Merge pull request #611 from cornell-dti/bek76/docker-ci

selenaliu1 · web-flow · commit 48fd1ba345db · 2025-11-02T21:40:51.000-05:00
Push Docker images to ghcr on PR events &amp; deduplicate Docker build logic
diff --git a/.github/workflows/cd-workflow.yml b/.github/workflows/cd-workflow.yml
@@ -6,27 +6,10 @@ on:
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v4
-        with:
-          push: true
-          build-args: |
-            REACT_APP_SERVER_URL=${{ secrets.REACT_APP_SERVER_URL }}
-            REACT_APP_CLIENT_ID=${{ secrets.REACT_APP_CLIENT_ID }}
-            REACT_APP_PUBLIC_VAPID_KEY=${{ secrets.REACT_APP_PUBLIC_VAPID_KEY }}
-            REACT_APP_ENCRYPTION_KEY=${{ secrets.REACT_APP_ENCRYPTION_KEY }}
-          tags: dticarriage/carriage-service:latest
+    uses: ./.github/workflows/docker-build-push.yml
+    with:
+      push: true
+      tags: dticarriage/carriage-service:latest
+      registry: docker.io
+      username: ${{ secrets.DOCKERHUB_USERNAME }}
+      password: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/.github/workflows/ci-container.yml b/.github/workflows/ci-container.yml
@@ -4,9 +4,20 @@ on: pull_request
 
 jobs:
   build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Build Docker image
-        uses: docker/build-push-action@v4
+    permissions:
+      contents: read
+      packages: write
+
+    uses: ./.github/workflows/docker-build-push.yml
+    with:
+      push: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
+      tags: |
+        ghcr.io/${{ github.repository }}/pr-${{ github.event.pull_request.number }}:latest
+        ghcr.io/${{ github.repository }}/pr-${{ github.event.pull_request.number }}:${{ github.sha }}
+      labels: |
+        org.opencontainers.image.source=${{ github.event.pull_request.html_url }}
+        org.opencontainers.image.title=PR-${{ github.event.pull_request.number }}
+        org.opencontainers.image.description=${{ github.event.pull_request.title }}
+      registry: ghcr.io
+      username: ${{ github.actor }}
+      password: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
@@ -0,0 +1,64 @@
+name: Docker Build and Push
+
+on:
+  workflow_call:
+    inputs:
+      push:
+        description: 'Whether to push the image'
+        required: true
+        type: boolean
+      tags:
+        description: 'Image tags to apply'
+        required: true
+        type: string
+      labels:
+        description: 'Optional image labels'
+        required: false
+        default: ''
+        type: string
+      registry:
+        description: 'Registry URL (optional)'
+        required: false
+        type: string
+      username:
+        description: 'Registry password (optional)'
+        required: false
+        type: string
+      password:
+        description: 'Registry password (optional)'
+        required: false
+        type: string
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.registry }}
+          username: ${{ inputs.username }}
+          password: ${{ inputs.password }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          push: ${{ inputs.push }}
+          tags: ${{ inputs.tags }}
+          labels: ${{ inputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            REACT_APP_SERVER_URL=${{ secrets.REACT_APP_SERVER_URL }}
+            REACT_APP_CLIENT_ID=${{ secrets.REACT_APP_CLIENT_ID }}
+            REACT_APP_PUBLIC_VAPID_KEY=${{ secrets.REACT_APP_PUBLIC_VAPID_KEY }}
+            REACT_APP_ENCRYPTION_KEY=${{ secrets.REACT_APP_ENCRYPTION_KEY }}
+            REACT_APP_GOOGLE_MAPS_API_KEY=${{ secrets.REACT_APP_GOOGLE_MAPS_API_KEY }}
+            REACT_APP_GOOGLE_MAPS_MAP_ID=${{ secrets.REACT_APP_GOOGLE_MAPS_MAP_ID }}
