zitadel/.github/workflows/docker.yml

name: Docker

on:
  push:
    branches:
      - main
  workflow_dispatch:

permissions:
  packages: write

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
        uses: actions/checkout@v4
        with:
          fetch-depth: 2

      - name: Install pnpm
        uses: pnpm/action-setup@v4

      - name: Cache turbo build setup
        uses: actions/cache@v4
        with:
          path: .turbo
          key: ${{ runner.os }}-turbo-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-turbo-

      - name: Setup Node.js environment
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: 'pnpm'

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver-opts: 'image=moby/buildkit:v0.11.6'

      - name: Login Public
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Login Private
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
          password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/zitadel/login
            ${{ secrets.DOCKER_IMAGE }}
          tags: |
            type=edge
            type=ref,event=branch
            type=ref,event=tag
            type=ref,event=pr
            type=sha

      - name: Install dependencies
        run: pnpm install

      - name: Generate stubs
        run: pnpm generate

      - name: Build for Docker
        run: NEXT_PUBLIC_BASE_PATH=/ui/v2/login pnpm build:docker

      - name: Build and Push Image
        id: build
        uses: docker/build-push-action@v5
        timeout-minutes: 10
        with:
          context: .
          push: true
          platforms: linux/amd64,linux/arm64
          cache-from: type=gha
          cache-to: type=gha,mode=max
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

      - name: Export digest
        run: |
          mkdir -p /tmp/digests/app
          digest="${{ steps.build.outputs.digest }}"
          touch "/tmp/digests/app/${digest#sha256:}"

      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests
          path: /tmp/digests
          if-no-files-found: error
          retention-days: 1