feat: GHA for deploying docker images to GAR on dev push

.github/workflows/docker_build_deploy_dev.yml

@@ -0,0 +1,89 @@
+name: Build Docker image for dev and publish to GAR
+
+permissions: {}
+
+on:
+  push:
+    branches:
+      - dev
+
+jobs:
+  build_and_push_to_gar:
+    # Define permissions at the job level
+    permissions:
+      contents: "read" # Needed for checkout
+      id-token: "write" # Needed for GCP auth
+      packages: "none" # Explicitly disable package permissions
+    name: Build and Push Docker image to GAR
+    runs-on: ubuntu-latest
+    environment: build
+    env:
+      GAR_IMAGE_BASE: ${{ vars.GAR_REPO }}/${{ github.event.repository.name }} # Base name for GAR image
+      GAR_REGISTRY: us-docker.pkg.dev
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: Authenticate to Google Cloud
+        id: gcp-auth
+        uses: google-github-actions/auth@v3
+        with:
+          token_format: access_token
+          workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ vars.GCP_GAR_SERVICE_ACCOUNT }}
+
+      - name: Login to Artifact Registry
+        id: gar-login
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GAR_REGISTRY }}
+          username: oauth2accesstoken
+          password: ${{ steps.gcp-auth.outputs.access_token }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          # Only generate the image name for GAR
+          images: ${{ env.GAR_IMAGE_BASE }}
+          tags: |
+            # Generate tag based on short commit SHA with dev- prefix
+            type=sha,format=short,prefix=dev-
+
+      - name: Create version.json
+        run: |
+          # Use full sha here for version.json content
+          echo "{\"commit\":\"$GITHUB_SHA\",\"version\":\"$GITHUB_REF_NAME\",\"source\":\"https://github.com/$GITHUB_REPOSITORY\",\"build\":\"$GITHUB_RUN_ID\"}" > version.json
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image to GAR
+        id: build-and-push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          # Push is true to push to GAR after build
+          push: true
+          # Tags generated by the metadata action (only GAR tag)
+          tags: ${{ steps.meta.outputs.tags }}
+          # Pass build arguments
+          build-args: |
+            SENTRY_RELEASE=${{ github.sha }} # Use full SHA for Sentry release clarity
+            NEXT_PUBLIC_SENTRY_DSN=${{ secrets.SENTRY_DSN }}
+          # Pass secrets securely to the build
+          secrets: |
+            SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}
+          # Enable build cache for faster builds (optional but recommended)
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Print Image URI
+        run: |
+          echo "Pushed GAR image: ${{ steps.meta.outputs.tags }}"