GHCR builds

.github/workflows/ci.yml

@@ -9,6 +9,9 @@ on:
   push:
     branches:
       - main
+  release:
+    types:
+      - published
 
 permissions:
   id-token: write
@@ -58,63 +61,42 @@ jobs:
                 poetry check
                 poetry run python ./.github/actions/verify_imports.py
 
-    docker-build:
+    docker-build-push:
         runs-on: ubuntu-latest
+        permissions:
+          contents: read
+          packages: write
+        env:
+          REGISTRY: ghcr.io
+          IMAGE_NAME: ${{ github.repository }}
 
         steps:
-            - uses: actions/checkout@v4
-
             - name: Set up Docker Buildx
               uses: docker/setup-buildx-action@v3
 
-            - name: Build and push Docker image
-              uses: docker/build-push-action@v5
-              with:
-                  context: .
-                  file: ./Dockerfile
-                  tags: reactome-chatbot:${{ github.sha }}
-                  outputs: type=docker,dest=/tmp/image.tar
-
-            - uses: actions/upload-artifact@v4
-              with:
-                name: image-artifact
-                path: /tmp/image.tar
-
-    docker-push:
-        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
-        needs: docker-build
-        runs-on: ubuntu-latest
-
-        steps:
-            - uses: actions/download-artifact@v4
+            - name: Extract build metadata
+              id: meta
+              uses: docker/metadata-action@v5
               with:
-                name: image-artifact
-                path: /tmp
-            - id: get-hash
-              run: |
-                FULL_SHA=${{ github.sha }}
-                echo "SHORT_SHA=${FULL_SHA:0:7}" >> $GITHUB_OUTPUT
-
-            - env:
-                  AWS_REGION: us-east-1
-              uses: aws-actions/configure-aws-credentials@v4
+                images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+                tags: |
+                  type=semver,pattern={{version}}
+                  type=sha,format=short,prefix=
+
+            - name: Login to Docker registry ${{ env.REGISTRY }}
+              if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'release' && github.event.action == 'published')
+              uses: docker/login-action@v3
               with:
-                  role-to-assume: ${{ vars.AWS_ROLE }}
-                  aws-region: ${{ env.AWS_REGION }}
+                registry: ${{ env.REGISTRY }}
+                username: ${{ github.actor }}
+                password: ${{ secrets.GITHUB_TOKEN }}
 
-            - id: login-ecr
-              uses: aws-actions/amazon-ecr-login@v2
+            - name: Build (and push) Docker image
+              uses: docker/build-push-action@v6
               with:
-                  registry-type: public
-
-            - env:
-                AWS_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-                AWS_REGISTRY_ALIAS: reactome
-                AWS_REPO: reactome-chatbot
-                IMG_TAG: ${{ steps.get-hash.outputs.SHORT_SHA }}
-              run: |
-                docker load --input /tmp/image.tar
-                docker image tag reactome-chatbot:${{ github.sha }} $AWS_REGISTRY/$AWS_REGISTRY_ALIAS/$AWS_REPO:$IMG_TAG
-                docker image tag reactome-chatbot:${{ github.sha }} $AWS_REGISTRY/$AWS_REGISTRY_ALIAS/$AWS_REPO:latest
-                docker push $AWS_REGISTRY/$AWS_REGISTRY_ALIAS/$AWS_REPO:$IMG_TAG
-                docker push $AWS_REGISTRY/$AWS_REGISTRY_ALIAS/$AWS_REPO:latest
+                tags: ${{ steps.meta.outputs.tags }}
+                labels: ${{ steps.meta.outputs.labels }}
+                push: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'release' && github.event.action == 'published') }}
+                provenance: mode=max
+                cache-from: type=gha
+                cache-to: type=gha,mode=max