name: Build and Publish # Trigger on push to main branch or version tags (v*) # Runs CI checks first, then builds and publishes to ATCR if checks pass on: push: branches: - main tags: - 'v*' jobs: # Run CI checks first ci: uses: ./.github/workflows/ci.yml # Only publish if CI passes publish: name: Build and Push Docker Image needs: ci runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 # Set up Docker Buildx for advanced build features # Enables BuildKit and layer caching - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 # Authenticate to AT Container Registry # Needs secrets configured - name: Log in to AT Container Registry uses: docker/login-action@v3 with: registry: atcr.io username: ${{ secrets.TANGLED_HANDLE }} password: ${{ secrets.APP_PASSWORD }} # Extract metadata for Docker tags and labels # Automatically generates appropriate tags based on trigger: # - Push to main: latest + main- # - Push tag v1.2.3: v1.2.3 + 1.2 + latest - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: images: atcr.io/malpercio.dev/atbb tags: | # Tag with branch name (main) type=ref,event=branch # Tag with full semantic version (v1.2.3 → 1.2.3) type=semver,pattern={{version}} # Tag with major.minor version (v1.2.3 → 1.2) type=semver,pattern={{major}}.{{minor}} # Tag with git SHA for main branch (main-abc123) type=sha,prefix=main-,format=short # Tag as latest for default branch (main) type=raw,value=latest,enable={{is_default_branch}} # Build multi-stage Dockerfile and push to ATCR # Uses GitHub Actions cache for faster builds - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} # Use GitHub Actions cache for BuildKit layers # Dramatically speeds up subsequent builds cache-from: type=gha cache-to: type=gha,mode=max