GitHub Container Registry + Sliplane Setup

Generated: 2025-08-09 UTC
Purpose: Use GitHub Actions to build containers and GitHub Container Registry (ghcr.io) for storage
Benefit: Better CI/CD control, versioning, and security scanning

Overview

Instead of Sliplane building your Docker images, this setup:

GitHub Actions builds the Docker image
GitHub Container Registry stores the image
Sliplane pulls and deploys the pre-built image

Benefits

Better Build Control: Use GitHub's powerful runners
Image Versioning: Tagged releases and rollback capability
Security Scanning: Automatic vulnerability scanning
Build Cache: Faster builds with GitHub Actions cache
Multi-Platform: Can build for multiple architectures
Cost Effective: GitHub Actions free tier is generous

Setup Guide

Step 1: Enable GitHub Container Registry

Go to your GitHub repository
Settings → Actions → General
Under "Workflow permissions":
- Select "Read and write permissions"
- Check "Allow GitHub Actions to create and approve pull requests"
Save

Step 2: Configure Package Visibility

After first build, go to your GitHub profile
Click "Packages" tab
Find your container package
Click on the package
Settings → Danger Zone → Change visibility
Make it public (or configure Sliplane with auth token)

Step 3: Sliplane Configuration

Using Public Images (Simplest)

In Sliplane dashboard:

Select "Docker Hub" as source (works for any registry)

Enter image URL:

ghcr.io/YOUR_GITHUB_USERNAME/YOUR_REPO_NAME:latest

Deploy

Using Private Images

Create a GitHub Personal Access Token:
- GitHub → Settings → Developer settings → Personal access tokens
- Generate new token (classic)
- Select scope: read:packages
- Copy token
In Sliplane:
- Add registry credentials:
  - Registry URL: ghcr.io
  - Username: Your GitHub username
  - Password: Your personal access token

Workflow

Automatic Deployment Flow

graph LR A[Push to GitHub] --> B[GitHub Actions] B --> C[Build Docker Image] C --> D[Push to ghcr.io] D --> E[Webhook to Sliplane] E --> F[Sliplane Pulls Image] F --> G[Deploy Container]

Manual Deployment

Push code to GitHub:
```
git push origin main
```
GitHub Actions automatically:
- Builds Docker image
- Tags with version
- Pushes to ghcr.io
- Runs security scan
In Sliplane:
- Click "Redeploy" to pull latest image
- Or set up webhook for auto-deploy

Image Tagging Strategy

The workflow creates multiple tags:

Push Event	Tags Created
Main branch	`latest`, `main`, `YYYYMMDD-HHmmss`
Feature branch	`feature-branch-name`
Pull request	`pr-123`
Tag `v1.2.3`	`1.2.3`, `1.2`, `latest`

Using Specific Tags in Sliplane

# Latest version (auto-updates)
ghcr.io/username/repo:latest

# Specific branch
ghcr.io/username/repo:main
ghcr.io/username/repo:develop

# Specific version (for production)
ghcr.io/username/repo:1.2.3

# Specific build
ghcr.io/username/repo:20250809-143022

Security

GitHub Actions Secrets

No additional secrets needed! GitHub automatically provides:

GITHUB_TOKEN: For registry authentication
Scoped permissions for packages

Image Scanning

The workflow includes:

Trivy scanning: Checks for vulnerabilities
SARIF upload: Results in Security tab
Build-time scanning: Fails on critical issues

Access Control

For private images:

Keep images private in GitHub
Use personal access token in Sliplane
Rotate tokens regularly

Advanced Configuration

Multi-Architecture Builds

Enable in workflow:

platforms: linux/amd64,linux/arm64

Build Arguments

Pass secrets safely:

build-args: |
  BUILD_DATE=${{ steps.meta.outputs.labels['org.opencontainers.image.created'] }}
  BUILD_VERSION=${{ github.sha }}

Caching

Workflow uses GitHub Actions cache:

cache-from: type=gha
cache-to: type=gha,mode=max

This significantly speeds up builds!

Continuous Deployment

Option 1: Sliplane Webhook

In Sliplane, get webhook URL
In GitHub repository settings:
- Webhooks → Add webhook
- Payload URL: Sliplane webhook
- Content type: application/json
- Events: Package published

Option 2: GitHub Action Trigger

Add to workflow:

- name: Trigger Sliplane Deployment
  run: |
    curl -X POST https://app.sliplane.io/api/webhook/YOUR_WEBHOOK_ID \
      -H "Content-Type: application/json" \
      -d '{"image": "ghcr.io/${{ github.repository }}:latest"}'

Option 3: Scheduled Updates

In Sliplane:

Set up scheduled redeployment
Pulls latest image automatically

Monitoring

Build Status

View in GitHub:

Actions tab → Build and Push workflow
See build times, logs, artifacts

Image Registry

View in GitHub:

Packages tab
See all versions, download stats

Deployment Status

View in Sliplane:

Deployment history
Container logs
Health status

Troubleshooting

Build Fails

Check GitHub Actions logs:

gh run list
gh run view RUN_ID

Image Not Found

Verify image exists:

docker pull ghcr.io/username/repo:latest

Check visibility settings in GitHub Packages.

Sliplane Can't Pull

For private images:

Verify token has read:packages scope
Check token hasn't expired
Test manually:

docker login ghcr.io -u USERNAME -p TOKEN
docker pull ghcr.io/username/repo:latest

Cost Optimization

GitHub Limits (Free Tier)

Actions: 2,000 minutes/month
Storage: 500MB for packages
Bandwidth: 1GB/month

Tips

Use .dockerignore: Reduce build context
Multi-stage builds: Smaller final images
Clean old images: Delete unused versions
Cache efficiently: Reuse layers

Setup Checklist

Enable GitHub Actions in repository
Configure workflow permissions
Push workflow file to .github/workflows/
Run first build
Configure package visibility
Add image URL to Sliplane
Configure credentials (if private)
Test deployment
Set up webhook (optional)
Monitor first production deploy

Resources

Last Updated: 2025-08-09
Platform: GitHub Container Registry + Sliplane