name: Release Image on: push: branches: [main] workflow_dispatch: inputs: image_tag: description: Optional tag override, defaults to sha- required: false type: string permissions: contents: read jobs: build-and-push: name: Build And Push Images runs-on: ubuntu-latest timeout-minutes: 30 steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx run: docker buildx create --use --name ci-builder 2>/dev/null || true - name: Login to GHCR # Requires Gitea secrets: GHCR_USERNAME (GitHub username) and # GHCR_TOKEN (GitHub PAT with write:packages scope) run: | echo "${{ secrets.GHCR_TOKEN }}" | \ docker login ghcr.io -u "${{ secrets.GHCR_USERNAME }}" --password-stdin - id: vars name: Compute image refs run: | owner="$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" repo="$(basename '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')" image_tag="${{ inputs.image_tag }}" if [ -z "${image_tag}" ]; then image_tag="sha-${GITHUB_SHA}" fi echo "app_image=ghcr.io/${owner}/${repo}-app:${image_tag}" >> "$GITHUB_OUTPUT" echo "migrator_image=ghcr.io/${owner}/${repo}-migrator:${image_tag}" >> "$GITHUB_OUTPUT" # Guardrail anchor: target: runner - name: Build and push app image uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile.prod target: runner push: true tags: ${{ steps.vars.outputs.app_image }} cache-from: type=gha,scope=app cache-to: type=gha,mode=max,scope=app # Guardrail anchor: target: migrator - name: Build and push migrator image uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile.prod target: migrator push: true tags: ${{ steps.vars.outputs.migrator_image }} cache-from: type=gha,scope=migrator cache-to: type=gha,mode=max,scope=migrator - name: Release summary run: | echo "App image: ${{ steps.vars.outputs.app_image }}" echo "Migrator image: ${{ steps.vars.outputs.migrator_image }}"