From ee3db2b8117a9f40240898dc9db83dab9eaea49b Mon Sep 17 00:00:00 2001
From: Andreas Svanberg <andreass@dsv.su.se>
Date: Wed, 18 Feb 2026 21:47:24 +0100
Subject: [PATCH] Automatically publish container images on tag push

When tags matching the pattern 'v[0-9\.]+' are pushed a new image is built and published. It is tagged with the number, and the "latest" rolling tag is updated.
---
 .gitea/workflows/build.yaml             |  4 +-
 .gitea/workflows/publish-container.yaml | 54 +++++++++++++++++++++++++
 README.md                               |  3 +-
 3 files changed, 58 insertions(+), 3 deletions(-)
 create mode 100644 .gitea/workflows/publish-container.yaml

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
index 1914e19..b172744 100644
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@@ -1,5 +1,7 @@
 on:
-  - push
+  push:
+    branches:
+      - '**' # do not run on tag pushes, handled by separate workflow
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.gitea/workflows/publish-container.yaml b/.gitea/workflows/publish-container.yaml
new file mode 100644
index 0000000..1a58c8d
--- /dev/null
+++ b/.gitea/workflows/publish-container.yaml
@@ -0,0 +1,54 @@
+name: Publish container to package registry
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  docker-build-test-publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 25
+          cache: maven
+
+      - name: Build and test with Maven
+        run: ./mvnw verify --batch-mode --no-transfer-progress --fail-fast
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.PACKAGES_REGISTRY }}
+          username: ${{ secrets.PACKAGES_USERNAME }}
+          password: ${{ secrets.PACKAGES_TOKEN }}
+
+      - name: Extract version (remove leading v) and lowercase owner
+        id: image
+        run: |
+          TAG="${{ gitea.ref_name }}"
+          VERSION=${TAG#v}
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          OWNER=$(echo "${{ gitea.repository_owner }}" | tr '[:upper:]' '[:lower:]')
+          echo "OWNER=${OWNER}" >> "$GITHUB_OUTPUT"
+
+      - name: Build and publish Docker image
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ vars.PACKAGES_REGISTRY }}/${{ steps.image.outputs.OWNER }}/oauth2:${{ steps.image.outputs.VERSION }}
+            ${{ vars.PACKAGES_REGISTRY }}/${{ steps.image.outputs.OWNER }}/oauth2:latest
diff --git a/README.md b/README.md
index dddcd6d..294be1f 100644
--- a/README.md
+++ b/README.md
@@ -3,8 +3,7 @@
 ```
 services:
   oauth2:
-    build: https://gitea.dsv.su.se/DMC/oauth2-authorization-server.git
-    restart: unless-stopped
+    image: gitea.dsv.su.se/dmc/oauth2:latest
     ports:
       - "<host_port>:8080"
     environment:
-- 
2.39.5