ci: default GHCR namespace to github.repository_owner

.github/workflows/build-images.yml

@@ -59,7 +59,9 @@ permissions:
 
 env:
   REGISTRY: ghcr.io
-  ORG: cloud-neutral-toolkit
+  # ✅ 不硬编码：默认推到 ghcr.io/<当前仓库 owner>/...
+  ORG: ${{ github.repository_owner }}
+
   SKIP_SECURITY: ${{ inputs.skip_security || github.event.inputs.skip_security || 'false' }}
 
   NODE_BUILDER_IMAGE: ${{ inputs.node_builder_image || github.event.inputs.node_builder_image || 'node:22-bookworm' }}
@@ -102,7 +104,6 @@ jobs:
       - name: Clone knowledge content
         run: git clone https://github.com/Cloud-Neutral-Workshop/knowledge.git knowledge
 
-      # ✅ 关键修正：每个矩阵 job 只 build 自己的平台，push 到“临时 tag”
       - name: Build Service Image (per-arch)
         id: build
         uses: docker/build-push-action@v6
@@ -111,7 +112,6 @@ jobs:
           file: ${{ matrix.service.dockerfile }}
           platforms: ${{ matrix.arch.platform }}
           push: ${{ env.PUSH_IMAGES }}
-          # 临时 tag：避免并行 job 抢同一个 tag/manifest
           tags: |
             ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.name }}:build-${{ github.sha }}-${{ matrix.arch.artifact }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -156,7 +156,6 @@ jobs:
           set -euo pipefail
           echo "IMAGE_DIGEST=$(cat digest-${{ matrix.service.name }}-${{ matrix.arch.artifact }}.txt)" >> "$GITHUB_ENV"
 
-      # ✅ 扫描/签名的对象：临时 tag + digest（确保指向该 arch 的镜像）
       - name: Set image ref
         run: |
           set -euo pipefail
@@ -208,7 +207,6 @@ jobs:
 
       - uses: docker/setup-buildx-action@v3
 
-      # 两个 arch digest 都要
       - uses: actions/download-artifact@v4
         with:
           name: digest-dashboard-linux-amd64
@@ -232,11 +230,10 @@ jobs:
       - uses: docker/login-action@v3
         if: matrix.registry == 'ghcr.io'
         with:
-          registry: ${{ env.REGISTRY }}
+          registry: ${{ matrix.registry }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # ✅ 关键修正：合并 manifest list，生成最终 tags（multi-arch）
       - name: Create & Push Multi-Arch Manifests (GHCR)
         if: matrix.registry == 'ghcr.io'
         run: |
@@ -252,8 +249,6 @@ jobs:
             docker buildx imagetools create -t "$TAG" "$SRC_AMD" "$SRC_ARM"
           done
 
-          # 取一个最终 tag 的 manifest digest，供后续验证/复制
-          # 选 tags 列表里的第一个
           TAG1="$(echo "${{ steps.meta.outputs.tags }}" | tr ',' '\n' | head -n 1)"
           DIGEST="$(docker buildx imagetools inspect "$TAG1" --format '{{.Digest}}')"
           echo "MANIFEST_DIGEST=$DIGEST" >> "$GITHUB_ENV"
@@ -282,7 +277,6 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      # ✅ 关键修正：用 skopeo 把 GHCR 的 multi-arch 镜像“原样复制”到 Docker Hub（不重建）
       - name: Copy Multi-Arch Image to Docker Hub (skopeo)
         if: matrix.registry == 'docker.io'
         env:
@@ -296,7 +290,6 @@ jobs:
           SRC="docker://ghcr.io/${{ env.ORG }}/dashboard@${{ env.MANIFEST_DIGEST }}"
           DST="docker://docker.io/${TARGET_NS}/dashboard:latest"
 
-          # skopeo 使用独立登录（更稳定）
           skopeo login ghcr.io -u "${{ github.actor }}" -p "${{ secrets.GITHUB_TOKEN }}"
           skopeo login docker.io -u "${{ secrets.DOCKERHUB_USERNAME }}" -p "${{ secrets.DOCKERHUB_TOKEN }}"