feat(release): add docker publishing to the release process (#25)

Author: JonZeolla

hooks/post_gen_project.py

@@ -121,6 +121,24 @@ def write_context(*, context: dict) -> None:
         yaml.dump(context, file)
 
 
+def notify_dockerhub_secrets() -> None:
+    """Notify user about required Docker Hub secrets for releases."""
+    print("\n" + "=" * 70)
+    print("IMPORTANT: Docker Hub Publishing Enabled")
+    print("=" * 70)
+    print("\nYou have enabled Docker Hub publishing for releases.")
+    print("Please ensure the following GitHub secrets are configured:")
+    print("\n  • DOCKERHUB_USERNAME - Your Docker Hub username")
+    print("  • DOCKERHUB_PAT - Your Docker Hub Personal Access Token")
+    print("\nWithout these secrets, your releases will fail during the")
+    print("Docker image publishing step.")
+    print("\nTo add these secrets:")
+    print("1. Go to your GitHub repository settings")
+    print("2. Navigate to Settings → Secrets and variables → Actions")
+    print("3. Add the required secrets")
+    print("=" * 70 + "\n")
+
+
 def run_post_gen_hook():
     """Run post generation hook"""
     try:
@@ -199,6 +217,10 @@ def run_post_gen_hook():
         # Run the initial setup step automatically so pre-commit hooks, etc. are pre-installed. However, if it fails, don't fail the overall repo generation
         # (i.e. check=False)
         subprocess.run(["task", "init"], check=False, capture_output=True)
+
+        # Notify about Docker Hub secrets if Docker Hub publishing is enabled
+        if cookiecutter_context.get("dockerhub") == "yes":
+            notify_dockerhub_secrets()
     except subprocess.CalledProcessError as error:
         stdout = error.stdout.decode("utf-8") if error.stdout else "No stdout"
         stderr = error.stderr.decode("utf-8") if error.stderr else "No stderr"

{{cookiecutter.project_name|replace(" ", "")}}/.github/workflows/commit.yml

@@ -102,42 +102,3 @@ jobs:
           name: vulns-${{ "{{ env.SANITIZED_PLATFORM }}" }}
           path: vulns.*.json
           if-no-files-found: error
-{%- if cookiecutter.dockerhub == 'yes' %}
-  publish:
-    name: Publish the container(s)
-    needs: bump-version
-    runs-on: ubuntu-24.04
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
-    steps:
-      - name: Checkout the repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          ref: "${{ "{{ needs.bump-version.outputs.tag }}" }}"
-          persist-credentials: 'false'
-      - name: Bootstrap repository
-        uses: ./.github/actions/bootstrap
-        with:
-          token: ${{ "{{ secrets.GITHUB_TOKEN }}" }}
-          python-version: ${{ "{{ env.python_version }}" }}
-      - name: Set up QEMU for cross-platform emulation
-        uses: docker/setup-qemu-action@v3
-      - name: Build the container
-        run: task -v build
-        env:
-          PLATFORM: ${{ "{{ matrix.platform }}" }}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ "{{ secrets.DOCKERHUB_USERNAME }}" }}
-          password: ${{ "{{ secrets.DOCKERHUB_PAT }}" }}
-      - name: Publish the container
-        run: task -v publish
-        env:
-          PLATFORM: ${{ "{{ matrix.platform }}" }}
-{%- endif %}

{{cookiecutter.project_name|replace(" ", "")}}/.github/workflows/release.yml

@@ -48,3 +48,41 @@ jobs:
           TAG=$(git describe --tags --abbrev=0)
           echo "tag=${TAG}" | tee -a "${GITHUB_OUTPUT}"
           echo "Created release tag: ${TAG}"
+{%- if cookiecutter.dockerhub == 'yes' %}
+
+  publish-docker:
+    name: Publish Docker Image
+    needs: release
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ "{{ needs.release.outputs.tag }}" }}
+          persist-credentials: 'false'
+
+      - name: Bootstrap repository
+        uses: ./.github/actions/bootstrap
+        with:
+          token: ${{ "{{ secrets.GITHUB_TOKEN }}" }}
+          python-version: ${{ "{{ env.python_version }}" }}
+
+      - name: Set up QEMU for cross-platform emulation
+        uses: docker/setup-qemu-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ "{{ secrets.DOCKERHUB_USERNAME }}" }}
+          password: ${{ "{{ secrets.DOCKERHUB_PAT }}" }}
+
+      - name: Build and publish multiplatform Docker image
+        run: |
+          # Extract version from tag (remove 'v' prefix if present)
+          VERSION="${{ "{{ needs.release.outputs.tag }}" }}"
+          VERSION="${VERSION#v}"
+
+          # Build and push multiplatform image
+          task -v publish VERSION="${VERSION}" PLATFORM=all
+{%- endif %}

{{cookiecutter.project_name|replace(" ", "")}}/Taskfile.yml

@@ -86,6 +86,7 @@ tasks:
   build:
     desc: Build the project; docker images, compiled binaries, etc.
     vars:
+      PUBLISH: '{{ '{{.PUBLISH | default "false"}}' }}'
       TIMESTAMP:
         sh: '{{ '{{.RUN_SCRIPT}}' }} {{ '{{.SCRIPTS_DIR}}' }}/get_rfc3339_timestamp.py'
       EPOCH:
@@ -98,12 +99,12 @@ tasks:
       OUTPUT_FILE: '{{ '{{.IMAGE_NAME | replace "/" "_"}}' }}_latest_{{ '{{.PLATFORM_SUFFIX}}' }}.tar'
       DESCRIPTION: '{{ cookiecutter.project_short_description }}'
     cmds:
-      # First build: load if same platform, output to file if cross-platform
+      # First build: load if same platform, output to file if cross-platform, or push if PUBLISH is true
       - |
         docker buildx build \
           --platform {{ '{{.BUILD_PLATFORM}}' }} \
           --pull \
-          {{ '{{if eq .PLATFORM .LOCAL_PLATFORM}}' }}--load{{ '{{else}}' }}-o type=oci,dest="{{ '{{.OUTPUT_FILE}}' }}"{{ '{{end}}' }} \
+          {{ '{{if eq .PUBLISH "true"}}' }}--push{{ "{{else if eq .PLATFORM .LOCAL_PLATFORM}}" }}--load{{ "{{else}}" }}-o type=oci,dest="{{ '{{.OUTPUT_FILE}}' }}"{{ "{{end}}" }} \
           {{ '{{if eq .GITHUB_ACTIONS "true"}}' }}--cache-from type=gha --cache-to type=gha,mode=max{{ '{{end}}' }} \
           --build-arg NAME="{{ '{{.PROJECT_SLUG}}' }}" \
           --build-arg DESCRIPTION="{{ '{{.DESCRIPTION}}' }}" \
@@ -243,29 +244,16 @@ tasks:
 
   publish:
     desc: Publish the project artifacts; docker images, compiled binaries, etc.
-    vars:
-      INPUT_FILE:
-        # Find the latest tar file for cross-platform builds
-        sh: '{{ '{{if and (ne .LOCAL_PLATFORM .PLATFORM) (ne .PLATFORM "all")}}' }}ls {{ '{{.IMAGE_NAME | replace "/" "_"}}' }}_*_{{ '{{.PLATFORM | replace "/" "_" | replace "," "_"}}' }}.tar 2>/dev/null | sort -r | head -1{{ '{{end}}' }}'
-    preconditions:
-      - sh: which docker
-        msg: "docker is required for publishing"
+    requires:
+      vars:
+        - VERSION
     cmds:
-      - |
-        {{ '{{if or (eq .LOCAL_PLATFORM .PLATFORM) (eq .PLATFORM "all")}}' }}
-          docker push {{ '{{.IMAGE_NAME}}:{{.VERSION}}' }}
-          docker push {{ '{{.IMAGE_NAME}}:latest' }}
-        {{ '{{else}}' }}
-          echo "Publishing cross-platform image from {{ '{{.INPUT_FILE}}' }}"
-          docker run --rm \
-            -v "$(pwd):/src" \
-            -w /src \
-            quay.io/skopeo/stable:latest \
-            copy oci-archive:{{ '{{.INPUT_FILE}}' }} docker://{{ '{{.IMAGE_NAME}}:{{.VERSION}}' }}
-          docker run --rm \
-            -v "$(pwd):/src" \
-            -w /src \
-            quay.io/skopeo/stable:latest \
-            copy oci-archive:{{ '{{.INPUT_FILE}}' }} docker://{{ '{{.IMAGE_NAME}}:latest' }}
-        {{ '{{end}}' }}
+      - task: build
+        vars:
+          PUBLISH: 'true'
+          VERSION: '{{ '{{.VERSION}}' }}'
+          PLATFORM: '{{ '{{.PLATFORM | default "all"}}' }}'
+          DOCKER_BUILDX_CUSTOM_ARGS: '{{ '{{.DOCKER_BUILDX_CUSTOM_ARGS | default ""}}' }}'
+          DOCKER_BUILDX_CUSTOM_TAGS: '{{ '{{.DOCKER_BUILDX_CUSTOM_TAGS | default ""}}' }}'
+          DOCKER_BUILDX_CUSTOM_CONTEXT: '{{ '{{.DOCKER_BUILDX_CUSTOM_CONTEXT}}' }}'
 {%- endif %}