84f

fix a few bugs

04e92b6

semgrep-managed-scans bot reviewed Nov 20, 2025

View reviewed changes

.github/workflows/goreleaser.yml Outdated Show resolved Hide resolved

support building on pr and upgrade goreleaser

0e9929e

semgrep-managed-scans bot reviewed Nov 20, 2025

View reviewed changes

.github/workflows/build-and-publish.yml Outdated Show resolved Hide resolved

chaptersix added 2 commits November 20, 2025 16:39

Fix semgrep issues and wf permission

4667b5c

remove write perm from re-usable wf

15163e4

semgrep-managed-scans bot reviewed Nov 20, 2025

View reviewed changes

.github/workflows/build-and-publish.yml Outdated Show resolved Hide resolved

chaptersix added 4 commits November 20, 2025 16:46

update go releaser to use formats instead of format and gh wf to stop…

062c9b7

… using deprecated stuff.

turn on caching and upload build artifacts.

2155012

remove makefile that is not longer needed

5ecf25a

correct alpine update command

8918ee7

chaptersix marked this pull request as ready for review November 21, 2025 12:47

chaptersix requested review from a team as code owners November 21, 2025 12:47

chaptersix marked this pull request as draft November 21, 2025 13:00

chaptersix marked this pull request as ready for review November 21, 2025 17:49

chaptersix commented Nov 21, 2025

View reviewed changes

.github/workflows/build-and-publish.yml Outdated Show resolved Hide resolved

bergundy reviewed Nov 21, 2025

View reviewed changes

chaptersix mentioned this pull request Nov 21, 2025

Address PR #877 Feedback: Simplify Dockerfile and Workflows chaptersix/temporal-cli#8

Merged

chaptersix added a commit to chaptersix/temporal-cli that referenced this pull request Nov 22, 2025

Merge pull request #8 from chaptersix/alex/docker-pr-feedback

84c2380

Address PR temporalio#877 Feedback: Simplify Dockerfile and Workflows

Address PR feedback: simplify Docker build and fix workflow issues

363f893

chaptersix commented Nov 22, 2025

View reviewed changes

Dockerfile Outdated Show resolved Hide resolved

chaptersix added 2 commits November 21, 2025 19:22

Update Dockerfile

41f7f4d

Add explicit permissions to trigger-docs workflow

98cfaff

chaptersix commented Nov 26, 2025

View reviewed changes

.github/workflows/update-latest-tag.yml Outdated Show resolved Hide resolved

chaptersix added 2 commits November 26, 2025 13:07

update action versions

fa17267

simplify script again

ef83ff2

chaptersix requested a review from bergundy November 26, 2025 19:24

chaptersix added 2 commits November 26, 2025 13:33

fix syntax and corrections for lint issues

4864813

add namespace default

05b0021

chaptersix marked this pull request as draft November 26, 2025 22:02

chaptersix commented Nov 26, 2025

View reviewed changes

.github/workflows/build-and-publish.yml Outdated Show resolved Hide resolved

chaptersix added 2 commits November 26, 2025 16:08

correct image name

b7bda83

refactor update tag workflow

0388341

chaptersix marked this pull request as ready for review December 1, 2025 16:59

chaptersix added 2 commits December 1, 2025 14:01

remove comments and checks that are no longer needed

2098e5c

security fixes

a096c92

bergundy reviewed Dec 2, 2025

View reviewed changes

.github/scripts/check-latest-tag.js Outdated Show resolved Hide resolved

.github/workflows/build-and-publish.yml Outdated Show resolved Hide resolved

Dockerfile Outdated Show resolved Hide resolved

Dockerfile Outdated Show resolved Hide resolved

chaptersix added 2 commits December 2, 2025 13:51

add tzdata to dockerfile

90577f9

update tag latest workflow and remove latest tagging from other code

7b1df2e

chaptersix requested a review from bergundy December 2, 2025 22:54

chaptersix marked this pull request as draft December 3, 2025 00:23

chaptersix added 4 commits December 2, 2025 18:39

refactor to build docker images only in a manually triggered workflow.

4249db7

add option to publish a docker image

c31c2f9

remove go releaser builds on pr and main

c19e100

fix bug. collect proper cli sha

0f2c204

chaptersix marked this pull request as ready for review December 3, 2025 15:11

bergundy approved these changes Dec 4, 2025

View reviewed changes

.github/workflows/build-and-publish-docker.yml Show resolved Hide resolved

Merge branch 'main' into alex/docker-image-re

7c6e522

chaptersix merged commit da6d754 into main Dec 4, 2025
8 checks passed

chaptersix deleted the alex/docker-image-re branch December 4, 2025 17:45

BrewTestBot mentioned this pull request Feb 5, 2026

temporal 1.6.0 Homebrew/homebrew-core#266037

Merged

Conversation

chaptersix commented Nov 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What was changed

Why?

Uh oh!

CLAassistant commented Nov 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

CLAassistant commented Nov 20, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

semgrep-managed-scans bot commented Nov 22, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

bergundy left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chaptersix commented Dec 3, 2025

Uh oh!

chaptersix commented Dec 3, 2025

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

chaptersix commented Nov 20, 2025 •

edited

Loading

CLAassistant commented Nov 20, 2025 •

edited

Loading