What is the difference between Docker Hub and GHCR?

Docker Hub is Docker's public registry at docker.io and GHCR is GitHub Container Registry at ghcr.io, tied to your GitHub account or org. GHCR can authenticate with the built-in GITHUB_TOKEN, while Docker Hub needs a username and access token stored as secrets.

Why use Buildx and QEMU?

Buildx is Docker's extended builder that supports multi-platform images, and QEMU emulates other CPU architectures so a single runner can build both amd64 and arm64 images. Together they let you publish one multi-arch tag.

How are image tags generated?

The docker/metadata-action derives tags automatically from Git context — branch name, semver from tags, and the short commit SHA — so each push produces traceable, sensible tags without hand-writing them.

What does GitHub Actions cache do here?

Buildx exports and imports its layer cache to the GitHub Actions cache backend, so unchanged layers are reused across runs. This often cuts image build time dramatically on repeated pushes.

Does this tool push any images?

No. It only generates workflow YAML in your browser from your inputs. The actual build and push happen inside GitHub Actions when the workflow runs in your repository.

GitHub Actions Docker Build & Publish Workflow

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

Publishing a Docker image from CI should be repeatable and multi-architecture. This generator produces a GitHub Actions workflow that configures Docker Buildx, logs into Docker Hub or GHCR, builds with layer caching, and pushes tags derived automatically from your Git context.

How it works

The workflow chains the official Docker actions:

docker/setup-qemu-action enables cross-architecture emulation for multi-platform builds.
docker/setup-buildx-action provisions the Buildx builder.
docker/login-action authenticates to the chosen registry.
docker/metadata-action computes tags and labels from the branch, semver tags, and commit SHA.
docker/build-push-action builds for your selected platforms, pushes the image, and reads/writes the GitHub Actions layer cache.

Tips and notes

For GHCR, the workflow can use the built-in GITHUB_TOKEN; for Docker Hub you must add DOCKERHUB_USERNAME and a DOCKERHUB_TOKEN access token.
Multi-platform builds are slower but produce a single tag that runs on both Intel and ARM hosts.
Layer caching via type=gha makes incremental builds fast; cold builds still pay full cost.
The metadata action’s semver tags only appear when you push a Git tag like v1.2.3.