name: Publish Docker Images on: push: branches: - main - develop tags: - 'v*.*.*' pull_request: types: [opened, synchronize, reopened] env: DOCKER_REGISTRY: labs.phundrak.com # Override in repository settings if needed IMAGE_NAME: phundrak/phundrak-dot-com-backend jobs: build-and-publish: runs-on: ubuntu-latest permissions: contents: read packages: write # Required for pushing to Phundrak Labs registry pull-requests: read steps: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix uses: cachix/install-nix-action@v27 with: nix_path: nixpkgs=channel:nixos-unstable - name: Setup Cachix uses: cachix/cachix-action@v15 with: name: devenv authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' skipPush: true - name: Build Docker image with Nix run: | echo "Building Docker image..." nix build .#backendDockerLatest --print-build-logs - name: Load Docker image run: | echo "Loading Docker image into Docker daemon..." docker load < result - name: Log in to Docker Registry run: | echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin - name: Determine tags and push images run: | set -euo pipefail REGISTRY="${{ env.DOCKER_REGISTRY }}" IMAGE_NAME="${{ env.IMAGE_NAME }}" # The locally built image from Nix LOCAL_IMAGE="localhost/phundrak/backend-rust:latest" echo "Event: ${{ github.event_name }}" echo "Ref: ${{ github.ref }}" echo "Ref type: ${{ github.ref_type }}" # Determine which tags to push based on the event if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then # Tag push on main branch → publish 'latest' and versioned tag echo "Tag push detected" TAG_VERSION="${{ github.ref_name }}" # Remove 'v' prefix if present (v1.0.0 → 1.0.0) TAG_VERSION="${TAG_VERSION#v}" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest" docker push "${REGISTRY}/${IMAGE_NAME}:latest" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}" docker push "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}" elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/develop" ]]; then # Push on develop branch → publish 'develop' tag echo "Push to develop branch detected" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:develop" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:develop" docker push "${REGISTRY}/${IMAGE_NAME}:develop" elif [[ "${{ github.event_name }}" == "pull_request" ]]; then # Pull request → publish 'pr' tag echo "Pull request detected" PR_NUMBER="${{ github.event.pull_request.number }}" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}" docker push "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}" elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then # Push to main branch (not a tag) → publish 'latest' echo "Push to main branch detected" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest" docker push "${REGISTRY}/${IMAGE_NAME}:latest" else echo "Unknown event or ref, skipping push" exit 1 fi - name: Log out from Docker Registry if: always() run: docker logout ${{ env.DOCKER_REGISTRY }} - name: Image published successfully run: | echo "✅ Docker image(s) published successfully to ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}"