quivr/.github/workflows/prebuild-images.yml

name: Prebuild & Deploy Docker Images

on:
  push:
    branches: ["main"]
    # paths:
    #   - "backend/**"

env:
  AWS_REGION: eu-west-3
  ECR_REPOSITORY: backend
  ECR_REGISTRY: public.ecr.aws/c2l8c5w6

jobs:
  build_and_push:
    name: Build and Push Docker Image
    runs-on: ubuntu-latest
    environment: production
    strategy:
      matrix:
        architecture: [amd64, arm64]

    steps:
      - name: Checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1

      - name: Login to GitHub Container Registry
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Login to Docker Hub
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3

      - name: Create Docker Cache Storage Backend
        run: |
          docker buildx create --use --driver=docker-container
      - name: See the file in the runner
        run: |
          ls -la
      - name: Build, tag, and push image to Amazon ECR
        id: build-image
        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          IMAGE_TAG: ${{ github.sha }}
        with:
          context: ./backend/
          push: true
          platforms: linux/${{ matrix.architecture }}
          tags: ghcr.io/quivrhq/quivr:latest-${{ matrix.architecture }}, stangirard/quivr-backend-prebuilt:latest-${{ matrix.architecture }}, stangirard/quivr-backend-prebuilt:${{ env.IMAGE_TAG }}-${{ matrix.architecture }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

  merge_manifests:
    needs: build_and_push
    runs-on: ubuntu-latest
    steps:
      - name: Login to Docker Hub
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Create and push multi-arch manifest
        run: |
          docker manifest create stangirard/quivr-backend-prebuilt:latest \
            stangirard/quivr-backend-prebuilt:latest-amd64 \
            stangirard/quivr-backend-prebuilt:latest-arm64
          docker manifest push stangirard/quivr-backend-prebuilt:latest

          docker manifest create stangirard/quivr-backend-prebuilt:${{ github.sha }} \
            stangirard/quivr-backend-prebuilt:${{ github.sha }}-amd64 \
            stangirard/quivr-backend-prebuilt:${{ github.sha }}-arm64
          docker manifest push stangirard/quivr-backend-prebuilt:${{ github.sha }}

          docker manifest create ghcr.io/quivrhq/quivr:latest \
            ghcr.io/quivrhq/quivr:latest-amd64 \
            ghcr.io/quivrhq/quivr:latest-arm64
          docker manifest push ghcr.io/quivrhq/quivr:latest