devops/.github/workflows/action-build-and-push.yaml

name: Docker Build & Push to GitHub Container Registry (Use git tags with format vX.Y.Z as release version)

on:
  workflow_call:
    inputs:
      image_name:
        type: string
        required: true
        description: >
          Docker image name without registry and owner.
          Example: observability/alloy

      build_context:
        type: string
        required: false
        default: .
        description: >
          Path to the Docker build context.
          Example: . or ./services/api

      file_path:
        type: string
        required: false
        default: ./Dockerfile
        description: >
          Path to the Dockerfile relative to the repository root.
          Example: ./Dockerfile or ./services/api/Dockerfile

      platforms:
        type: string
        required: false
        default: linux/amd64,linux/arm64
        description: >
          Comma-separated list of target platforms to build.
          Example: linux/amd64,linux/arm64

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU (for cross-arch builds)
        uses: docker/setup-qemu-action@v3
        with:
          platforms: arm64

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Ensure lowercase username because some registries do not allow uppercase letters
        id: lowercase
        run: echo "username=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ steps.lowercase.outputs.username }}/${{ inputs.image_name }}
          tags: |
            type=match,pattern=.*(v\d+\.\d+\.\d+),group=1
            type=match,pattern=.*(v\d+\.\d+)\.\d+,group=1
            type=match,pattern=.*(v\d+)\.\d+\.\d+,group=1

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: ${{ inputs.build_context }}
          file: ${{ inputs.file_path }}
          platforms: ${{ inputs.platforms }}
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}