Improve repository and registry parameterization

.github/docker/docker-bake.hcl

@@ -1,5 +1,13 @@
 variable "IMAGE_REPO" {
-  default = "ghcr.io/chaptersix"
+  default = "ghcr.io"
+}
+
+variable "IMAGE_NAMESPACE" {
+  default = ""
+}
+
+variable "IMAGE_NAME" {
+  default = "temporal"
 }
 
 variable "IMAGE_SHA_TAG" {}
@@ -26,10 +34,12 @@ variable "ALPINE_IMAGE" {
 target "cli" {
   dockerfile = ".github/docker/cli.Dockerfile"
   context = "."
+  // Construct full image path (Docker Hub has no registry prefix)
+  _image_path = IMAGE_REPO == "" ? "${IMAGE_NAMESPACE}/${IMAGE_NAME}" : "${IMAGE_REPO}/${IMAGE_NAMESPACE}/${IMAGE_NAME}"
   tags = compact([
-    "${IMAGE_REPO}/temporal-cli:${IMAGE_SHA_TAG}",
-    "${IMAGE_REPO}/temporal-cli:${VERSION}",
-    TAG_LATEST ? "${IMAGE_REPO}/temporal-cli:latest" : "",
+    "${_image_path}:${IMAGE_SHA_TAG}",
+    "${_image_path}:${VERSION}",
+    TAG_LATEST ? "${_image_path}:latest" : "",
   ])
   platforms = ["linux/amd64", "linux/arm64"]
   args = {

.github/workflows/build-and-publish.yml

@@ -11,7 +11,26 @@ on:
         description: "Version tag for the release (required if publish is true)"
         required: false
         type: string
-    secrets: {}
+      registry:
+        description: "Container registry (docker.io, ghcr.io, etc.)"
+        required: false
+        type: string
+        default: ""
+      registry_namespace:
+        description: "Registry namespace/organization"
+        required: false
+        type: string
+        default: ""
+      image_name:
+        description: "Image name"
+        required: false
+        type: string
+        default: "temporal"
+    secrets:
+      DOCKER_USERNAME:
+        required: false
+      DOCKER_PASSWORD:
+        required: false
 
 jobs:
   build:
@@ -80,19 +99,14 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Log in to GitHub Container Registry
-        if: inputs.publish
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Get build metadata
         id: meta
         env:
           INPUT_VERSION: ${{ inputs.version }}
           INPUT_PUBLISH: ${{ inputs.publish }}
+          INPUT_REGISTRY: ${{ inputs.registry }}
+          INPUT_REGISTRY_NAMESPACE: ${{ inputs.registry_namespace }}
+          INPUT_IMAGE_NAME: ${{ inputs.image_name }}
           REPO_OWNER: ${{ github.repository_owner }}
         run: |
           echo "cli_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
@@ -108,13 +122,62 @@ jobs:
             echo "version=snapshot" >> $GITHUB_OUTPUT
           fi
 
-          # Determine image repo based on repository owner
-          if [[ "$REPO_OWNER" == "temporalio" ]]; then
-            echo "image_repo=temporalio" >> $GITHUB_OUTPUT
+          # Determine registry (with auto-detection for temporalio vs forks)
+          REGISTRY="$INPUT_REGISTRY"
+          if [[ -z "$REGISTRY" ]]; then
+            if [[ "$REPO_OWNER" == "temporalio" ]]; then
+              REGISTRY="docker.io"
+            else
+              REGISTRY="ghcr.io"
+            fi
+          fi
+
+          # Determine registry type for authentication
+          if [[ "$REGISTRY" == "ghcr.io" ]]; then
+            echo "registry_type=ghcr" >> $GITHUB_OUTPUT
+          elif [[ "$REGISTRY" == "docker.io" ]]; then
+            echo "registry_type=dockerhub" >> $GITHUB_OUTPUT
           else
-            echo "image_repo=ghcr.io/$REPO_OWNER" >> $GITHUB_OUTPUT
+            echo "registry_type=other" >> $GITHUB_OUTPUT
           fi
 
+          # Set namespace (defaults to repository owner)
+          NAMESPACE="$INPUT_REGISTRY_NAMESPACE"
+          if [[ -z "$NAMESPACE" ]]; then
+            NAMESPACE="$REPO_OWNER"
+          fi
+
+          # Set image name (defaults to 'temporal')
+          IMAGE_NAME="$INPUT_IMAGE_NAME"
+          if [[ -z "$IMAGE_NAME" ]]; then
+            IMAGE_NAME="temporal"
+          fi
+
+          # For Docker Hub, use empty string as registry (special case)
+          if [[ "$REGISTRY" == "docker.io" ]]; then
+            echo "image_repo=" >> $GITHUB_OUTPUT
+          else
+            echo "image_repo=${REGISTRY}" >> $GITHUB_OUTPUT
+          fi
+
+          echo "image_namespace=${NAMESPACE}" >> $GITHUB_OUTPUT
+          echo "image_name=${IMAGE_NAME}" >> $GITHUB_OUTPUT
+
+      - name: Log in to GitHub Container Registry
+        if: inputs.publish && steps.meta.outputs.registry_type == 'ghcr'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to Docker Hub
+        if: inputs.publish && steps.meta.outputs.registry_type == 'dockerhub'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
       - name: Check if release is latest
         if: inputs.publish
         id: check_latest
@@ -144,6 +207,8 @@ jobs:
           VERSION: ${{ steps.meta.outputs.version }}
           TAG_LATEST: ${{ steps.check_latest.outputs.tag_latest }}
           IMAGE_REPO: ${{ steps.meta.outputs.image_repo }}
+          IMAGE_NAMESPACE: ${{ steps.meta.outputs.image_namespace }}
+          IMAGE_NAME: ${{ steps.meta.outputs.image_name }}
 
       - name: Build Docker image
         if: ${{ !inputs.publish }}
@@ -158,6 +223,8 @@ jobs:
           VERSION: ${{ steps.meta.outputs.version }}
           TAG_LATEST: false
           IMAGE_REPO: ${{ steps.meta.outputs.image_repo }}
+          IMAGE_NAMESPACE: ${{ steps.meta.outputs.image_namespace }}
+          IMAGE_NAME: ${{ steps.meta.outputs.image_name }}
 
       - name: Upload build artifacts
         if: ${{ !inputs.publish }}

.github/workflows/goreleaser.yml

@@ -15,3 +15,6 @@ jobs:
     with:
       publish: true
       version: ${{ github.ref_name }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}