From d8b895a2f1eb3c84dd035999444a327803e2e06d Mon Sep 17 00:00:00 2001
From: Richie Foreman <richie.foreman@gmail.com>
Date: Wed, 24 Sep 2025 13:46:51 -0300
Subject: [PATCH] feat(ci): Push Sandbox images to dockerhub instead of GHCR
 (#9163)

---
 .../push-sandbox/{action.yaml => action.yml}       | 14 ++++++++++----
 .github/workflows/release-sandbox.yml              |  4 +++-
 2 files changed, 13 insertions(+), 5 deletions(-)
 rename .github/actions/push-sandbox/{action.yaml => action.yml} (87%)

diff --git a/.github/actions/push-sandbox/action.yaml b/.github/actions/push-sandbox/action.yml
similarity index 87%
rename from .github/actions/push-sandbox/action.yaml
rename to .github/actions/push-sandbox/action.yml
index 85c705b9ce..704e35e071 100644
--- a/.github/actions/push-sandbox/action.yaml
+++ b/.github/actions/push-sandbox/action.yml
@@ -8,6 +8,12 @@ inputs:
   github-secret:
     description: 'Github secret'
     required: true
+  dockerhub-username:
+    description: 'Dockerhub username'
+    required: true
+  dockerhub-token:
+    description: 'Dockerhub PAT w/ R+W'
+    required: true
   github-sha:
     description: 'Github Commit SHA Hash'
     required: true
@@ -38,9 +44,9 @@ runs:
     - name: 'Log in to GitHub Container Registry'
       uses: 'docker/login-action@v3'
       with:
-        registry: 'ghcr.io'
-        username: '${{ inputs.github-actor }}'
-        password: '${{ inputs.github-secret }}'
+        registry: 'docker.io'
+        username: '${{ inputs.dockerhub-username }}'
+        password: '${{ inputs.dockerhub-token }}'
     - name: 'determine image tag'
       id: 'image_tag'
       shell: 'bash'
@@ -63,7 +69,7 @@ runs:
         GEMINI_SANDBOX: 'docker'
       run: |-
         npm run build:sandbox -- \
-          --image ghcr.io/${{ github.repository}}/sandbox:${{ steps.image_tag.outputs.FINAL_TAG }} \
+          --image google/gemini-cli-sandbox:${{ steps.image_tag.outputs.FINAL_TAG }} \
           --output-file final_image_uri.txt
         echo "uri=$(cat final_image_uri.txt)" >> $GITHUB_OUTPUT
     - name: 'publish'
diff --git a/.github/workflows/release-sandbox.yml b/.github/workflows/release-sandbox.yml
index e0c224e573..5a44bd23c4 100644
--- a/.github/workflows/release-sandbox.yml
+++ b/.github/workflows/release-sandbox.yml
@@ -26,8 +26,10 @@ jobs:
       - name: 'Push'
         uses: './.github/actions/push-sandbox'
         with:
+          dockerhub-username: '${{ secrets.DOCKER_SERVICE_ACCOUNT_NAME }}'
+          dockerhub-token: '${{ secrets.DOCKER_SERVICE_ACCOUNT_KEY }}'
           github-actor: '${{ github.actor }}'
           github-secret: '${{ secrets.GITHUB_TOKEN }}'
-          github-sha: '${{ github.event.inputs.ref || github.sha }}'
+          github-sha: '${{ github.sha }}'
           github-ref-name: '${{github.event.inputs.ref}}'
           dry-run: '${{ github.event.inputs.dry-run }}'