meldestelle/.gitea/workflows/docker-publish.yaml

name: Build and Publish Docker Images
run-name: Build & Publish by @${{ github.actor }}

on:
  push:
    branches: [ "main" ]
    paths:
      - 'backend/**'
      - 'platform/**'
      - 'core/**'
      - 'frontend/**'
      - 'config/docker/**'
      - 'build.gradle.kts'
      - 'settings.gradle.kts'
      - 'gradle.properties'
      - 'docker-compose.yaml'
      - '.gitea/workflows/docker-publish.yaml'

env:
  REGISTRY: git.mo-code.at
  # WICHTIG: Kleingeschrieben für Docker-Konformität
  IMAGE_PREFIX: mocode-software/meldestelle
  # Build Arguments für Zora (ARM64 Power)
  JAVA_VERSION: "25"
  GRADLE_VERSION: "9.3.1"
  # Deine neuen JVM Power-Flags für ARM64 (Cortex-A720)
  JVM_OPTS_ARM64: "-XX:ActiveProcessorCount=12 -XX:+UseG1GC -XX:+UseTransparentHugePages -XX:+UseSVE=1"

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          - service: api-gateway
            context: .
            dockerfile: backend/infrastructure/gateway/Dockerfile
            image: gateway
          - service: ping-service
            context: .
            dockerfile: backend/services/ping/Dockerfile
            image: ping-service
          - service: web-app
            context: .
            dockerfile: config/docker/caddy/web-app/Dockerfile
            image: web-app
          # NEU: Keycloak wird jetzt auch automatisch gebaut und gepusht
          - service: keycloak
            context: .
            dockerfile: config/docker/keycloak/Dockerfile
            image: keycloak

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      # Java Setup (Wichtig für Gradle-Builds im Runner)
      - name: Set up JDK 25
        uses: actions/setup-java@v4
        with:
          java-version: '25'
          distribution: 'temurin'

      # Cache für Gradle (Beschleunigt Folgebauvorgänge massiv)
      - name: Setup Gradle Cache
        uses: actions/cache@v3
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper            
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
          restore-keys: |
            ${{ runner.os }}-gradle-            

      # Frontend Build (Nur für web-app notwendig)
      - name: Build Frontend (Kotlin JS)
        if: matrix.service == 'web-app'
        run: |
          chmod +x gradlew
          ./gradlew :frontend:shells:meldestelle-portal:jsBrowserDistribution -Pproduction=true --no-daemon          

      # OPTIMIERUNG: QEMU entfernt, da der Runner nativ auf ARM64 (Zora) läuft.
      # Docker Buildx für effizienten Build-Support
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      # Login bei deiner Gitea Registry
      - name: Log in to the Container registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      # Metadaten extrahieren (Tags, Labels)
      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/${{ matrix.image }}
          tags: |
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
            type=sha,format=long            

      # Build und Push (Nativ ARM64 für maximale Geschwindigkeit)
      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: ${{ matrix.context }}
          file: ${{ matrix.dockerfile }}
          push: true
          # Fokus auf ARM64 für Zora, AMD64 bleibt für Kompatibilität (optional)
          platforms: linux/arm64
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            DOCKER_BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
            VERSION=${{ github.sha }}
            GRADLE_VERSION=${{ env.GRADLE_VERSION }}
            JAVA_VERSION=${{ env.JAVA_VERSION }}
            KEYCLOAK_IMAGE_TAG=26.4
            JVM_OPTS_APPEND=${{ env.JVM_OPTS_ARM64 }}            
          cache-from: type=gha
          cache-to: type=gha,mode=max