minihass/.github/workflows/container-build.yml

name: Build and Push Docker Image

on:
  workflow_dispatch:
  push:
    branches:
      - main
    paths:
      - 'app.py'
      - 'Dockerfile'
      - 'requirements.txt'
      - 'docker-compose.yml'

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Create multi-arch Dockerfile
        run: |
          cat > Dockerfile <<EOF
          FROM --platform=\$BUILDPLATFORM python:3.11-slim as builder

          WORKDIR /app
          COPY requirements.txt .
          RUN pip install --no-cache-dir -r requirements.txt

          FROM python:3.11-slim
          WORKDIR /app
          COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
          COPY --from=builder /usr/local/bin /usr/local/bin
          COPY . .

          CMD ["python", "app.py"]
          EOF

      - name: Build and push multi-arch Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            ghcr.io/${{ github.repository }}:latest
            ghcr.io/${{ github.repository }}:${{ github.sha }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          provenance: false
          sbom: false