From e400c692870baeefb2bbb161e06d7b55d25631fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Gr=C3=BCner?=
 <47506558+MegaRedHand@users.noreply.github.com>
Date: Mon, 9 Mar 2026 18:12:30 -0300
Subject: [PATCH] ci: add docker publish workflow

---
 .github/workflows/docker_publish.yaml | 101 ++++++++++++++++++++++++++
 1 file changed, 101 insertions(+)
 create mode 100644 .github/workflows/docker_publish.yaml

diff --git a/.github/workflows/docker_publish.yaml b/.github/workflows/docker_publish.yaml
new file mode 100644
index 000000000..25fcc83f9
--- /dev/null
+++ b/.github/workflows/docker_publish.yaml
@@ -0,0 +1,101 @@
+name: Publish Docker Image
+
+on:
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: "Docker image tags, comma-separated (e.g., latest,v0.1.0)"
+        required: false
+        default: "latest"
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-image:
+    name: Build Docker image (${{ matrix.arch }})
+    strategy:
+      matrix:
+        include:
+          - runner: ubuntu-latest
+            arch: amd64
+          - runner: ubuntu-22.04-arm
+            arch: arm64
+    runs-on: ${{ matrix.runner }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Prepare tags
+        id: prep
+        run: |
+          TAGS=""
+          IFS=',' read -ra TAG_ARRAY <<< "${{ inputs.tags }}"
+          for t in "${TAG_ARRAY[@]}"; do
+            TAGS="${TAGS}${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${t}-${{ matrix.arch }},"
+          done
+          TAGS="${TAGS%,}"
+          echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.prep.outputs.tags }}
+          platforms: linux/${{ matrix.arch }}
+          cache-from: type=gha,scope=${{ matrix.arch }}
+          cache-to: type=gha,scope=${{ matrix.arch }},mode=max
+
+  publish-manifest:
+    name: Create and push multi-arch manifest
+    runs-on: ubuntu-latest
+    needs: build-image
+
+    steps:
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create multi-arch manifests
+        env:
+          SHORT_SHA: ${{ github.sha }}
+        run: |
+          IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
+          IFS=',' read -ra TAG_ARRAY <<< "${{ inputs.tags }}"
+          FIRST_TAG="${TAG_ARRAY[0]}"
+
+          # Create manifest for first tag with SHA tag
+          docker buildx imagetools create \
+            -t "${IMAGE}:${FIRST_TAG}" \
+            -t "${IMAGE}:sha-${SHORT_SHA::7}" \
+            "${IMAGE}:${FIRST_TAG}-amd64" \
+            "${IMAGE}:${FIRST_TAG}-arm64"
+
+          # Create manifests for remaining tags
+          for t in "${TAG_ARRAY[@]:1}"; do
+            docker buildx imagetools create \
+              -t "${IMAGE}:${t}" \
+              "${IMAGE}:${t}-amd64" \
+              "${IMAGE}:${t}-arm64"
+          done