Conversation
- Replace separate docker/build-push-action job with GoReleaser dockers - Merge release_binaries and release_docker into single release job - Publish multi-arch images to both GHCR and Docker Hub - Simplify Dockerfile to use pre-built binary from GoReleaser - Scope permissions properly (contents:write, packages:write) - Architectures: amd64, arm64, armv7, armv6, 386, ppc64le Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR consolidates the project’s release workflow so GoReleaser becomes the single source of truth for building binaries/packages and publishing multi-arch Docker images to GHCR and Docker Hub.
Changes:
- Merge the separate binary + Docker release jobs into one
releasejob powered by GoReleaser. - Add GoReleaser configuration to build/push per-arch Docker images and multi-arch manifests.
- Simplify the Dockerfile to package the prebuilt GoReleaser binary instead of building from source.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| .github/workflows/ci.yml | Replaces prior release jobs with a single GoReleaser-driven release job and scopes job permissions. |
| .github/goreleaser.yml | Adds Docker/buildx and manifest publishing configuration for multiple architectures and registries. |
| .github/Dockerfile | Switches to a minimal scratch image that copies in the GoReleaser-produced binary and CA certs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.github/workflows/ci.yml
Outdated
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
| distribution: goreleaser | ||
| version: latest |
There was a problem hiding this comment.
Using version: latest for GoReleaser makes releases non-reproducible and can break unexpectedly when a new GoReleaser is published. Prefer pinning to a specific major/minor (or exact) GoReleaser version so tag builds remain stable over time.
| version: latest | |
| version: v2.12.7 |
| - image_templates: | ||
| - "ghcr.io/jpillora/chisel:{{ .Tag }}-amd64" | ||
| - "docker.io/jpillora/chisel:{{ .Tag }}-amd64" | ||
| use: buildx | ||
| dockerfile: .github/Dockerfile |
There was a problem hiding this comment.
Docker image tags/manifests are templated with {{ .Tag }}, which will include the leading v from git tags (e.g., v1.2.3). This differs from the prior workflow’s semver tags (e.g., 1.2.3) and from the binary BuildVersion which uses {{ .Version }}. If you want to preserve existing Docker tag semantics, switch these templates to use {{ .Version }} (and update all related templates consistently).
.github/goreleaser.yml
Outdated
| docker_manifests: | ||
| - name_template: "ghcr.io/jpillora/chisel:{{ .Tag }}" | ||
| image_templates: | ||
| - "ghcr.io/jpillora/chisel:{{ .Tag }}-amd64" | ||
| - "ghcr.io/jpillora/chisel:{{ .Tag }}-arm64" |
There was a problem hiding this comment.
The previous Docker publishing step generated additional semver tags (major/minor/major.minor) via docker/metadata-action. With the current docker_manifests config, only the full tag (and latest) are published. If downstream users rely on :1, :1.2, etc., consider adding corresponding manifest name_template entries for those aliases.
.github/goreleaser.yml
Outdated
| - name_template: "ghcr.io/jpillora/chisel:latest" | ||
| image_templates: | ||
| - "ghcr.io/jpillora/chisel:{{ .Tag }}-amd64" | ||
| - "ghcr.io/jpillora/chisel:{{ .Tag }}-arm64" | ||
| - "ghcr.io/jpillora/chisel:{{ .Tag }}-armv7" | ||
| - "ghcr.io/jpillora/chisel:{{ .Tag }}-armv6" | ||
| - "ghcr.io/jpillora/chisel:{{ .Tag }}-386" | ||
| - "ghcr.io/jpillora/chisel:{{ .Tag }}-ppc64le" |
There was a problem hiding this comment.
This config will push/update the :latest multi-arch manifests on every version tag, including prereleases (since release.prerelease is auto). If you don’t want prereleases to move latest, consider removing these latest manifest entries or gating them so only stable tags publish latest.
Use .Version instead of .Tag for Docker image templates, add major and major.minor manifest tags, skip pushing latest/semver tags for prereleases, and pin GoReleaser to v2.12.7 for reproducible builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Summary
release_binariesandrelease_dockerinto a singlereleasejob powered by GoReleasercontents:write,packages:write)Test plan
goreleaser checkvalidates config🤖 Generated with Claude Code