Optimize GitHub Actions workflows for State Manager & Dashboard builds

[RohanDisa]

What Changed

• Consolidated duplicate build jobs (publish-image-on-ghcr & publish-image-on-docker) into a single job per workflow.
• Ensured one build per workflow, pushing the same image to both GHCR and DockerHub.

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[safedep]

SafeDep Report Summary

Package Details

Package	Malware	Vulnerability	Risky License	Report

---

This report is generated by SafeDep Github App.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Container images for Dashboard and State Manager are now published to both GitHub Container Registry and Docker Hub.
  • Standardized image names (e.g., exosphere-dashboard) under the owner namespace; tags now include a short commit SHA.

• Chores

  • Consolidated image publishing into a single workflow for each service, simplifying tagging and pushing.
  • Renamed the publish job for clarity and removed redundant steps and jobs.

Summary by CodeRabbit

• Chores
  • Consolidated publish jobs into a single workflow for simpler, more reliable releases.
  • Images now published to both GitHub Container Registry and Docker Hub.
  • Standardized image naming and tagging (short SHA) for clearer, consistent versions.
  • Removed redundant steps and jobs to streamline the release process and reduce complexity.

Walkthrough

Consolidates publishing into a single publish-image job and changes image handling to publish a plain-named image to both GHCR and Docker Hub by adding GHCR_REGISTRY and DOCKER_REGISTRY, updating IMAGE_NAME, and switching to a multi-registry docker/metadata-action flow.

Changes

Cohort / File(s)

Summary of Changes

Multi-registry publishing refactor .github/workflows/publish-dashboard.yml, .../publish-state-mangaer.yml, .../release-state-manager.yml, .../release-dashboard.yml

- Added env vars GHCR_REGISTRY=ghcr.io, DOCKER_REGISTRY=docker.io; set IMAGE_NAME to a plain image name - Replaced REGISTRY usage with GHCR_REGISTRY for GHCR login - Renamed publish jobs to publish-image and removed separate DockerHub publish jobs/outputs - Replaced per-registry tag/build/push steps with a unified docker/metadata-action images input listing both registries: ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} and ${{ env.DOCKER_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} - Removed explicit tag/build/push/provenance/SBOM steps and simplified final tagging/pushing flow

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Trigger as Git event / release
    participant GHActions as GitHub Actions
    participant Meta as docker/metadata-action
    participant GHCR as ghcr.io
    participant DH as docker.io

    Trigger->>GHActions: trigger publish workflow
    GHActions->>GHActions: checkout, setup-buildx
    GHActions->>GHCR: docker login (GHCR_REGISTRY)
    GHActions->>DH: docker login (DOCKER_REGISTRY)
    GHActions->>Meta: generate tags/labels for both registry image refs
    GHActions->>GHActions: buildx build & push (uses metadata)
    GHActions->>GHCR: push image
    GHActions->>DH: push image
    GHActions-->>Trigger: publish-image job completes

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Dashboard #266 — Modifies the same .github/workflows/publish-dashboard.yml (dashboard publish workflow changes).
• Optimize GitHub Actions workflows for State Manager & Dashboard builds #430 — Applies the same multi-registry/workflow rename changes across publish workflows.
• Update GitHub Actions workflows to use 'beta-latest' tag for images and add new workflows for releasing dashboard and Python SDK #278 — Adjusts image naming and registry variables in publish workflows (related tagging/metadata changes).

Poem

I hop through YAML fields at night,
Two registries twinkle, tidy and bright.
One small IMAGE_NAME, one job to steer,
Tags and pushes done with cheer.
Carrots, builds, and CI clear—🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly conveys the core change by indicating the optimization of GitHub Actions workflows specifically for the State Manager and Dashboard builds, matching the consolidation and multi-registry push focus of the PR. It is clear, concise, and accurately reflects the main update without extraneous detail.
Description Check	✅ Passed	The description directly outlines the main modifications by describing the consolidation of duplicate publish jobs into a single workflow and the push to both GHCR and DockerHub, aligning well with the actual changes in the PR. It is relevant and on-topic for the workflow updates.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 91cbd02 and 5bfea5f.

📒 Files selected for processing (1)

• .github/workflows/release-dashboard.yml (2 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/release-dashboard.yml (1)

48-67: GHCR tags are no longer generated or pushed
By feeding images: ${{ env.IMAGE_NAME }} to docker/metadata-action, the build now emits tags like exospherehost/exosphere-dashboard:latest without the ghcr.io/ prefix. docker/build-push-action therefore only publishes to Docker Hub, and the GHCR login step becomes a no-op. This regresses the release workflow because GHCR never receives the image. Please emit tags for both registries.

       - name: Generate tags & labels
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.IMAGE_NAME }}
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+            ${{ env.IMAGE_NAME }}
           tags: |
             type=raw,value=latest
             type=semver,pattern={{version}}

.github/workflows/release-state-manager.yml (1)

118-125: Enable buildx GHA cache for faster repeat builds.

Adds substantial speed-ups and lower CI cost without behavior change.

       with:
         context: ./state-manager
         push: true
         platforms: linux/amd64,linux/arm64
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha,scope=state-manager
+        cache-to: type=gha,mode=max,scope=state-manager
         provenance: true
         sbom: true

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bb6399c and 91cbd02.

📒 Files selected for processing (2)

• .github/workflows/release-dashboard.yml (1 hunks)
• .github/workflows/release-state-manager.yml (5 hunks)

🔇 Additional comments (4)

.github/workflows/release-state-manager.yml (4)

8-10: Good env factoring for registries and image name.

---

47-47: uv sync for dev deps is appropriate.

---

69-77: Consolidated publish job + minimal permissions look good.

---

91-93: GHCR login OK; confirm package visibility.

If this is a public image, ensure the GHCR package visibility is public on first push (GHCR defaults can be private). Adjust via UI/API if needed.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Enforce lowercase image names and allow Docker Hub namespace override.

Registry image names should be lowercase. Also, Docker Hub namespace may differ from github.repository_owner, causing push failures. Apply:

-          images: |
-            ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
-            ${{ env.DOCKER_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+          images: |
+            ${{ toLower(format('{0}/{1}/{2}', env.GHCR_REGISTRY, github.repository_owner, env.IMAGE_NAME)) }}
+            ${{ toLower(format('{0}/{1}/{2}', env.DOCKER_REGISTRY, env.DOCKERHUB_NAMESPACE, env.IMAGE_NAME)) }}

Add this env key near the other env vars to override when needed (defaults to repo owner):

env:
  GHCR_REGISTRY: ghcr.io
  DOCKER_REGISTRY: docker.io
  IMAGE_NAME: exosphere-state-manager
  DOCKERHUB_NAMESPACE: ${{ vars.DOCKERHUB_NAMESPACE || github.repository_owner }}

🤖 Prompt for AI Agents

.github/workflows/release-state-manager.yml around lines 105-108: the workflow
currently uses github.repository_owner for Docker Hub namespace and does not
guarantee lowercase image names, which can cause push failures; add a new env
key DOCKERHUB_NAMESPACE (defaulting to github.repository_owner) alongside
GHCR_REGISTRY/DOCKER_REGISTRY/IMAGE_NAME, ensure IMAGE_NAME is set to a
lowercase string, and update the images entries to use ${DOCKERHUB_NAMESPACE}
for the docker.io path (and keep GHCR_REGISTRY for ghcr) so both registry image
names use the proper namespace and lowercase image name.