mattermost/.github/workflows/dispatch-server-builder-image.yml

# .github/workflows/dispatch-build.yml
name: Build & Push New Golang Docker Build Server Image

on:
  workflow_dispatch:
    inputs:
      branch:
        description: "Git branch or PR ref to build"
        required: true
      tag:
        description: "Docker image tag (e.g. v1.2.3 or latest)"
        required: true

env:
  CHAINCTL_IDENTITY: ee399b4c72dd4e58e3d617f78fc47b74733c9557/922f2d48307d6f5f

# Permissions required for chainguard-dev/setup-chainctl
permissions:
  id-token: write
  contents: read

jobs:
  build-and-push:
    runs-on: ubuntu-24.04
    env:
      IMAGE_TAG: ${{ github.event.inputs.tag }}

    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2
        with:
          ref: ${{ github.event.inputs.branch }}

      - name: Set up QEMU (optional, for multi-arch)
        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca

      - name: Login to DockerHub (development repo)
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
        with:
          registry: docker.io
          username: ${{ secrets.DOCKERHUB_DEV_USERNAME }}
          password: ${{ secrets.DOCKERHUB_DEV_TOKEN }}

      - name: Build & push development image
        run: |
          docker buildx build \
            --tag mattermostdevelopment/mattermost-build-server:"${IMAGE_TAG}" \
            --push \
            -f server/build/Dockerfile.buildenv .          

      - name: Login to DockerHub (production repo)
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
        with:
          registry: docker.io
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build & push production image
        run: |
          docker buildx build \
            --tag mattermost/mattermost-build-server:"${IMAGE_TAG}" \
            --push \
            -f server/build/Dockerfile.buildenv .          

  build-and-push-fips:
    runs-on: ubuntu-24.04

    steps:
      - uses: chainguard-dev/setup-chainctl@f4ed65b781b048c44d4f033ae854c025c5531c19 # v0.3.2
        with:
          identity: ${{ env.CHAINCTL_IDENTITY }}
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2
        with:
          ref: ${{ github.event.inputs.branch }}

      - name: Set up QEMU (optional, for multi-arch)
        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca

      - name: Login to DockerHub (production repo)
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
        with:
          registry: docker.io
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build & push production image
        run: |
          docker buildx build \
            --tag mattermost/mattermost-build-server-fips:${{ github.event.inputs.tag }} \
            --push \
            -f server/build/Dockerfile.buildenv-fips .