fix(docker): Add image template var and strict template validation

[BYK]

Summary

Fixes two issues when publishing Docker images and adds a third improvement for better error handling:

1. Fix misleading "No credentials" debug message

When source and target registries are the same (e.g., both ghcr.io), the debug message "No credentials for source registry ghcr.io, assuming public" was shown even though credentials were available and login succeeded. Now we skip this message when the registries match since target login covers both.

2. Add {{{image}}} template variable support

Users can now use {{{image}}} in their format strings, which is more intuitive when defining formats inside source/target blocks:

target:
  image: ghcr.io/getsentry/spotlight
  format: "{{{image}}}:latest"

3. Strict template variable validation

renderTemplateSafe now throws a ConfigurationError with a helpful message when an unknown template variable is used, instead of silently rendering an empty string:

ConfigurationError: Unknown template variable(s): typo. Available variables: image, source, target, version

This would have caught the original issue immediately rather than producing an invalid Docker reference like :latest.

[github-actions]

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

Bug Fixes 🐛

Docker

• Add image template var and strict template validation by BYK in #713

• Add GITHUB_API_TOKEN and x-access-token fallbacks for ghcr.io by BYK in #710

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

PR Preview Action v1.8.0
Preview removed because the pull request was closed.
2026-01-13 15:23 UTC