chore(ci): add Docker Hub as secondary container registry

Publish Docker images to both Docker Hub (docker.io/wikid82/charon) and
GitHub Container Registry (ghcr.io/wikid82/charon) for maximum reach.

Add Docker Hub login with secret existence check for graceful fallback
Update docker/metadata-action to generate tags for both registries
Add Cosign keyless signing for both GHCR and Docker Hub images
Attach SBOM to Docker Hub via cosign attach sbom
Add Docker Hub signature verification to supply-chain-verify workflow
Update README with Docker Hub badges and dual registry examples
Update getting-started.md with both registry options
Supply chain security maintained: identical tags, signatures, and SBOMs
on both registries. PR images remain GHCR-only.
This commit is contained in:
GitHub Actions
2026-01-25 16:04:42 +00:00
parent 9a26fcaf88
commit ba900e20c5
7 changed files with 927 additions and 1767 deletions

View File

@@ -28,7 +28,10 @@ Create a file called `docker-compose.yml`:
```yaml
services:
charon:
image: ghcr.io/wikid82/charon:latest
# Docker Hub (recommended)
image: wikid82/charon:latest
# Alternative: GitHub Container Registry
# image: ghcr.io/wikid82/charon:latest
container_name: charon
restart: unless-stopped
ports:
@@ -50,6 +53,22 @@ docker-compose up -d
### Option B: Docker Run (One Command)
**Docker Hub (recommended):**
```bash
docker run -d \
--name charon \
-p 80:80 \
-p 443:443 \
-p 8080:8080 \
-v ./charon-data:/app/data \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-e CHARON_ENV=production \
wikid82/charon:latest
```
**Alternative (GitHub Container Registry):**
```bash
docker run -d \
--name charon \