GHCR Publish Report
GHCR Publish Report
Section titled “GHCR Publish Report”Execution date: 2026-04-22
Files Created Or Updated
Section titled “Files Created Or Updated”- Created:
.github/workflows/docker-publish.yml - Created:
docs/plans/2026-04-22-ghcr-publish-report.md - Updated:
docs/DEPLOY.md - Updated:
README.md - Staged with the same task commit:
docs/plans/codex-tasks/2026-04-22-cx-ghcr-publish.md
Workflow Decision
Section titled “Workflow Decision”verify-before-publishwas intentionally not added to the release workflow.- Reason: the repository already runs the full verification stack on regular
push/pull_requestin.github/workflows/test.yml, while the GHCR workflow is meant to keep tag-based publishing latency reasonable on top of a multi-arch build. - Tradeoff: a manually pushed tag can still trigger publish without rerunning the full suite in that workflow, so local
scripts/verify_all.cmd --with-e2eremains part of the release checklist.
Workflow Syntax Validation
Section titled “Workflow Syntax Validation”actionlint .github/workflows/docker-publish.ymlpassed.python -c "import yaml; yaml.safe_load(open('.github/workflows/docker-publish.yml'))"passed.
Local Verification
Section titled “Local Verification”scripts/verify_all.cmd --with-e2efailed outside the GHCR scope during backend pytest:app/backend/tests/test_startup_seed.py::test_startup_seed_populates_demo_projects_with_analysis_and_exportapp/backend/tests/test_startup_seed.py::test_startup_seed_is_idempotent_across_restarts
- Failure summary: both tests expected three seeded demo projects after startup, but observed
0. - Evidence that this is pre-existing dirty-worktree state outside this task’s file scope:
app/backend/app/config.py,app/backend/app/main.py, untrackedapp/backend/app/startup_seed.py, untrackedapp/backend/tests/test_startup_seed.py, and untrackeddocs/plans/codex-tasks/2026-04-22-cx-seed-hf-startup.mdwere already present while this task only touched workflow/docs/report files.
User Checklist For First Publish
Section titled “User Checklist For First Publish”- Push a tag matching
v*, for examplev1.1.0. - Wait for the
Publish Docker imageworkflow to finish. - Open https://github.com/brownjuly2003-code/ab-test-research-designer/pkgs/container/ab-test-research-designer.
- Go to
Settingsand change package visibility to Public. - Verify anonymous pull from a clean machine:
docker pull ghcr.io/brownjuly2003-code/ab-test-research-designer:v1.1.0Known Risks
Section titled “Known Risks”- The first publish can take roughly 8-15 minutes because the workflow builds both
linux/amd64andlinux/arm64without a warm cache. cache-from/cache-to type=ghaimproves repeat runs, but GitHub may evict the cache after about 7 days of inactivity.- GHCR package visibility is private on the first push and must be switched to public once by hand.