packages/ and modules under modules/ that carry a Dockerfile and run as containers. Deploy an API walks through building the app module’s image by hand with docker build/docker push; docker:publish automates that across the workspace — save a registry token once, then let one command log in, build each target that has a Dockerfile, tag it, and push it to Docker Hub.
What gets published
Every directory underpackages/ and modules/ is a candidate, but only those that ship a Dockerfile are built — the rest are reported as ignored. The image is tagged <username>/<name>:<tag>, where <name> is the directory name and <username> comes from your saved credentials.
| Source | Location | Built when |
|---|---|---|
| Packages | packages/<name>/ | packages/<name>/Dockerfile exists. |
| Modules | modules/<name>/ | modules/<name>/Dockerfile exists. |
The build context is the target directory and the image is built from its
Dockerfile (docker build .). Make sure that Dockerfile and its
.dockerignore reference paths relative to that directory — see
Deploy an API for the app module’s multi-stage example.Step 1 — Save a Docker token
Publishing authenticates with a Docker access token. Save it once withdocker:credentials:create; the registry, username, and token are written as block-style YAML to ~/.talos/credentials/docker.yml under the default profile and reused by every publish.
docker.io), username, and token (input hidden), or pass them non-interactively for CI:
Step 2 — Publish
With credentials saved, build and push every container in the workspace:package.json version, falling back to latest. Override it explicitly:
Options
| Option | Description | Default |
|---|---|---|
--packages | Comma-separated package names to publish (under packages/). | All packages and modules |
--modules | Comma-separated module names to publish (under modules/). | All packages and modules |
--tag | Image tag to build and push. | package.json version, else latest |
--silent | Suppress log output and the publishing spinner (use in CI). | false |
What the command does
docker:publish runs once up front, then per target:
- Logs in to the registry with
docker login, feeding the saved token through stdin so it never appears in the process arguments. A failed login aborts the whole run. - For each resolved target that ships a
Dockerfile, builds the image withdocker build -t <username>/<name>:<tag> .from the target directory. - Pushes it with
docker push. A build failure skips the push for that target and is reported. - Skips targets with no
Dockerfile— discovered targets are silently counted as ignored; an explicitly named target without one is reported as an error.
N published, M ignored.
For any registry other than
docker.io, the image reference is prefixed with
the registry host (for example ghcr.io/ooneex/gateway:1.2.0), so the same
command targets Docker Hub or a private registry depending on the registry
you saved in Step 1.Publish from CI
The same commands run unattended. Provide the token from a secret and add--silent to keep logs clean:
- GitHub Actions
- Generic CI
.github/workflows/docker.yml
Checklist
- Save the Docker token once with
docker:credentials:create(or inject it via--tokenin CI). - Add a
Dockerfileto each package/module you want containerized — targets without one are skipped. - Let the tag default to the
package.jsonversion, or pass--tagfor a named tag such asedge. - Ensure
dockeris onPATHand the daemon is running before publishing. - In CI, add
--silentand pull the token from a secret store — never commitdocker.yml.
Related
- docker:publish — the publish command and all its options.
- docker:credentials:create — save the Docker registry token.
- Deploy an API — build and run the app module’s container image by hand.
- Publish to npm — ship packages and modules as libraries instead of images.
- Monorepo — how packages and modules are laid out.