feat(ci): switch to GitHub Container Registry for images

Updated the workflow to push container images to GitHub Container Registry instead of Docker Hub. Added a login step for GHCR and updated image tagging and pushing commands accordingly. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 07:03:56 +02:00 · 2025-04-02 16:27:24 +02:00 · 2025-04-02 16:27:24 +02:00 · 3257f316b5
commit 3257f316b5
parent 542e3a9fcc
12 changed files with 43 additions and 42 deletions
--- a/examples/README.md
+++ b/examples/README.md
@ -121,7 +121,7 @@ Passphrase:
 Find out the `mr_enclave` value of the teepot-vault-admin-sgx-azure enclave and extract the sigstruct file:

 ```bash
-❯ docker run -v .:/mnt --pull always -it matterlabsrobot/teepot-vault-admin-sgx-azure:latest 'gramine-sgx-sigstruct-view teepot-vault-admin-sgx-azure.sig; cp teepot-vault-admin-sgx-azure.sig /mnt'
+❯ docker run -v .:/mnt --pull always -it ghcr.io/matter-labs/teepot-vault-admin-sgx-azure:latest 'gramine-sgx-sigstruct-view teepot-vault-admin-sgx-azure.sig; cp teepot-vault-admin-sgx-azure.sig /mnt'
 [...]
 Attributes:
    mr_signer: c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d
@ -226,18 +226,18 @@ Next is to sign the admin tee with the vault-admin tool:
 ```

 Then replace `teepot-vault-admin-sgx-azure.sig` with `teepot-vault-admin-sgx-azure-new.sig` in the container
-image `matterlabsrobot/teepot-vault-admin-sgx-azure:latest` with this Dockerfile:
+image `ghcr.io/matter-labs/teepot-vault-admin-sgx-azure:latest` with this Dockerfile:

 ```Dockerfile
-FROM matterlabsrobot/teepot-vault-admin-sgx-azure:latest
+FROM ghcr.io/matter-labs/teepot-vault-admin-sgx-azure:latest
 COPY teepot-vault-admin-sgx-azure-new.sig /app/teepot-vault-admin-sgx-azure.sig
 ```

 Build and push the new image:

 ```bash
-❯ docker build -t matterlabsrobot/teepot-vault-admin-sgx-azure-signed:latest .
-❯ docker push matterlabsrobot/teepot-vault-admin-sgx-azure-signed:latest
+❯ docker build -t ghcr.io/matter-labs/teepot-vault-admin-sgx-azure-signed:latest .
+❯ docker push ghcr.io/matter-labs/teepot-vault-admin-sgx-azure-signed:latest
 ```

 Delete the old vault-admin pod and start the new one:
--- a/examples/k8s/vault-1-pod.yaml
+++ b/examples/k8s/vault-1-pod.yaml
@ -27,7 +27,7 @@ spec:
  imagePullSecrets:
    - name: docker-regcred
  containers:
-    - image: matterlabsrobot/teepot-vault-sgx-azure:latest
+    - image: ghcr.io/matter-labs/teepot-vault-sgx-azure:latest
      name: vault
      imagePullPolicy: Always
      env:
@ -62,7 +62,7 @@ spec:
      volumeMounts:
        - mountPath: /opt/vault/data
          name: data-1
-    - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
+    - image: ghcr.io/matter-labs/teepot-vault-unseal-sgx-azure:latest
      name: vault-unseal
      imagePullPolicy: Always
      env:
--- a/examples/k8s/vault-2-pod.yaml
+++ b/examples/k8s/vault-2-pod.yaml
@ -27,7 +27,7 @@ spec:
  imagePullSecrets:
    - name: docker-regcred
  containers:
-    - image: matterlabsrobot/teepot-vault-sgx-azure:latest
+    - image: ghcr.io/matter-labs/teepot-vault-sgx-azure:latest
      name: vault
      imagePullPolicy: Always
      env:
@ -62,7 +62,7 @@ spec:
      volumeMounts:
        - mountPath: /opt/vault/data
          name: data-2
-    - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
+    - image: ghcr.io/matter-labs/teepot-vault-unseal-sgx-azure:latest
      name: vault-unseal
      imagePullPolicy: Always
      env:
--- a/examples/k8s/vault-3-pod.yaml
+++ b/examples/k8s/vault-3-pod.yaml
@ -27,7 +27,7 @@ spec:
  imagePullSecrets:
    - name: docker-regcred
  containers:
-    - image: matterlabsrobot/teepot-vault-sgx-azure:latest
+    - image: ghcr.io/matter-labs/teepot-vault-sgx-azure:latest
      name: vault
      imagePullPolicy: Always
      env:
@ -62,7 +62,7 @@ spec:
      volumeMounts:
        - mountPath: /opt/vault/data
          name: data-3
-    - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
+    - image: ghcr.io/matter-labs/teepot-vault-unseal-sgx-azure:latest
      name: vault-unseal
      imagePullPolicy: Always
      env:
--- a/examples/k8s/vault-unseal-pod-0.yaml
+++ b/examples/k8s/vault-unseal-pod-0.yaml
@ -11,7 +11,7 @@ spec:
      operator: Exists
      effect: NoSchedule
  containers:
-    - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
+    - image: ghcr.io/matter-labs/teepot-vault-unseal-sgx-azure:latest
      name: vault-unseal
      imagePullPolicy: Always
      env:
--- a/examples/k8s/vault-unseal-pod-1.yaml
+++ b/examples/k8s/vault-unseal-pod-1.yaml
@ -11,7 +11,7 @@ spec:
      operator: Exists
      effect: NoSchedule
  containers:
-    - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
+    - image: ghcr.io/matter-labs/teepot-vault-unseal-sgx-azure:latest
      name: vault-unseal
      imagePullPolicy: Always
      env:
--- a/examples/k8s/vault-unseal-pod-2.yaml
+++ b/examples/k8s/vault-unseal-pod-2.yaml
@ -11,7 +11,7 @@ spec:
      operator: Exists
      effect: NoSchedule
  containers:
-    - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
+    - image: ghcr.io/matter-labs/teepot-vault-unseal-sgx-azure:latest
      name: vault-unseal
      imagePullPolicy: Always
      env: