From 60f64fe76bd5d202e174c4e74c8d638d3ccc6a5a Mon Sep 17 00:00:00 2001
From: ZGaetano <zgaetano@wilddragon.net>
Date: Wed, 6 May 2026 16:00:32 -0400
Subject: [PATCH] feat(ci): add Docker image publish workflow on tag push
 (closes #12)

---
 .forgejo/workflows/publish.yml | 79 ++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 .forgejo/workflows/publish.yml

diff --git a/.forgejo/workflows/publish.yml b/.forgejo/workflows/publish.yml
new file mode 100644
index 0000000..538415a
--- /dev/null
+++ b/.forgejo/workflows/publish.yml
@@ -0,0 +1,79 @@
+# Forgejo Actions — Docker image publish for Dragon Fork.
+#
+# Triggers on semver tags (v*.*.*-dragonfork or v*.*.*). Builds a
+# multi-arch image (linux/amd64 + linux/arm64) and pushes to the
+# configured registry. The image name and registry are controlled by
+# repository variables:
+#
+#   REGISTRY         — e.g. ghcr.io or registry.wilddragon.net
+#   IMAGE_NAME       — e.g. zgaetano/dragonfork-core (defaults to repo name)
+#
+# The push credential must be stored as a repository secret:
+#   REGISTRY_TOKEN   — password / token for the registry user
+#   REGISTRY_USER    — registry username (defaults to repo owner)
+#
+# Quick-start after setting the variables/secrets:
+#   git tag v0.2.0-dragonfork && git push origin v0.2.0-dragonfork
+
+name: publish
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+      - 'v*.*.*-dragonfork'
+
+jobs:
+  build-and-push:
+    name: Build and push multi-arch image
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU (for arm64 cross-build)
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Derive image metadata
+        id: meta
+        run: |
+          REGISTRY="${{ vars.REGISTRY || 'ghcr.io' }}"
+          IMAGE="${{ vars.IMAGE_NAME || github.repository }}"
+          TAG="${GITHUB_REF_NAME}"
+          # Normalise: strip leading 'v' for the semver part, keep full tag too
+          SEMVER="${TAG#v}"
+          echo "image=${REGISTRY}/${IMAGE}" >> "$GITHUB_OUTPUT"
+          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
+          echo "semver=${SEMVER}" >> "$GITHUB_OUTPUT"
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.REGISTRY || 'ghcr.io' }}
+          username: ${{ vars.REGISTRY_USER || github.repository_owner }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ steps.meta.outputs.image }}:${{ steps.meta.outputs.tag }}
+            ${{ steps.meta.outputs.image }}:latest
+          labels: |
+            org.opencontainers.image.title=Dragon Fork Core
+            org.opencontainers.image.description=Datarhei Core with WebRTC egress
+            org.opencontainers.image.version=${{ steps.meta.outputs.semver }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max