ci: mirror PHP images to ghcr.io alongside Docker Hub#107
Merged
Conversation
Push every built image (base, fpm, unit, unit-dev) to both skilldlabs/php (Docker Hub) and ghcr.io/skilld-labs/php in a single build-push-action step, so both registries get the same multi-arch digest with no rebuild or re-pull. - Add GHCR_REGISTRY env and ghcr.io login (github.actor/GITHUB_TOKEN) to all jobs in the reusable build-php.yml - Append ghcr tags to base/fpm/unit/unit-dev pushes (incl. :version) - Grant packages: write in build-php.yml and in the 8.3/8.4/8.5 callers (caller governs GITHUB_TOKEN scope for workflow_call) - Document the dual registry in CLAUDE.md Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Code Review
This pull request updates the CLAUDE.md documentation to reflect that PHP Docker images are now published to both Docker Hub and GitHub Container Registry (GHCR) from a single build. It adds a new 'Container Registries' section detailing the registry configurations, authentication, permissions, and tagging strategies. There are no review comments, so I have no feedback to provide.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Push every built image (base, fpm, unit, unit-dev) to both registries in a single
docker/build-push-actionstep:skilldlabs/php(unchanged)ghcr.io/skilld-labs/php(new)Both registries receive the same multi-arch digest — no rebuild, no re-pull.
Changes
build-php.yml(reusable, all 4 jobs): addGHCR_REGISTRYenv, a seconddocker/login-actiontoghcr.io(github.actor/GITHUB_TOKEN), workflow-levelpermissions: packages: write, and ghcr tags appended to every push (incl. optional:version).build-83/84/85.yml(callers): addpermissions: { contents: read, packages: write }— forworkflow_callthe caller governs theGITHUB_TOKENscope handed to the reusable workflow.CLAUDE.md: document the dual registry, theskilld-labsvsskilldlabsnamespace difference, and the auth/permission model.No extra secret needed:
GITHUB_TOKENcan push because the package lives under the same org as the repo. FrankenPHP workflows are untouched (Docker Hub only).Verification (PHP 8.3, run 28123024232)
amd64digestsha256:658c61e8…== Docker Hubamd64digest (identical image).docker pull ghcr.io/skilld-labs/php:83confirmed working.Notes
phppackage has already been set Public + org policy allows public packages.🤖 Generated with Claude Code