e250706a1a
- Clarify that DOCKER_HUB_USERNAME is an environment variable, not a secret - Add cross-reference to existing docker-ci-cd.md documentation - Document both build jobs that use Docker Hub authentication - Update troubleshooting section to reflect actual workflow configuration This addresses the concerns raised in the automated PR review about incorrect secret references and documentation overlap. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
3.6 KiB
Docker Hub Authentication for GitHub Actions
This guide explains how to set up Docker Hub authentication for the GitHub Actions workflows in this repository.
Overview
The repository uses Docker Hub to publish container images through GitHub Actions. Authentication is required to push images to Docker Hub.
Note: This guide supplements the general Docker CI/CD documentation in docker-ci-cd.md with specific authentication setup instructions.
Setup Instructions
1. Create a Docker Hub Access Token
- Log in to Docker Hub
- Navigate to Account Settings → Security
- Click "New Access Token"
- Configure the token:
- Description: Give it a meaningful name (e.g., "GitHub Actions - claude-github-webhook")
- Access permissions: Select "Read & Write" to allow pushing images
- Click "Generate"
- Important: Copy the token immediately - it won't be shown again
2. Add the Token to GitHub
You can add the token as either a repository secret or an organization secret.
Option A: Repository Secret
- Go to your GitHub repository
- Navigate to Settings → Secrets and variables → Actions
- Click "New repository secret"
- Add the secret:
- Name:
DOCKER_HUB_TOKEN - Value: Paste your Docker Hub access token
- Name:
- Click "Add secret"
Option B: Organization Secret
- Go to your GitHub organization settings
- Navigate to Secrets and variables → Actions
- Click "New organization secret" or edit an existing one
- Add the secret:
- Name:
DOCKER_HUB_TOKEN - Value: Paste your Docker Hub access token
- Name:
- Configure repository access:
- All repositories: Makes it available to all repos in the organization
- Private repositories: Only private repos can access it
- Selected repositories: Choose specific repos (ensure this repository is selected)
- Save the secret
Verification
The workflows that use Docker Hub authentication include:
.github/workflows/docker-publish.yml- Contains two jobs that publish Docker images:buildjob - Builds and publishes the main webhook service imagebuild-claudecodejob - Builds and publishes the Claude Code container image
These workflows reference the token using:
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_HUB_USERNAME }} # Hardcoded as 'cheffromspace' in workflow
password: ${{ secrets.DOCKER_HUB_TOKEN }} # Your secret token
Important: The username (DOCKER_HUB_USERNAME) is defined as an environment variable in the workflow file and is currently set to cheffromspace. Only the DOCKER_HUB_TOKEN needs to be configured as a secret.
Troubleshooting
If you encounter authentication errors:
- Verify the secret name: Ensure it's exactly
DOCKER_HUB_TOKEN(case-sensitive) - Check repository access: If using an organization secret, verify the repository is included in the access list
- Token validity: Ensure the Docker Hub token hasn't expired or been revoked
- Token permissions: Verify the token has "Read & Write" permissions
- Username: The
DOCKER_HUB_USERNAMEis hardcoded in the workflow ascheffromspace. If you need to use a different Docker Hub account, you'll need to modify the workflow file
Security Best Practices
- Use access tokens instead of passwords
- Grant minimal required permissions (Read & Write for pushing images)
- Rotate tokens periodically
- Use organization secrets for multiple repositories to centralize management
- Never commit tokens or credentials to the repository