pypi-publish/.github/workflows/build-and-push-docker-image.yml

---

name: 🏗️

on:   # yamllint disable-line rule:truthy
  pull_request:
  push:
    branches: ["release/*", "unstable/*"]
  workflow_dispatch:
    inputs:
      tag:
        description: Docker image tag
        required: true
        type: string

jobs:
  smoke-test:
    uses: ./.github/workflows/reusable-smoke-test.yml
  build-and-push:
    if: github.event_name != 'pull_request'
    runs-on: ubuntu-latest
    needs:
    - smoke-test
    timeout-minutes: 10
    steps:
    - uses: actions/checkout@v4
    - name: Build Docker image
      run: |
        DOCKER_TAG="${DOCKER_TAG/'/'/'-'}"
        DOCKER_TAG_MAJOR=$(echo "$DOCKER_TAG" | cut -d '.' -f 1)
        DOCKER_TAG_MAJOR_MINOR=$(echo "$DOCKER_TAG" | cut -d '.' -f 1-2)
        IMAGE="ghcr.io/$GITHUB_REPOSITORY:${DOCKER_TAG}"
        IMAGE_MAJOR="ghcr.io/$GITHUB_REPOSITORY:${DOCKER_TAG_MAJOR}"
        IMAGE_MAJOR_MINOR="ghcr.io/$GITHUB_REPOSITORY:${DOCKER_TAG_MAJOR_MINOR}"
        IMAGE_SHA="ghcr.io/$GITHUB_REPOSITORY:${GITHUB_SHA}"
        echo "IMAGE=$IMAGE" >>"$GITHUB_ENV"
        echo "IMAGE_MAJOR=$IMAGE_MAJOR" >>"$GITHUB_ENV"
        echo "IMAGE_MAJOR_MINOR=$IMAGE_MAJOR_MINOR" >>"$GITHUB_ENV"
        echo "IMAGE_SHA=$IMAGE_SHA" >>"$GITHUB_ENV"
        docker build . \
          --build-arg BUILDKIT_INLINE_CACHE=1 \
          --cache-from $IMAGE \
          --tag $IMAGE
        docker tag $IMAGE $IMAGE_MAJOR
        docker tag $IMAGE $IMAGE_MAJOR_MINOR
        docker tag $IMAGE $IMAGE_SHA        
      env:
        DOCKER_TAG: ${{ inputs.tag || github.ref_name }}
    - name: Log in to GHCR
      run: >-
        echo ${{ secrets.GITHUB_TOKEN }} |
          docker login ghcr.io -u $GITHUB_ACTOR --password-stdin        
    - name: Push Docker image to GHCR
      run: |
        docker push $IMAGE
        docker push $IMAGE_MAJOR
        docker push $IMAGE_MAJOR_MINOR
        docker push $IMAGE_SHA