DockerHub publishing

This page explains how to build and publish the NFZ Docs Builder DockerHub images, with self-hosting as the current priority.

Main images

Usage	Image	Priority tag
Self-hosting	vevedh/nfz-docs-notion-editor	selfhost-0.1.108
Community	vevedh/nfz-docs-builder	community-0.1.108
Studio	vevedh/nfz-docs-builder	studio-0.1.108
Pro	vevedh/nfz-docs-builder	pro-0.1.108
Enterprise	vevedh/nfz-docs-builder	enterprise-0.1.108

Prepare DockerHub

Log in with a DockerHub token:

export DOCKERHUB_NAMESPACE=vevedh
docker login

In GitHub Actions, configure these secrets:

DOCKERHUB_USERNAME
DOCKERHUB_TOKEN

Preview the publishing plan

bun run dockerhub:plan

This command does not build or push anything. It only displays the planned tags.

Build the self-host image locally

bun run dockerhub:build:selfhost

Produced image:

vevedh/nfz-docs-notion-editor:selfhost-0.1.108

Publish the self-hosting image

bun run dockerhub:publish:selfhost

Published tags:

vevedh/nfz-docs-notion-editor:selfhost-0.1.108
vevedh/nfz-docs-notion-editor:selfhost-latest

Publish commercial images

Community only:

bun run dockerhub:publish:community

All commercial editions:

bun run dockerhub:publish:editions

Full release, self-host plus editions:

bun run dockerhub:publish:all

GitHub Actions publishing

The .github/workflows/publish-dockerhub.yml workflow exposes three important inputs:

Input	Recommended value
target	selfhost for the current priority
image_tag	0.1.108
push_latest	true after validation

The workflow uses the same canonical script as local publishing:

node scripts/dockerhub-publish.mjs

Validate before publishing

bun run diagnose:dockerhub-publishing
bun run verify:selfhost

Validate after publishing

docker pull vevedh/nfz-docs-notion-editor:selfhost-0.1.108
docker run --rm -p 3000:3000 vevedh/nfz-docs-notion-editor:selfhost-0.1.108

Endpoints to check:

http://localhost:3000/api/health
http://localhost:3000/admin/selfhost
http://localhost:3000/admin/license

Security

DockerHub images must not contain license keys, real MongoDB secrets, or publishing tokens. Secrets must be injected through Docker Compose, Portainer, GitHub Actions, or Docker secrets.

Correctif 0.1.108 — Secrets DockerHub obligatoires uniquement en publication

Le workflow DockerHub distingue désormais deux modes :

Mode	Déclenchement	DockerHub login	Usage
Build-only	push sur main ou exécution manuelle avec publish=false	non	vérifier que l’image se construit sans publier
Publish	tag v*.*.* ou exécution manuelle avec publish=true	oui	pousser les tags DockerHub

L’erreur Username and password required signifie que les secrets GitHub Actions n’étaient pas configurés. Pour publier, créer un token DockerHub puis ajouter ces secrets dans le dépôt GitHub :

Settings -> Secrets and variables -> Actions -> New repository secret
DOCKERHUB_USERNAME=<identifiant DockerHub>
DOCKERHUB_TOKEN=<access token DockerHub>

Utiliser un Access Token DockerHub plutôt que le mot de passe du compte.

Pour un test sans publication :

bun run diagnose:dockerhub-publishing
bun run dockerhub:plan

Pour publier l’image self-host prioritaire depuis GitHub Actions :

1. ouvrir Actions -> Build and publish DockerHub images ;
2. cliquer Run workflow ;
3. target=selfhost ;
4. image_tag=0.1.108 ;
5. publish=true ;
6. push_latest=true.

Tags attendus :

vevedh/nfz-docs-notion-editor:selfhost-0.1.108
vevedh/nfz-docs-notion-editor:selfhost-latest

Reprise après publication self-host réussie

Si dockerhub:publish:all a déjà publié l'image self-host mais échoue ensuite sur les images commerciales, relancer uniquement :

bun run dockerhub:publish:commercial

Le Dockerfile.production utilise l'utilisateur non-root bun fourni par oven/bun:*‑slim; ne pas réintroduire addgroup/adduser dans cette image.