From 5ef84c27984dccd41368c873075d5e66c5c4cf4b Mon Sep 17 00:00:00 2001
From: User <noreply@users.noreply.github.com>
Date: Tue, 14 Apr 2026 03:48:22 -0700
Subject: [PATCH] Make release tags publish self-host container images

Self-hosted deployments already build backend and frontend images from the
repository's Dockerfiles, but release automation only published CLI
artifacts. This adds a dedicated GitHub Actions workflow that publishes
GHCR images for both build targets on the existing v* release cadence
with version and latest tags.

Constraint: Keep docker-compose and self-hosting docs unchanged in this PR
Constraint: Use GitHub Container Registry and the existing v* tag release flow
Rejected: Fold container publishing into the GoReleaser workflow | keeps container concerns separate and reviewable
Rejected: Add SHA image tags | user requested only version aliases and latest
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If release tagging changes later, update both CLI and Docker release workflows together
Tested: yaml.safe_load on .github/workflows/docker-release.yml
Tested: actionlint via rhysd/actionlint Docker image
Tested: docker build -f Dockerfile -t multica-backend:test .
Tested: docker build -f Dockerfile.web -t multica-frontend:test .
Not-tested: Actual GHCR publish from GitHub Actions on a real v* tag
Not-tested: Multi-arch push execution on GitHub-hosted runners
---
 .github/workflows/docker-release.yml | 58 ++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 .github/workflows/docker-release.yml

diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
new file mode 100644
index 000000000..1336b7473
--- /dev/null
+++ b/.github/workflows/docker-release.yml
@@ -0,0 +1,58 @@
+name: Docker Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  publish-images:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image_name: multica-backend
+            dockerfile: Dockerfile
+          - image_name: multica-frontend
+            dockerfile: Dockerfile.web
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}
+          flavor: |
+            latest=true
+          tags: |
+            type=semver,pattern={{version}}
+
+      - name: Build and push ${{ matrix.image_name }}
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64