fix(ci): switch to nx container command for builds

- Replace docker/build-push-action with nx container
- Use project's existing nx-container plugin configuration
- Match proven pattern from artifacts.yaml workflow
- Tested locally: checkout Dockerfile builds successfully

Author: dnmll

.github/workflows/build-push-images.yml

@@ -137,45 +137,47 @@ jobs:
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
 
-      - name: Extract metadata
-        id: meta
-        uses: docker/metadata-action@v5
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
         with:
-          images: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REGISTRY_PREFIX }}-${{ matrix.service }}
-          tags: |
-            type=sha,prefix=,format=short
-            type=raw,value=latest,enable={{is_default_branch}}
-            type=raw,value={{date 'YYYYMMDD-HHmmss'}}
-            type=ref,event=pr,prefix=pr-
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: src/${{ matrix.service }}
-          file: src/${{ matrix.service }}/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          node-version: '20'
+          cache: 'yarn'
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Build and push image
+        env:
+          COMMIT_SHA: ${{ github.sha }}
+        run: |
+          SHORT_SHA=$(echo $COMMIT_SHA | cut -c1-7)
+          TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+          REGISTRY="${{ steps.login-ecr.outputs.registry }}"
+          
+          # Build the image
+          yarn nx container ${{ matrix.service }} \
+            --tags ${REGISTRY}/${{ env.ECR_REGISTRY_PREFIX }}-${{ matrix.service }}:${SHORT_SHA} \
+            --tags ${REGISTRY}/${{ env.ECR_REGISTRY_PREFIX }}-${{ matrix.service }}:latest \
+            --tags ${REGISTRY}/${{ env.ECR_REGISTRY_PREFIX }}-${{ matrix.service }}:${TIMESTAMP} \
+            --push=${{ github.event_name != 'pull_request' }}
 
       - name: Scan image for vulnerabilities
         if: github.event_name != 'pull_request'
+        env:
+          COMMIT_SHA: ${{ github.sha }}
         run: |
-          # Extract commit SHA for image tag
-          COMMIT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
+          SHORT_SHA=$(echo $COMMIT_SHA | cut -c1-7)
           
           # Wait for scan to complete
           aws ecr wait image-scan-complete \
             --repository-name ${{ env.ECR_REGISTRY_PREFIX }}-${{ matrix.service }} \
-            --image-id imageTag=${COMMIT_SHA} \
+            --image-id imageTag=${SHORT_SHA} \
             --region ${{ env.AWS_REGION }} || true
 
           # Get scan findings
           SCAN_FINDINGS=$(aws ecr describe-image-scan-findings \
             --repository-name ${{ env.ECR_REGISTRY_PREFIX }}-${{ matrix.service }} \
-            --image-id imageTag=${COMMIT_SHA} \
+            --image-id imageTag=${SHORT_SHA} \
             --region ${{ env.AWS_REGION }} \
             --query 'imageScanFindings.findingSeverityCounts' \
             --output json || echo '{}')