From 343a93864f6649e00fda2de3d395dea56683af83 Mon Sep 17 00:00:00 2001
From: Haitao Pan <manbuzhe2009@qq.com>
Date: Wed, 1 Apr 2026 07:14:15 +0800
Subject: [PATCH] ci(frontend): publish console image to ghcr

---
 .github/workflows/publish-frontend-image.yml  | 72 +++++++++++++++++++
 .../build-and-push-frontend-image.sh          | 44 ++++++++++++
 .../compute-frontend-release-metadata.sh      |  3 +-
 3 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/publish-frontend-image.yml
 create mode 100755 scripts/github-actions/build-and-push-frontend-image.sh

diff --git a/.github/workflows/publish-frontend-image.yml b/.github/workflows/publish-frontend-image.yml
new file mode 100644
index 0000000..8b60a58
--- /dev/null
+++ b/.github/workflows/publish-frontend-image.yml
@@ -0,0 +1,72 @@
+name: Publish Frontend Image
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/publish-frontend-image.yml'
+      - 'Dockerfile'
+      - 'package.json'
+      - 'yarn.lock'
+      - 'scripts/github-actions/build-and-push-frontend-image.sh'
+      - 'scripts/github-actions/compute-frontend-release-metadata.sh'
+      - 'scripts/github-actions/render-frontend-build-args.sh'
+      - 'scripts/github-actions/prepare-frontend-build-context.sh'
+      - 'scripts/prebuild.sh'
+      - 'contentlayer.config.ts'
+      - 'next.config.js'
+      - 'next.config.mjs'
+      - 'src/**'
+      - 'public/**'
+  workflow_dispatch:
+    inputs:
+      image_tag:
+        description: Optional image tag. Defaults to the triggering commit SHA.
+        required: false
+        type: string
+      push_latest:
+        description: Also publish the `latest` tag.
+        required: false
+        default: false
+        type: boolean
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  publish-image:
+    runs-on: ubuntu-latest
+    env:
+      PRIMARY_DOMAIN: console.svc.plus
+      NEXT_PUBLIC_RUNTIME_ENVIRONMENT: prod
+      NEXT_PUBLIC_RUNTIME_REGION: cn
+    steps:
+      - name: Check Out Repository
+        uses: actions/checkout@v4
+
+      - name: Set Up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log In To GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Compute Image Metadata
+        id: metadata
+        env:
+          IMAGE_TAG_INPUT: ${{ inputs.image_tag }}
+        run: |
+          bash scripts/github-actions/compute-frontend-release-metadata.sh "${IMAGE_TAG_INPUT}"
+
+      - name: Publish Frontend Image
+        env:
+          IMAGE_REF: ${{ steps.metadata.outputs.image_ref }}
+          IMAGE_LATEST_REF: ${{ steps.metadata.outputs.image_latest_ref }}
+          PUSH_LATEST: ${{ github.event_name == 'push' && 'true' || inputs.push_latest }}
+        run: |
+          bash scripts/github-actions/build-and-push-frontend-image.sh
diff --git a/scripts/github-actions/build-and-push-frontend-image.sh b/scripts/github-actions/build-and-push-frontend-image.sh
new file mode 100755
index 0000000..c135598
--- /dev/null
+++ b/scripts/github-actions/build-and-push-frontend-image.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
+
+require_env() {
+  local key="$1"
+  local value="${!key-}"
+  if [[ -z "${value}" ]]; then
+    echo "Missing required environment variable: ${key}" >&2
+    exit 1
+  fi
+}
+
+require_env IMAGE_REF
+require_env PRIMARY_DOMAIN
+
+BUILD_ARGS_FILE="$(mktemp)"
+trap 'rm -f "${BUILD_ARGS_FILE}"' EXIT
+
+"${SCRIPT_DIR}/render-frontend-build-args.sh" --stdout > "${BUILD_ARGS_FILE}"
+
+build_args=()
+while IFS= read -r line; do
+  if [[ -z "${line}" ]]; then
+    continue
+  fi
+  build_args+=(--build-arg "${line}")
+done < "${BUILD_ARGS_FILE}"
+
+tag_args=(--tag "${IMAGE_REF}")
+if [[ "${PUSH_LATEST:-false}" == "true" ]]; then
+  require_env IMAGE_LATEST_REF
+  tag_args+=(--tag "${IMAGE_LATEST_REF}")
+fi
+
+docker buildx build \
+  --platform "${DOCKER_PLATFORM:-linux/amd64}" \
+  --file "${REPO_ROOT}/Dockerfile" \
+  "${tag_args[@]}" \
+  "${build_args[@]}" \
+  --push \
+  "${REPO_ROOT}"
diff --git a/scripts/github-actions/compute-frontend-release-metadata.sh b/scripts/github-actions/compute-frontend-release-metadata.sh
index 9a446f1..707b0de 100755
--- a/scripts/github-actions/compute-frontend-release-metadata.sh
+++ b/scripts/github-actions/compute-frontend-release-metadata.sh
@@ -18,5 +18,6 @@ fi
 {
   printf 'ghcr_namespace=%s\n' "${GHCR_NAMESPACE}"
   printf 'image_tag=%s\n' "${IMAGE_TAG}"
-  printf 'image_ref=%s/%s/dashboard:%s\n' "${GHCR_REGISTRY}" "${GHCR_NAMESPACE}" "${IMAGE_TAG}"
+  printf 'image_ref=%s/%s/console:%s\n' "${GHCR_REGISTRY}" "${GHCR_NAMESPACE}" "${IMAGE_TAG}"
+  printf 'image_latest_ref=%s/%s/console:latest\n' "${GHCR_REGISTRY}" "${GHCR_NAMESPACE}"
 } >> "${GITHUB_OUTPUT}"