From 5a16a6ac057f59b7594bd8748f3dc79394b9e80a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= <valknar@pivoine.art>
Date: Fri, 7 Nov 2025 11:29:28 +0100
Subject: [PATCH] Add GitHub Actions workflow for Docker image publishing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Automated Docker image builds on push to main
- Multi-architecture support (amd64, arm64)
- Publish to GitHub Container Registry (GHCR)
- Build caching for faster builds
- Artifact attestation for supply chain security
- Semantic versioning support with tags
- Manual workflow dispatch option
- Updated README with CI/CD documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/docker-publish.yml | 73 ++++++++++++++++++++++++++++
 README.md                            | 67 +++++++++++++++++++++++--
 2 files changed, 137 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/docker-publish.yml

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
new file mode 100644
index 0000000..910fb41
--- /dev/null
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,73 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha,prefix={{branch}}-
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
+
+      - name: Generate artifact attestation
+        if: github.event_name != 'pull_request'
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.build-and-push.outputs.digest }}
+          push-to-registry: true
diff --git a/README.md b/README.md
index e5c59b3..823baab 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,19 @@ Visit [http://localhost:3000](http://localhost:3000) to see the site.
 
 ## Docker Deployment
 
-Build and run with Docker:
+### Using Pre-built Image from GHCR
+
+The Docker image is automatically built and published to GitHub Container Registry on every push to main:
+
+```bash
+# Pull and run the latest image
+docker pull ghcr.io/valknarness/kit-ui:latest
+docker run -p 80:80 ghcr.io/valknarness/kit-ui:latest
+```
+
+### Build Locally
+
+Or build and run locally:
 
 ```bash
 # Build the image
@@ -58,7 +70,16 @@ docker build -t kit-landing .
 docker run -p 80:80 kit-landing
 ```
 
-Or with docker-compose (see `/home/valknar/Projects/docker-compose/kit/compose.yaml`).
+### Docker Compose
+
+For production deployment, see `/home/valknar/Projects/docker-compose/kit/compose.yaml`.
+
+### Available Tags
+
+- `latest` - Latest build from main branch
+- `main` - Main branch builds
+- `v*` - Semantic version tags (e.g., `v1.0.0`)
+- `<branch>-<sha>` - Branch-specific builds with commit SHA
 
 ## Project Structure
 
@@ -110,9 +131,49 @@ Tailwind CSS 4 uses a new CSS-first configuration approach:
 
 ## Available Tools
 
-- **Vert** - Minimalist pastebin for code snippets
+- **Vert** - Privacy-focused file converter (images, audio, documents)
 - **Paint** - Browser-based image editor
 
+## CI/CD Pipeline
+
+The project uses GitHub Actions for automated Docker image builds:
+
+### Workflow Features
+
+- ✅ **Automated builds** on push to main and tags
+- ✅ **Multi-architecture support** (linux/amd64, linux/arm64)
+- ✅ **GitHub Container Registry** (GHCR) publishing
+- ✅ **Build caching** for faster builds
+- ✅ **Artifact attestation** for supply chain security
+- ✅ **Semantic versioning** support
+
+### Triggering Builds
+
+```bash
+# Automatic build on push to main
+git push origin main
+
+# Create a versioned release
+git tag v1.0.0
+git push origin v1.0.0
+
+# Manual trigger via GitHub Actions UI
+# Go to Actions → Build and Push Docker Image → Run workflow
+```
+
+### Using the Published Image
+
+```bash
+# Latest from main branch
+docker pull ghcr.io/valknarness/kit-ui:latest
+
+# Specific version
+docker pull ghcr.io/valknarness/kit-ui:v1.0.0
+
+# Specific commit
+docker pull ghcr.io/valknarness/kit-ui:main-abc1234
+```
+
 ## Performance
 
 - Static export for fast loading