Docker Build and Push #10

	name: Docker Build and Push
	on:
	push:
	tags:
	- "*"
	workflow_run:
	workflows:
	- "Tag OpenClaw Version On Merge"
	types:
	- completed

	jobs:
	build:
	if: github.event_name == 'push' \|\| github.event.workflow_run.conclusion == 'success'
	name: Build and push to GitHub Container Registry
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	steps:
	- name: Checkout (workflow_run)
	if: github.event_name == 'workflow_run'
	uses: actions/checkout@v4
	with:
	ref: ${{ github.event.workflow_run.head_sha }}
	fetch-depth: 0

	- name: Checkout (push tag)
	if: github.event_name == 'push'
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set TAG from workflow_run commit
	if: github.event_name == 'workflow_run'
	shell: bash
	run: \|
	set -euo pipefail
	tag=$(grep -oE 'openclaw@[0-9]+(\.[0-9]+)*' Dockerfile \| head -n1 \| cut -d'@' -f2)
	echo "TAG=${tag}" >> "$GITHUB_ENV"

	- name: Set TAG from pushed ref
	if: github.event_name == 'push'
	shell: bash
	run: \|
	set -euo pipefail
	echo "TAG=${GITHUB_REF_NAME}" >> "$GITHUB_ENV"

	- name: Login to GitHub Container Registry
	run: echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u "${{ github.repository_owner }}" --password-stdin

	- name: Setup QEMU with credential support (fixes sudo in cross-arch builds)
	run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes --credential yes

	- name: Setup Docker buildx
	run: docker buildx create --use

	- name: Run Docker buildx
	run: \|
	docker buildx build \
	--platform linux/amd64,linux/arm64 \
	--tag ghcr.io/${{ github.repository }}:${{ env.TAG }} \
	--push .

Provide feedback