From d6b488d3f4b1e1b8f2400b65e8510a66180e95bf Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 09:02:20 +0200
Subject: [PATCH 01/10] feat: publish standalone docker image

---
 .github/workflows/docker.yml | 42 +++++++++++++++++++++++++++++++-----
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 773a82a846..19e9c975cf 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -4,10 +4,15 @@ on:
   push:
     branches:
       - main
+  workflow_dispatch:
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [amd64,arm64]
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -39,7 +44,14 @@ jobs:
         with:
           driver-opts: 'image=moby/buildkit:v0.11.6'
 
-      - name: Login
+      - name: Login Public
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login Private
         uses: docker/login-action@v3
         with:
           registry: ${{ secrets.DOCKER_REGISTRY }}
@@ -50,9 +62,13 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ secrets.DOCKER_IMAGE }}
-          # generate Docker tags based on the following events/attributes
-          tags: type=sha
+          images: |
+            ghcr.io/zitadel/login
+            ${{ secrets.DOCKER_IMAGE }}
+          tags: |
+            type=edge
+            type=ref
+            type=sha
 
       - name: Install dependencies
         run: pnpm install
@@ -69,8 +85,24 @@ jobs:
         timeout-minutes: 10
         with:
           context: .
+          push: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          platforms: linux/${{ matrix.arch }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          push: true
+          outputs: type=image,name=${{ inputs.build_image_name }},push-by-digest=true,name-canonical=true,push=true
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests/app
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/app/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ matrix.arch }}
+          path: /tmp/digests
+          if-no-files-found: error
+          retention-days: 1

From 54da5db318d4d35c2370646a19d0ada210785a21 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 09:23:40 +0200
Subject: [PATCH 02/10] fix outputs

---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 19e9c975cf..18185e7454 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -91,7 +91,7 @@ jobs:
           platforms: linux/${{ matrix.arch }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          outputs: type=image,name=${{ inputs.build_image_name }},push-by-digest=true,name-canonical=true,push=true
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
 
       - name: Export digest
         run: |

From 6e1fb3ed666b620264921300365c1d28776a6ab5 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 09:25:41 +0200
Subject: [PATCH 03/10] copilot review

---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 18185e7454..3e28b34e9a 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -91,7 +91,7 @@ jobs:
           platforms: linux/${{ matrix.arch }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
+          outputs: type=image,push-by-digest=true,name-canonical=true
 
       - name: Export digest
         run: |

From 15cb84daaab4a77368339a7089e83e7aeec915dd Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 09:31:03 +0200
Subject: [PATCH 04/10] remove arch matrix

---
 .github/workflows/docker.yml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 3e28b34e9a..7d59a1c3ff 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -9,10 +9,6 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [amd64,arm64]
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -88,7 +84,6 @@ jobs:
           push: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          platforms: linux/${{ matrix.arch }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           outputs: type=image,push-by-digest=true,name-canonical=true
@@ -102,7 +97,7 @@ jobs:
       - name: Upload digest
         uses: actions/upload-artifact@v4
         with:
-          name: digests-${{ matrix.arch }}
+          name: digests
           path: /tmp/digests
           if-no-files-found: error
           retention-days: 1

From 08235328508b0e0101f3c9febad5f48ae5b8aee9 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 10:56:39 +0200
Subject: [PATCH 05/10] test workflow

---
 .github/workflows/docker.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 7d59a1c3ff..f28853f2ab 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - publish-image
   workflow_dispatch:
 
 jobs:

From ba3acceb5ae7c78916026c2bd360ab3691ae0311 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 11:21:51 +0200
Subject: [PATCH 06/10] fix ref tag

---
 .github/workflows/docker.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index f28853f2ab..786a1152db 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -64,7 +64,9 @@ jobs:
             ${{ secrets.DOCKER_IMAGE }}
           tags: |
             type=edge
-            type=ref
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
             type=sha
 
       - name: Install dependencies

From c24654c17a1bfbff5e560b3b911091c73e991a42 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 12:32:17 +0200
Subject: [PATCH 07/10] remove proto ref

---
 packages/zitadel-proto/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/zitadel-proto/package.json b/packages/zitadel-proto/package.json
index 7322266c18..50c8342287 100644
--- a/packages/zitadel-proto/package.json
+++ b/packages/zitadel-proto/package.json
@@ -14,7 +14,7 @@
   ],
   "sideEffects": false,
   "scripts": {
-    "generate": "buf generate https://github.com/zitadel/zitadel.git#ref=02617cf17fdde849378c1a6b5254bbfb2745b164 --path ./proto/zitadel",
+    "generate": "buf generate https://github.com/zitadel/zitadel.git --path ./proto/zitadel",
     "clean": "rm -rf zitadel .turbo node_modules google protoc-gen-openapiv2 validate"
   },
   "dependencies": {

From d7c433e989c03ec73cfc110bef8ed811fa036f54 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 12:36:08 +0200
Subject: [PATCH 08/10] write packages permission

---
 .github/workflows/docker.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 786a1152db..670131d94c 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -7,6 +7,9 @@ on:
       - publish-image
   workflow_dispatch:
 
+permissions:
+  packages: write
+
 jobs:
   build:
     runs-on: ubuntu-latest

From 58b91a01f1099bf0d6dbae9d66cf127a870c6ffd Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 12:40:26 +0200
Subject: [PATCH 09/10] no output

---
 .github/workflows/docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 670131d94c..f9fd53f024 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -92,7 +92,6 @@ jobs:
           cache-to: type=gha,mode=max
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          outputs: type=image,push-by-digest=true,name-canonical=true
 
       - name: Export digest
         run: |

From 2aa578dac2e26921ab789bda402ecd6863a30aec Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Apr 2025 12:45:34 +0200
Subject: [PATCH 10/10] cleanup

---
 .github/workflows/docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index f9fd53f024..36c80b399d 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - main
-      - publish-image
   workflow_dispatch:
 
 permissions: