Point all image references at ghcr.io/wabolabs/wabosign

The image now lives at GHCR (pushed manually as :latest and :sha-45ed368a). Aligning the rest of the repo to match: - docker-compose.yml: image: ghcr.io/wabolabs/wabosign:latest - README.md docker-run example: same - .github/workflows/docker.yml: meta.images and login-action repointed at ghcr.io. Login now uses the auto-provisioned GITHUB_TOKEN with a job-level `permissions: packages: write`; the DOCKERHUB_USERNAME / DOCKERHUB_TOKEN secrets are no longer needed and can be removed from the repo settings. Also adds a `type=raw,value=latest` tag so the semver-triggered build keeps :latest pointing at the newest release. - REBRANDING.md: registry note updated for accuracy. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
1 month ago · 61a8b080ac
parent 45ed368a26
commit 61a8b080ac
4 changed files with 14 additions and 8 deletions
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -9,6 +9,9 @@ jobs:
  build:
    runs-on: ubuntu-24.04-arm
    timeout-minutes: 30
+    permissions:
+      contents: read
+      packages: write

    steps:
    - name: Checkout code
@ -20,8 +23,10 @@ jobs:
      id: meta
      uses: docker/metadata-action@v4
      with:
-        images: wabolabs/wabosign
-        tags: type=semver,pattern={{version}}
+        images: ghcr.io/wabolabs/wabosign
+        tags: |
+          type=semver,pattern={{version}}
+          type=raw,value=latest

    - name: Set up QEMU
      uses: docker/setup-qemu-action@v3
@ -32,11 +37,12 @@ jobs:
    - name: Create .version file
      run: echo ${{ github.ref_name }} > .version

-    - name: Login to Docker Hub
+    - name: Login to GitHub Container Registry
      uses: docker/login-action@v3
      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Build and push Docker image
      uses: docker/build-push-action@v6
--- a/README.md
+++ b/README.md
@ -40,7 +40,7 @@ WaboSign is a fork of [DocuSeal](https://github.com/docusealco/docuseal) under A
 ## Docker

 ```sh
-docker run --name wabosign -p 3000:3000 -v .:/data wabolabs/wabosign
+docker run --name wabosign -p 3000:3000 -v .:/data ghcr.io/wabolabs/wabosign:latest
 ```

 By default the container uses SQLite for data. Point at PostgreSQL or MySQL by setting `DATABASE_URL`.
--- a/REBRANDING.md
+++ b/REBRANDING.md
@ -41,7 +41,7 @@ Scope: ~183 files modified. Decisions were made in a planning conversation befor
 - New migration [db/migrate/20260515183000_rename_docuseal_aatl_cert.rb](db/migrate/20260515183000_rename_docuseal_aatl_cert.rb) updates the AATL cert `name` field inside encrypted JSON value blobs from `docuseal_aatl` → `wabosign_aatl`
 - `AATL_CERT_NAME` constant updated accordingly
 - [Dockerfile](Dockerfile): user, group, home directory, and workdir renamed `docuseal` → `wabosign`
- [docker-compose.yml](docker-compose.yml): image, volume, and Postgres DB name → `wabolabs/wabosign` / `wabosign`
+- [docker-compose.yml](docker-compose.yml): image, volume, and Postgres DB name → `ghcr.io/wabolabs/wabosign` / `wabosign`
 - [config/database.yml](config/database.yml): dev/test DB names → `wabosign_dev` / `wabosign_test`
 - [.github/workflows/ci.yml](.github/workflows/ci.yml) and [.github/workflows/docker.yml](.github/workflows/docker.yml): image name and test DB renamed
 - `docuseal.env` config file path → `wabosign.env` in [config/dotenv.rb](config/dotenv.rb)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -3,7 +3,7 @@ services:
    depends_on:
      postgres:
        condition: service_healthy
-    image: wabolabs/wabosign:latest
+    image: ghcr.io/wabolabs/wabosign:latest
    ports:
      - 3000:3000
    volumes: