Split Docker into build and publish jobs

docker-build runs in parallel with all other jobs — no dependencies. docker-publish gates on backend, unit-tests, frontend, and docker-build. The publish step is a cache hit since docker-build already populated GHA cache. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-07 12:10:20 +02:00 · 2026-04-06 21:33:46 -05:00 · 2026-04-06 21:33:46 -05:00 · 09d5c4458b
commit 09d5c4458b
parent 20081b0687
1 changed files with 60 additions and 6 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -146,10 +146,65 @@ jobs:
      - name: Build
        run: yarn run build --env production

-  docker:
-    name: Build & Push Docker Image
+  docker-build:
+    name: Build Docker Image
    runs-on: ubuntu-latest
-    needs: [backend, unit-tests, frontend]
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Determine version
+        id: version
+        env:
+          INPUT_VERSION: ${{ inputs.version }}
+        run: |
+          if [ -n "$INPUT_VERSION" ]; then
+            echo "version=$INPUT_VERSION" >> "$GITHUB_OUTPUT"
+          else
+            echo "version=$(git describe --tags 2>/dev/null || echo "dev-${GITHUB_SHA::8}")" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha,prefix=
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=${{ steps.version.outputs.version }},enable=${{ inputs.version != '' }}
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=${{ steps.version.outputs.version }}
+            VERSION_BRANCH=${{ github.ref_name }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  docker-publish:
+    name: Publish Docker Image
+    runs-on: ubuntu-latest
+    needs: [backend, unit-tests, frontend, docker-build]
    permissions:
      contents: read
      packages: write
@ -193,10 +248,10 @@ jobs:
            type=ref,event=branch
            type=ref,event=pr
            type=sha,prefix=
-            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/develop' }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
            type=raw,value=${{ steps.version.outputs.version }},enable=${{ inputs.version != '' }}

-      - name: Build and push
+      - name: Push Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
@ -208,4 +263,3 @@ jobs:
            VERSION=${{ steps.version.outputs.version }}
            VERSION_BRANCH=${{ github.ref_name }}
          cache-from: type=gha
-          cache-to: type=gha,mode=max