ADD image push for feature branch builds

Author: davidjeddy

.github/workflows/build-and-push.yml

@@ -1,16 +1,43 @@
 name: Build and Push to DockerHub
 
-on:
-  release:
-    types: [published]
+on: push
 
 env:
-  REGISTRY: docker.io
+  COMMIT_SHA: ${{ git rev-parse HEAD }}
   IMAGE_NAME: appwrite/base
+  REGISTRY: docker.io
   TAG: ${{ github.event.release.tag_name }}
 
 jobs:
-  build:
+  build_sha:
+    if: github.ref != 'refs/heads/main'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v6.0.2
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.COMMIT_SHA }}
+
+  build_release:
+    if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repo

.github/workflows/test.yml …ithub/workflows/container-structure-.yml.github/workflows/test.yml renamed to .github/workflows/container-structure-.yml .github/workflows/test.yml renamed to .github/workflows/container-structure-.yml

@@ -14,7 +14,7 @@ jobs:
       - name: Checkout the repo
         uses: actions/checkout@v6.0.2
 
-      - name: Setup container structure test
+      - name: Setup container-structure-test
         run: |
           curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
           chmod +x container-structure-test-linux-amd64

.github/workflows/pr-scan.yml .github/workflows/scheduled-trivy.yml.github/workflows/pr-scan.yml renamed to .github/workflows/scheduled-trivy.yml

@@ -1,6 +1,13 @@
-name: PR Security Scan
+name: trivy
 
-on: push
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '43 11 * * 6'
 
 permissions:
   contents: read

.github/workflows/trivy.yml

@@ -1,18 +1,6 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+name: Trivy Scan
 
-name: trivy
-
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main" ]
-  schedule:
-    - cron: '43 11 * * 6'
+on: push
 
 permissions:
   contents: read

CHANGES.md

@@ -7,7 +7,7 @@
 * .dockerignore
 * .github/workflows/pr-scan.yml to scan all commit pushes for vulnerabilities
 * base_image and php_build_date to containber labels
-* CHANGELOG.md
+* container image build action to publish image using commit sha
 
 ### Change
 

TODO.md

@@ -1,12 +1,12 @@
 # TODO
 
 - [add dive analysis to project](https://github.com/marketplace/actions/dive-action)
-- install gd and run stage should be separate
-- xdebug should not be in a production image
+- audit system packages in Dockerfile -> final
 - can we get pre-compiled extensions *.so
-- xdebug as separate image `appwrite-XYZ-xdebug`
-- use Swoole base image
+- can we merge checkout, login, setup qemu, setup buildx in build-and-push.yml
+- capture build logs via ` | tee "build-$(date +%s).log"`
 - changelog aligning with appwrite/appwrite
 - DOCKER_BUILDKIT=1 + buildx to parallel build the PHP extensions
-- audit system packages in Dockerfile -> final
-- capture build logs via ` | tee "build-$(date +%s).log"`
+- install gd and run stage should be separate
+- use Swoole base image
+- xdebug as separate image `appwrite/base-xdebug`