Upgrade CI to publish to ghcr.io and Dockerhub (#901)

* GHCR Separate Workflows

* GHCR Standalone Publishing Refinements

* Docker Hub Publishing Refinements

* Add Development Build Artefact Generation and Publishing

This only runs against non Excluded branches as to be practical.

* Fix GHCR Deployment due to Uppercase Names and Main Branch Exclusion

* Fix Github ignoring Branch filters for Develop Workflow

* Harmonise Development Artifact Workflows

* Improve Docker Hub Development Artefact Metadata

.github/workflows/docker-hub-develop.yml

@@ -1,4 +1,5 @@
 # SPDX-FileCopyrightText: 2024 Gnuxie <Gnuxie@protonmail.com>
+# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
 #
 # SPDX-License-Identifier: CC0-1.0
 
@@ -16,6 +17,7 @@ env:
   PLATFORMS: linux/amd64,linux/arm64
   # Only push if this is main, otherwise we just want to build
   PUSH: ${{ github.ref == 'refs/heads/main' }}
+  IMG_SOURCE: https://github.com/${{ github.repository }}
 
 jobs:
   docker-latest:
@@ -54,5 +56,12 @@ jobs:
           file: ./Dockerfile
           platforms: ${{ env.PLATFORMS }}
           push: ${{ env.PUSH }}
+          labels: |
+            org.opencontainers.image.source=${{ env.IMG_SOURCE }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.version=${{ github.ref_name }}-${{ github.sha }}
+            org.opencontainers.image.ref.name=${{ github.ref_name }}
+            org.opencontainers.image.licenses=AFL-3.0
+          sbom: true
           tags: |
             ${{ env.DOCKER_NAMESPACE }}/draupnir:develop

.github/workflows/docker-hub-latest.yml

@@ -1,4 +1,5 @@
 # SPDX-FileCopyrightText: 2024 Gnuxie <Gnuxie@protonmail.com>
+# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
 #
 # SPDX-License-Identifier: CC0-1.0
 
@@ -14,6 +15,7 @@ on:
 env:
   DOCKER_NAMESPACE: gnuxie
   PLATFORMS: linux/amd64,linux/arm64
+  IMG_SOURCE: https://github.com/${{ github.repository }}
 
 jobs:
   docker-release:
@@ -53,6 +55,11 @@ jobs:
           file: ./Dockerfile
           platforms: ${{ env.PLATFORMS }}
           push: true
+          labels: |
+            org.opencontainers.image.source=${{ env.IMG_SOURCE }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.version=${{ github.ref_name }}
+            org.opencontainers.image.licenses=AFL-3.0
           sbom: true
           tags: |
             ${{ env.DOCKER_NAMESPACE }}/draupnir:latest

.github/workflows/docker-hub-release.yml

@@ -1,4 +1,5 @@
 # SPDX-FileCopyrightText: 2024 Gnuxie <Gnuxie@protonmail.com>
+# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
 #
 # SPDX-License-Identifier: CC0-1.0
 
@@ -14,6 +15,7 @@ on:
 env:
   DOCKER_NAMESPACE: gnuxie
   PLATFORMS: linux/amd64,linux/arm64
+  IMG_SOURCE: https://github.com/${{ github.repository }}
 
 jobs:
   docker-release:
@@ -54,6 +56,11 @@ jobs:
           file: ./Dockerfile
           platforms: ${{ env.PLATFORMS }}
           push: true
+          labels: |
+            org.opencontainers.image.source=${{ env.IMG_SOURCE }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.version=${{ github.ref_name }}
+            org.opencontainers.image.licenses=AFL-3.0
           sbom: true
           tags: |
             ${{ env.DOCKER_NAMESPACE }}/draupnir:${{ env.RELEASE_VERSION }}

.github/workflows/ghcr-all-dev-branches.yml

@@ -0,0 +1,76 @@
+# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
+#
+# SPDX-License-Identifier: CC0-1.0
+# This file is derived from the docker-hub-develop.yml workflow, but instead of pushing to Docker Hub, it pushes to GHCR. It also runs on all non excluded branches to allow easier access to development builds.
+
+name: "GHCR - Development Branches"
+
+on:
+  push:
+    branches-ignore:
+      - "dependabot/**"
+      - "renovate/**"
+      - "github-actions/**"
+
+env:
+  IMAGE_NAME: draupnir
+  PLATFORMS: linux/amd64,linux/arm64
+  IMG_SOURCE: https://github.com/${{ github.repository }}
+
+jobs:
+  ghcr-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      packages: write
+      contents: read
+      attestations: write
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+      - name: Unshallow for git describe so we can create version.txt
+        run: git fetch --prune --unshallow --tags --all --force
+      - name: Set lowercase image owner
+        run: echo "IMAGE_OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      # Needed for multi platform builds
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Derive image tags
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ env.IMAGE_OWNER }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=sha,prefix=sha-
+
+      - name: Build image
+        id: push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: ${{ env.PLATFORMS }}
+          push: true
+          labels: |
+            org.opencontainers.image.source=${{ env.IMG_SOURCE }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.version=${{ github.ref_name }}-${{ github.sha }}
+            org.opencontainers.image.ref.name=${{ github.ref_name }}
+            org.opencontainers.image.licenses=AFL-3.0
+          sbom: true
+          tags: ${{ steps.meta.outputs.tags }}

.github/workflows/ghcr-latest.yml

@@ -0,0 +1,64 @@
+# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+name: "GHCR - Latest"
+
+on:
+  release:
+    types: [released]
+
+env:
+  PLATFORMS: linux/amd64,linux/arm64
+  IMG_SOURCE: https://github.com/${{ github.repository }}
+
+jobs:
+  ghcr-latest:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      packages: write
+      contents: read
+      attestations: write
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+      - name: Get release tag
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+      - name: Unshallow for git describe so we can create version.txt
+        run: git fetch --prune --unshallow --tags --all --force
+      - name: Set lowercase image owner
+        run: echo "IMAGE_OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      # Needed for multi platform builds
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push image to GHCR
+        id: push_ghcr
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: ${{ env.PLATFORMS }}
+          push: true
+          labels: |
+            org.opencontainers.image.source=${{ env.IMG_SOURCE }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.version=${{ github.ref_name }}
+            org.opencontainers.image.licenses=AFL-3.0
+          sbom: true
+          tags: |
+            ghcr.io/${{ env.IMAGE_OWNER }}/draupnir:latest

.github/workflows/ghcr-release.yml

@@ -0,0 +1,64 @@
+# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+name: "GHCR - Release"
+
+on:
+  release:
+    types: [published]
+
+env:
+  PLATFORMS: linux/amd64,linux/arm64
+  IMG_SOURCE: https://github.com/${{ github.repository }}
+
+jobs:
+  ghcr-release:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      packages: write
+      contents: read
+      attestations: write
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+      - name: Get release tag
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+      - name: Unshallow for git describe so we can create version.txt
+        run: git fetch --prune --unshallow --tags --all --force
+      - name: Set lowercase image owner
+        run: echo "IMAGE_OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      # Needed for multi platform builds
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push image to GHCR
+        id: push_ghcr
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: ${{ env.PLATFORMS }}
+          push: true
+          labels: |
+            org.opencontainers.image.source=${{ env.IMG_SOURCE }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.version=${{ github.ref_name }}
+            org.opencontainers.image.licenses=AFL-3.0
+          sbom: true
+          tags: |
+            ghcr.io/${{ env.IMAGE_OWNER }}/draupnir:${{ env.RELEASE_VERSION }}