HKSingleParty/99_references/cf-identity-wallet-main/.github/workflows/docker-builds.yaml

name: Build and publish docker artifacts

on:
  push:
    branches: [ main, develop ]
    tags:
      - '[0-9]+.[0-9]+.[0-9]+*'
  pull_request:
    types: [ opened, synchronize ]
    paths:
    - 'Earthfile'
    - '.github/workflows/docker-builds.yaml'
    - 'services/credential-server-ui/**'
    - 'services/credential-server/**'
  workflow_dispatch:

env:
  PRIVATE_DOCKER_REGISTRY_URL: ${{ secrets.GITLAB_DOCKER_REGISTRY_URL }}
  PRIVATE_DOCKER_REGISTRY_USER: Deploy-Token
  PRIVATE_DOCKER_REGISTRY_PASS: ${{ secrets.GITLAB_PKG_REGISTRY_TOKEN }}
  DOCKER_PUSH: true

jobs:
  publish:
    permissions:
      contents: read
      packages: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: ⛮ cf-gha-baseline
        uses: cardano-foundation/cf-gha-workflows/./actions/cf-gha-baseline@main
        with:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PRIVATE_DOCKER_REGISTRY_URL: ${{ env.PRIVATE_DOCKER_REGISTRY_URL }}
          PRIVATE_DOCKER_REGISTRY_USER: ${{ env.PRIVATE_DOCKER_REGISTRY_USER }}
          PRIVATE_DOCKER_REGISTRY_PASS: ${{ env.PRIVATE_DOCKER_REGISTRY_PASS }}
          HUB_DOCKER_COM_USER: ${{ secrets.HUB_DOCKER_COM_USER }}
          HUB_DOCKER_COM_PASS: ${{ secrets.HUB_DOCKER_COM_PASS }}
          DOCKER_REGISTRIES: "${{ secrets.DOCKER_REGISTRIES }}"

      - name: Set docker image targets based on path changes from last commit
        id: metadata
        run: |
          if [ ${{github.event_name}} == "pull_request" ]
          then
            GIT_BRANCH_SHORT_COMMIT=$(git rev-parse --short ${{ github.event.pull_request.head.sha }})

            # set earthly docker image targets based on changed paths
            set +e
            DOCKER_IMAGES_TARGETS="$( \
              ( git log --pretty=format:'%h' -n 1 Earthfile | grep -q ${GIT_BRANCH_SHORT_COMMIT} ) && \
              ( git log --patch -n1 Earthfile | grep -q "ARG.*global.*KERIA_GIT" ) && \
              echo idw-keria
            )"
            DOCKER_IMAGES_TARGETS="$DOCKER_IMAGES_TARGETS $( \
                ( git log --pretty=format:'%h' -n 1 Earthfile | grep -q ${GIT_BRANCH_SHORT_COMMIT} ) && \
                ( git log --patch -n1 Earthfile | grep -q "ARG.*global.*KERI_DOCKER" ) && \
                echo idw-witness
            )"
            DOCKER_IMAGES_TARGETS="$DOCKER_IMAGES_TARGETS $( \
                ( git log --pretty=format:'%h' -n 1 services/credential-server | grep -q ${GIT_BRANCH_SHORT_COMMIT} ) && \
                echo cred-issuance
            )"
            DOCKER_IMAGES_TARGETS="$DOCKER_IMAGES_TARGETS $( \
                ( git log --pretty=format:'%h' -n 1 services/credential-server-ui | grep -q ${GIT_BRANCH_SHORT_COMMIT} ) && \
                echo cred-issuance-ui
            )"
            set -e
            STRIPPED_DOCKER_IMAGES_TARGETS=$(echo $DOCKER_IMAGES_TARGETS | tr -s ' ' | sed -e 's|^ ||' -e 's| $||')
            if [ ! -z "${STRIPPED_DOCKER_IMAGES_TARGETS}" ]; then
              echo "DOCKER_IMAGES_TARGETS=${STRIPPED_DOCKER_IMAGES_TARGETS}" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_OUTPUT"
            fi
          fi

      - name: 🌍 earthly (docker build and push)
        run: |
          # For PR builds, we skip any earthly build if there are no changes on any known target-related file, for branch builds, we just build everything
          if [ ${{github.event_name}} == "pull_request" ]
          then
            if [ ! -z "${DOCKER_IMAGES_TARGETS}" ]
            then
              earthly +docker-publish \
              --PUSH=true \
              --DOCKER_REGISTRIES="${{ secrets.DOCKER_REGISTRIES }}" \
              --DOCKER_IMAGES_EXTRA_TAGS="${EARTHLY_DOCKER_IMAGES_EXTRA_TAGS}" \
              --DOCKER_IMAGES_TARGETS="${DOCKER_IMAGES_TARGETS}"
            else
              echo "[+] No changes on any known target-related file, skipping earthly build..."
            fi
          else
            if [ ${{github.event_name}} == "workflow_dispatch" ]; then FORCE_BUILD="--FORCE_BUILD=true"; fi
            earthly +docker-publish \
            ${FORCE_BUILD} \
            --PUSH=true \
            --DOCKER_REGISTRIES="${{ secrets.DOCKER_REGISTRIES }}" \
            --DOCKER_IMAGES_EXTRA_TAGS="${EARTHLY_DOCKER_IMAGES_EXTRA_TAGS}"
          fi