Add workflow for building and pushing Docker image

wrightj3 · wrightj3 · commit b12cb2b1a511 · 2025-06-30T14:55:03.000-06:00
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -0,0 +1,60 @@
+name: Docker Publish
+
+on:
+  push:
+    branches: [ github-actions ]
+    tags: [ 'v*' ]
+
+env:
+  GCP_ARTIFACT_HOST: ${{ vars.SHARED_WIF_LOCATON }}-docker.pkg.dev
+  GCP_REGISTRY: ${{ vars.SHARED_WIF_LOCATON }}-docker.pkg.dev/${{ vars.SHARED_WIF_PROJECT }}/${{ vars.SHARED_WIF_REPO }}
+  IMAGE_NAME: portal-public-api-docs
+
+jobs:
+  docker-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Google Auth
+        id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: "${{ vars.SHARED_WIF_PROVIDER }}"
+          service_account: "${{ vars.SHARED_WIF_SERVICE_ACCOUNT }}"
+          token_format: 'access_token'
+  
+      - name: Docker Login
+        uses: 'docker/login-action@v3'
+        with:
+          registry: ${{ env.GCP_ARTIFACT_HOST }}
+          username: 'oauth2accesstoken'
+          password: ${{ steps.auth.outputs.access_token }}
+
+      - name: Docker Buildx Setup
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker Metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.GCP_REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=v-latest
+            type=ref,event=tag
+            type=sha
+          flavor: |
+            latest=false
+
+      - name: Docker Build
+        uses: docker/bake-action@v6
+        with:
+          source: .
+          files: |
+            ./docker-bake.hcl
+            ${{ steps.meta.outputs.bake-file }}
+          push: false
