This repository uses GitHub Actions to automatically build and push container images to GitHub Container Registry (GHCR).
Good news: GHCR is automatically available for your GitHub account! No separate setup required.
Your containers will be published to: ghcr.io/lukevanstech/<app-name>
The workflow uses GITHUB_TOKEN to push to GHCR. You need to grant write permissions:
- Go to your repo: https://github.com/LukeEvansTech/containers/settings/actions
- Under Workflow permissions, select:
- ✅ Read and write permissions
- Click Save
By default, packages are private. To make them public:
- After first build, go to: https://github.com/users/LukeEvansTech/packages
- Click on your container package
- Go to Package settings
- Under Danger Zone → Change visibility to Public
The workflow triggers automatically when you:
- Push to main - Builds and pushes changed apps with
latesttag - Open a PR - Builds (but doesn't push) for testing
- Push tags - Creates versioned releases (e.g.,
v1.0.0)
The workflow only builds apps that have changed:
apps/
├── supermicro-ipmi-cert/ # Changed → builds
├── brother-printer-cert/ # No changes → skips
└── apc-cert/ # No changes → skips
Trigger builds manually from GitHub Actions:
- Go to: https://github.com/LukeEvansTech/containers/actions/workflows/build-and-push.yaml
- Click Run workflow
- Optionally specify which app to build (or leave empty for all)
apiVersion: v1
kind: Pod
metadata:
name: cert-deploy
spec:
containers:
- name: deploy
image: ghcr.io/lukevanstech/supermicro-ipmi-cert:latest
# Or pin to digest for immutability:
# image: ghcr.io/lukevanstech/supermicro-ipmi-cert:latest@sha256:abc123...docker pull ghcr.io/lukevanstech/supermicro-ipmi-cert:latest
docker run ghcr.io/lukevanstech/supermicro-ipmi-cert:latestservices:
cert-deploy:
image: ghcr.io/lukevanstech/supermicro-ipmi-cert:latest# Create a personal access token (classic) with `read:packages` scope
# https://github.com/settings/tokens
# Login to GHCR
echo $GITHUB_TOKEN | docker login ghcr.io -u lukevanstech --password-stdincd apps/supermicro-ipmi-cert
docker build -t ghcr.io/lukevanstech/supermicro-ipmi-cert:dev .docker push ghcr.io/lukevanstech/supermicro-ipmi-cert:devThe workflow creates these tags automatically:
| Tag | When | Example |
|---|---|---|
latest |
Every push to main | ghcr.io/lukevanstech/supermicro-ipmi-cert:latest |
main-<sha> |
Every push to main | ghcr.io/lukevanstech/supermicro-ipmi-cert:main-abc1234 |
pr-<number> |
Pull requests | ghcr.io/lukevanstech/supermicro-ipmi-cert:pr-42 |
| Semver | Git tags | ghcr.io/lukevanstech/supermicro-ipmi-cert:1.0.0 |
Images are built for:
- ✅
linux/amd64(x86_64) - ✅
linux/arm64(ARM64/Apple Silicon)
Docker automatically pulls the correct architecture for your platform.
GitHub Actions caches layers between builds for faster CI/CD.
All images include:
- Provenance attestations - Verifiable build information
- SBOM - Software Bill of Materials
Verify attestations:
gh attestation verify oci://ghcr.io/lukevanstech/supermicro-ipmi-cert:latestFix: Enable write permissions in repo settings (see step 1 above)
Fix 1: Make package public (see step 2 above)
Fix 2: Authenticate with GitHub token:
echo $GITHUB_TOKEN | docker login ghcr.io -u lukevanstech --password-stdinThis is normal! The workflow only builds apps that have changed files.
To force a build:
- Use manual workflow dispatch
- Modify a file in the app directory
- Push an empty commit:
git commit --allow-empty -m "Trigger build"
To create a versioned release:
# Tag the commit
git tag v1.0.0
git push origin v1.0.0This creates:
ghcr.io/lukevanstech/supermicro-ipmi-cert:1.0.0ghcr.io/lukevanstech/supermicro-ipmi-cert:1.0ghcr.io/lukevanstech/supermicro-ipmi-cert:latest
View build status:
- Actions tab: https://github.com/LukeEvansTech/containers/actions
- Packages: https://github.com/users/LukeEvansTech/packages
Each build shows:
- ✅ Build status
- 📦 Image digest
- 🏷️ Tags created
- 🔍 Attestations