From 562e66d3ce2772593d48e3174167768279522515 Mon Sep 17 00:00:00 2001
From: Frank John Begornia <frank.begornia@yahoo.com>
Date: Wed, 26 Nov 2025 23:43:38 +0800
Subject: [PATCH] feat: add GitHub Actions workflow for building and pushing
 Docker images

---
 .github/workflows/docker-publish.yml |  61 ++++++++++++
 GHCR-SETUP.md                        | 133 +++++++++++++++++++++++++++
 test-workflow.sh                     |  37 ++++++++
 3 files changed, 231 insertions(+)
 create mode 100644 .github/workflows/docker-publish.yml
 create mode 100644 GHCR-SETUP.md
 create mode 100755 test-workflow.sh

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
new file mode 100644
index 0000000..72443f1
--- /dev/null
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,61 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,prefix={{branch}}-
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/GHCR-SETUP.md b/GHCR-SETUP.md
new file mode 100644
index 0000000..ad8a5fc
--- /dev/null
+++ b/GHCR-SETUP.md
@@ -0,0 +1,133 @@
+# GitHub Container Registry Setup for Slipmatz Web
+
+## Overview
+The slipmatz-web application is automatically built and published to GitHub Container Registry (GHCR) on every push to main/develop branches.
+
+## Container Registry URL
+```
+ghcr.io/franknstayn/slipmatz-web:latest
+```
+
+## GitHub Actions Workflow
+
+The workflow (`.github/workflows/docker-publish.yml`) automatically:
+1. Builds the Docker image on every push to `main` or `develop`
+2. Pushes to GitHub Container Registry
+3. Tags images with:
+   - `latest` (for main branch)
+   - Branch name (e.g., `develop`)
+   - Git SHA (e.g., `main-abc1234`)
+   - Version tags (for tagged releases)
+
+## Repository Setup
+
+### 1. Enable GitHub Actions
+- Go to repository Settings → Actions → General
+- Ensure "Read and write permissions" is enabled for GITHUB_TOKEN
+
+### 2. Make Package Public (Optional)
+- Go to repository → Packages → slipmatz-web
+- Package settings → Change visibility → Public
+- (Or keep private if preferred)
+
+## Deployment
+
+### Pull from Registry (Recommended for Production)
+```bash
+cd crew-infrastructure
+docker compose pull slipmatz_web
+docker compose up -d slipmatz_web
+```
+
+### Build Locally (Development)
+Uncomment the `build` section in docker-compose.yml:
+```yaml
+slipmatz_web:
+  build:
+    context: ../apps/slipmatz-web
+    dockerfile: Dockerfile
+  # image: ghcr.io/franknstayn/slipmatz-web:latest
+```
+
+## Using Specific Versions
+
+### Pull specific tag
+```bash
+docker pull ghcr.io/franknstayn/slipmatz-web:develop
+docker pull ghcr.io/franknstayn/slipmatz-web:v1.0.0
+docker pull ghcr.io/franknstayn/slipmatz-web:main-abc1234
+```
+
+### Use in docker-compose.yml
+```yaml
+slipmatz_web:
+  image: ghcr.io/franknstayn/slipmatz-web:v1.0.0
+```
+
+## CI/CD Pipeline
+
+### Automatic Builds Trigger On:
+- Push to `main` → builds `latest` tag
+- Push to `develop` → builds `develop` tag
+- Create tag `v*` → builds version tags
+- Pull request → builds but doesn't push
+
+### Workflow Features:
+- ✅ Docker layer caching (faster builds)
+- ✅ Multi-platform support ready
+- ✅ Automatic tagging strategy
+- ✅ Build cache optimization
+
+## Manual Build and Push
+
+If you need to manually build and push:
+
+```bash
+# Login to GHCR
+echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin
+
+# Build and tag
+cd apps/slipmatz-web
+docker build -t ghcr.io/franknstayn/slipmatz-web:latest .
+
+# Push
+docker push ghcr.io/franknstayn/slipmatz-web:latest
+```
+
+## Troubleshooting
+
+### Authentication Error
+If you get permission denied when pulling:
+```bash
+# Login with GitHub Personal Access Token
+echo $GITHUB_TOKEN | docker login ghcr.io -u franknstayn --password-stdin
+```
+
+Create token at: https://github.com/settings/tokens
+- Scope needed: `read:packages`
+
+### Image Not Found
+- Check if workflow ran successfully in Actions tab
+- Verify package exists at: https://github.com/franknstayn?tab=packages
+- Ensure package visibility matches your needs (public/private)
+
+### Old Image Cached
+```bash
+docker compose pull slipmatz_web --no-cache
+docker compose up -d slipmatz_web
+```
+
+## Benefits
+
+✅ **Faster Deployments**: Pull pre-built images instead of building on server  
+✅ **Version Control**: Track and rollback to specific image versions  
+✅ **Consistent Builds**: Same image across environments  
+✅ **CI/CD Ready**: Automatic builds on code push  
+✅ **Free**: GitHub Packages is free for public repos  
+
+## Next Steps
+
+1. Push code to trigger first build
+2. Verify image appears in GitHub Packages
+3. Pull and deploy on production server
+4. Set up similar workflow for slipmatz-backend
diff --git a/test-workflow.sh b/test-workflow.sh
new file mode 100755
index 0000000..2ecd744
--- /dev/null
+++ b/test-workflow.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+# Test GitHub Actions workflow locally using act
+
+echo "🧪 Testing GitHub Actions workflow locally..."
+echo ""
+
+# Check if act is installed
+if ! command -v act &> /dev/null; then
+    echo "❌ act is not installed. Install with: brew install act"
+    exit 1
+fi
+
+# Change to slipmatz-web directory
+cd "$(dirname "$0")" || exit 1
+
+echo "📋 Available workflows:"
+act --list
+echo ""
+
+echo "🔍 Dry-run (no execution):"
+echo "   act pull_request --container-architecture linux/amd64 --dryrun"
+echo ""
+
+echo "🏗️  Build only (doesn't push to registry):"
+echo "   act pull_request --container-architecture linux/amd64 -j build-and-push"
+echo ""
+
+echo "🚀 Test push event (simulates main branch push):"
+echo "   act push --container-architecture linux/amd64 -j build-and-push"
+echo ""
+
+# Ask user what to do
+read -p "Run dry-run test? (y/n) " -n 1 -r
+echo
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+    act pull_request --container-architecture linux/amd64 --dryrun
+fi