A AisOpsFlow Enterprise Docs Official product documentation and user manual

image-distribution

Enterprise Image Distribution

This repository is the private product repository for AisOpsFlow.

Images

Public compiled images published from this repository:

  • ghcr.io/<org>/aisopsflow-core
  • ghcr.io/<org>/aisopsflow-runner
  • ghcr.io/<org>/aisopsflow-console

Commercial images published from this repository:

  • ghcr.io/<org>/aisopsflow-core-commercial
  • ghcr.io/<org>/aisopsflow-runner-commercial
  • ghcr.io/<org>/aisopsflow-console-commercial

No plugin images are published from this repository.

Source of truth

  • core/Dockerfile builds the Core image
  • runner/Dockerfile builds the Runner image
  • console/Dockerfile builds the Console image
  • GitHub Actions in .github/workflows/publish-images.yml publishes both public and commercial images to GHCR
  • scripts/validate-runtime-images.sh verifies that runtime images contain only runtime assets, not Haskell source/build metadata

Release model

Recommended triggers:

  • push tags like core-v1.2.3 and runner-v1.2.3 for component-specific releases
  • push tags like console-v1.2.3 for console-only releases
  • push tags like release-v1.2.3 for coordinated full releases
  • manual workflow_dispatch for explicit version and latest operations without creating Git tags

Recommended tags on GHCR:

  • Core component release:
    • input tag: core-v1.2.3
    • published tags: 1.2.3, git sha
  • Runner component release:
    • input tag: runner-v1.2.3
    • published tags: 1.2.3, git sha
  • Console component release:
    • input tag: console-v1.2.3
    • published tags: 1.2.3, git sha
  • Coordinated release:
    • input tag: release-v1.2.3
    • published tags on all images: 1.2.3, git sha, latest
  • Manual dispatch:
    • inputs: channel, component, optional version, optional publish_latest=true
    • published tags: always git sha, plus the explicit version and latest when requested

Rules:

  • Git tag driven latest is emitted only for release-v*
  • manual workflow_dispatch may also emit latest when publish_latest=true
  • consumers should pin by digest in production

Public and commercial distribution

Public image channel:

  • workflow: .github/workflows/publish-images.yml
  • packages:
    • ghcr.io/<org>/aisopsflow-core
    • ghcr.io/<org>/aisopsflow-runner
    • ghcr.io/<org>/aisopsflow-console
  • visibility: public
  • public quickstart compose files should reference only these image names

Commercial image channel:

  • workflow: .github/workflows/publish-images.yml
  • packages:
    • ghcr.io/<org>/aisopsflow-core-commercial
    • ghcr.io/<org>/aisopsflow-runner-commercial
    • ghcr.io/<org>/aisopsflow-console-commercial
  • visibility: private
  • commercial deployment assets should reference only these image names

Feature boundary guidance is documented in docs/content/product/commercial-tiering.md.

Registry permissions

  • repository remains private
  • GHCR packages remain private
  • customers receive pull credentials only for the commercial images they actually use

Public repo boundary

These concerns stay out of this repository’s publish path:

  • public plugin SDK docs and helpers
  • public plugin catalog manifests
  • community plugin images

Those belong in the public aisopsflow-plugin-sdk and aisopsflow-plugin-catalog repositories.

For GitHub repository settings, package visibility, and release operator checks, see docs/content/reference/operations/ghcr-operations-checklist.md.