The chart referenced registry.gitlab.com/bigbodycobain/shadowbroker/{backend,frontend}:latest
as the primary image source, but two things made that path effectively
broken for new K8s installs:
1. No .gitlab-ci.yml has ever existed in this repo, so the GitLab
registry was never populated by automated builds. Any images there
would be stale or manually pushed.
2. The GitLab registry returns HTTP 401 on anonymous pulls, so even
if images existed, Helm-managed deployments without registry
credentials would fail.
GHCR, by contrast, is auto-built and pushed on every merge to main by
.github/workflows/docker-publish.yml, and ghcr.io allows anonymous pulls
for public images. It's also the registry that docker-compose.yml has
been using as primary all along, so this brings the Helm install path
to parity with the Docker Compose install path.
After this change:
- ghcr.io/bigbodycobain/shadowbroker-backend:latest <- now in chart
- ghcr.io/bigbodycobain/shadowbroker-frontend:latest <- now in chart
GitLab is preserved in the comments as a documented fallback for
operators who run private mirrors with their own CI.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
GHCR requires authentication even for public packages on some systems.
CI now pushes to both GHCR and Docker Hub. docker-compose.yml and Helm
chart point to Docker Hub where anonymous pulls always work. Build
directives kept as fallback for source-based builds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shadowbroker