resonatehq · dfarr · Sep 17, 2025 · Sep 17, 2025
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,5 +1,5 @@
 # Release workflow is the main workflow that coordinates various GitHub workflows involved in a release of Resonate.
-name: Release Workflow
+name: Release
 
 on:
   release:
@@ -15,6 +15,12 @@ jobs:
   check-version:
     uses: ./.github/workflows/release_check_version.yaml
 
+  publish-dockerhub-image:
+    needs: [check-version]
+    uses: ./.github/workflows/release_publish_dockerhub_image.yaml
+    with:
+      tag: ${{ github.ref_name }}
+
   publish-github-image:
     needs: [check-version]
     uses: ./.github/workflows/release_publish_github_image.yaml
@@ -28,7 +34,8 @@ jobs:
       tag: ${{ github.ref_name }}
 
   verify-github-artifacts:
-    needs: [publish-github-image, publish-github-artifacts]
+    needs:
+      [publish-dockerhub-image, publish-github-image, publish-github-artifacts]
     uses: ./.github/workflows/release_verify_artifacts.yaml
     with:
       tag: ${{ github.ref_name }}
diff --git a/.github/workflows/release_publish_dockerhub_image.yaml b/.github/workflows/release_publish_dockerhub_image.yaml
@@ -0,0 +1,56 @@
+name: Publish DockerHub Image
+
+on:
+  workflow_call:
+    inputs:
+      tag:
+        description: "The tag version to use for the release"
+        required: true
+        type: string
+
+  workflow_dispatch:
+
+env:
+  IMAGE_NAME: resonatehqio/resonate
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ inputs.tag }}
+            type=raw,value=latest
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          provenance: true
+          sbom: true
diff --git a/.github/workflows/release_publish_github_artifacts.yaml b/.github/workflows/release_publish_github_artifacts.yaml
@@ -1,4 +1,4 @@
-name: Publish GitHub Release
+name: Publish GitHub Artifacts
 
 on:
   workflow_call:

diff --git a/.github/workflows/release_publish_github_image.yaml b/.github/workflows/release_publish_github_image.yaml
@@ -1,13 +1,13 @@
-name: Publish GitHub Docker image
+name: Publish GitHub Image
 
 on:
   workflow_call:
     inputs:
       tag:
-        description: 'The tag version to use for the release'
+        description: "The tag version to use for the release"
         required: true
         type: string
-        
+
   workflow_dispatch:
 
 env:
@@ -26,27 +26,18 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v5
 
-      # Add support for more platforms with QEMU
-      # https://github.com/docker/setup-qemu-action
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      # Uses the `docker/login-action` action to log in to the Container registry registry
-      # using the account and password that will publish the packages. Once published, the
-      # packages are scoped to the account defined here.
       - name: Log in to the Container registry
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about)
-      # to extract tags and labels that will be applied to the specified image. The `id` "meta"
-      # allows the output of this step to be referenced in a subsequent step. The `images` value
-      # provides the base name for the tags and labels.
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@v5
@@ -55,12 +46,7 @@ jobs:
           tags: |
             type=raw,value=${{ inputs.tag }}
             type=raw,value=latest
-
-      # This step uses the `docker/build-push-action` action to build the image, based on our
-      # repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
-      # It uses the `context` parameter to define the build's context as the set of files located
-      # in the specified path. It uses the `tags` and `labels` parameters to tag
-      # and label the image with the output from the "meta" step.
+
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:

diff --git a/.github/workflows/release_verify_artifacts.yaml b/.github/workflows/release_verify_artifacts.yaml
@@ -1,4 +1,4 @@
-name: Verify GitHub Artifacts
+name: Verify Images and Artifacts
 
 on:
   workflow_call:
@@ -20,15 +20,26 @@ permissions:
   packages: read
 
 env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
+  DOCKERHUB_IMAGE_NAME: resonatehqio/resonate
+  GITHUB_IMAGE_NAME: ghcr.io/${{ github.repository }}
 
 jobs:
+  verify-dockerhub-image:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Download and test DockerHub image
+        env:
+          TAG: ${{ inputs.tag }}
+        run: |
+          # Pull the test image
+          docker pull ${{ env.DOCKERHUB_IMAGE_NAME }}:"${TAG}"
+
+          # Run the test image
+          docker run --rm ${{ env.DOCKERHUB_IMAGE_NAME }}:"${TAG}" dst run
+
   verify-github-image:
     runs-on: ubuntu-24.04
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v5
       - name: Download and test GHCR image
         env:
           ACTOR: ${{ github.actor }}
@@ -38,10 +49,10 @@ jobs:
           echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${ACTOR}" --password-stdin
 
           # Pull the test image
-          docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:"${TAG}"
+          docker pull ${{ env.GITHUB_IMAGE_NAME }}:"${TAG}"
 
           # Run the test image
-          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:"${TAG}" dst run
+          docker run --rm ${{ env.GITHUB_IMAGE_NAME }}:"${TAG}" dst run
 
   verify-github-release:
     runs-on: ${{ matrix.systems.runner }}
@@ -57,8 +68,6 @@ jobs:
           - file: resonate_darwin_aarch64.tar.gz
             runner: macos-14
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v5
       - name: Download and test GH release
         env:
           REPO: ${{ github.repository }}