Add GitHub Actions workflows for ACA-Py Agent image build and publish

.github/workflows/on_push_main.yaml → .github/workflows/on_push_main.yml

@@ -11,15 +11,29 @@ on:
       - main
     paths:
       - "docker/oidc-controller/**"
+      - "docker/agent/**"
       - "oidc-controller/**"
       - "html-templates/**"
       - "pyproject.toml"
       - "poetry.lock"
 jobs:
-  build:
+  build-controller:
     name: "Build ACAPy VC-AuthN"
     if: github.repository_owner == 'openwallet-foundation'
     uses: ./.github/workflows/publish.yml
     with:
       ref: ${{ inputs.ref }}
       platforms: "linux/amd64,linux/arm64"
+      image_name: "acapy-vc-authn-oidc"
+      dockerfile_path: "docker/oidc-controller/Dockerfile"
+      build_target: "main"
+
+  build-agent:
+    name: "Build ACA-Py Agent"
+    if: github.repository_owner == 'openwallet-foundation'
+    uses: ./.github/workflows/publish.yml
+    with:
+      ref: ${{ inputs.ref }}
+      platforms: "linux/amd64,linux/arm64"
+      image_name: "acapy-vc-authn-oidc-agent"
+      dockerfile_path: "docker/agent/Dockerfile"

.github/workflows/on_release.yml

@@ -0,0 +1,23 @@
+name: Build release images
+on:
+  release:
+    types: [published]
+jobs:
+  build-controller:
+    name: "Build ACAPy VC-AuthN"
+    if: github.repository_owner == 'openwallet-foundation'
+    uses: ./.github/workflows/publish.yml
+    with:
+      platforms: "linux/amd64,linux/arm64"
+      image_name: "acapy-vc-authn-oidc"
+      dockerfile_path: "docker/oidc-controller/Dockerfile"
+      build_target: "main"
+
+  build-agent:
+    name: "Build ACA-Py Agent"
+    if: github.repository_owner == 'openwallet-foundation'
+    uses: ./.github/workflows/publish.yml
+    with:
+      platforms: "linux/amd64,linux/arm64"
+      image_name: "acapy-vc-authn-oidc-agent"
+      dockerfile_path: "docker/agent/Dockerfile"

.github/workflows/publish.yml

@@ -1,8 +1,6 @@
-name: Publish ACAPy VC-AuthN Image
-run-name: Publish ACAPy VC-AuthN ${{ github.ref_name || github.event.release.tag_name }} Image
+name: Publish Docker Image
+run-name: Publish ${{ inputs.image_name || 'acapy-vc-authn-oidc' }} ${{ github.ref_name }} Image
 on:
-  release:
-    types: [published]
   workflow_call:
     inputs:
       platforms:
@@ -14,6 +12,20 @@ on:
         description: "Optional - The branch, tag or SHA to checkout."
         required: false
         type: string
+      image_name:
+        description: "Image name (without registry prefix)"
+        required: false
+        default: "acapy-vc-authn-oidc"
+        type: string
+      dockerfile_path:
+        description: "Path to Dockerfile"
+        required: false
+        default: "docker/oidc-controller/Dockerfile"
+        type: string
+      build_target:
+        description: "Docker build target (optional)"
+        required: false
+        type: string
     outputs:
       image_tag:
         description: "The tag used for this image"
@@ -33,17 +45,33 @@ on:
         description: "Optional - The branch, tag or SHA to checkout."
         required: false
         type: string
+      image_name:
+        description: "Image name (without registry prefix)"
+        required: false
+        default: "acapy-vc-authn-oidc"
+        type: string
+      dockerfile_path:
+        description: "Path to Dockerfile"
+        required: false
+        default: "docker/oidc-controller/Dockerfile"
+        type: string
+      build_target:
+        description: "Docker build target (optional)"
+        required: false
+        type: string
 
 env:
   PLATFORMS: ${{ inputs.platforms || 'linux/amd64,linux/arm64' }}
+  IMAGE_NAME: ${{ inputs.image_name || 'acapy-vc-authn-oidc' }}
+  DOCKERFILE_PATH: ${{ inputs.dockerfile_path || 'docker/oidc-controller/Dockerfile' }}
 
 jobs:
   publish_image:
     if: github.repository_owner == 'openwallet-foundation'
     strategy:
       fail-fast: false
 
-    name: Publish ACAPy VC-AuthN Image
+    name: Publish ${{ inputs.image_name || 'acapy-vc-authn-oidc' }} Image
     runs-on: ubuntu-latest
     outputs:
       image_tag: ${{ steps.values.outputs.image_tag }}
@@ -73,13 +101,13 @@ jobs:
           echo "Checked out ref: $(git describe --always --tags)"
           echo "Current commit: $(git rev-parse HEAD)"
           echo "Current branch/tag: $(git branch --show-current || git describe --tags --exact-match 2>/dev/null || echo 'detached HEAD')"
-          
+
           # If a specific ref was requested, verify we're on it
           if [ -n "${{ inputs.ref }}" ]; then
             REQUESTED_REF="${{ inputs.ref }}"
             CURRENT_REF=$(git rev-parse HEAD)
             REQUESTED_SHA=$(git rev-parse "$REQUESTED_REF" 2>/dev/null || echo "unknown")
-            
+
             if [ "$CURRENT_REF" != "$REQUESTED_SHA" ]; then
               echo "ERROR: Failed to checkout requested ref '$REQUESTED_REF'"
               echo "Expected SHA: $REQUESTED_SHA"
@@ -89,38 +117,46 @@ jobs:
             echo "✓ Successfully verified checkout of ref: $REQUESTED_REF"
           fi
 
+      - name: Verify Dockerfile exists
+        run: |
+          if [ ! -f "${{ env.DOCKERFILE_PATH }}" ]; then
+            echo "ERROR: Dockerfile not found at ${{ env.DOCKERFILE_PATH }}"
+            exit 1
+          fi
+          echo "✓ Found Dockerfile at ${{ env.DOCKERFILE_PATH }}"
+
       - name: Gather image info
         id: info
         run: |
           echo "repo-owner=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_OUTPUT
-          
+
           # Determine tags based on what we checked out
           CHECKOUT_REF="${{ steps.ref.outputs.checkout_ref }}"
           echo "Determining tags for ref: ${CHECKOUT_REF}"
-          
-          TAGS="ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/acapy-vc-authn-oidc:"
-          
+
+          TAGS="ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/${{ env.IMAGE_NAME }}:"
+
           # Check if it's a semver tag (v1.2.3 or 1.2.3)
           if [[ "${CHECKOUT_REF}" =~ ^refs/tags/v?([0-9]+\.[0-9]+\.[0-9]+.*)$ ]] || [[ "${CHECKOUT_REF}" =~ ^v?([0-9]+\.[0-9]+\.[0-9]+.*)$ ]]; then
             VERSION="${BASH_REMATCH[1]}"
             echo "Detected version: ${VERSION}"
-            
+
             # Full version tag
             TAGS="${TAGS}${VERSION}"
-            
+
             # Major.minor tag
             if [[ "${VERSION}" =~ ^([0-9]+\.[0-9]+) ]]; then
-              TAGS="${TAGS},ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/acapy-vc-authn-oidc:${BASH_REMATCH[1]}"
+              TAGS="${TAGS},ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/${{ env.IMAGE_NAME }}:${BASH_REMATCH[1]}"
             fi
-            
+
             # Latest tag for releases
-            TAGS="${TAGS},ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/acapy-vc-authn-oidc:latest"
-            
+            TAGS="${TAGS},ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/${{ env.IMAGE_NAME }}:latest"
+
           # Check if it's main branch
           elif [[ "${CHECKOUT_REF}" == "refs/heads/main" ]] || [[ "${CHECKOUT_REF}" == "main" ]]; then
             echo "Building from main branch"
             TAGS="${TAGS}dev"
-            
+
           # For other branches, use branch name
           else
             # Extract branch name from refs/heads/branch-name or just use as-is
@@ -130,17 +166,17 @@ jobs:
             echo "Building from branch: ${BRANCH_NAME}"
             TAGS="${TAGS}${BRANCH_NAME}"
           fi
-          
+
           echo "tags=${TAGS}" >> $GITHUB_OUTPUT
           echo "Generated tags: ${TAGS}"
 
       - name: Cache Docker layers
         uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          key: ${{ runner.os }}-buildx-${{ env.IMAGE_NAME }}-${{ github.sha }}
           restore-keys: |
-            ${{ runner.os }}-buildx-
+            ${{ runner.os }}-buildx-${{ env.IMAGE_NAME }}-
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -157,7 +193,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ghcr.io/${{ steps.info.outputs.repo-owner }}/acapy-vc-authn-oidc
+            ghcr.io/${{ steps.info.outputs.repo-owner }}/${{ env.IMAGE_NAME }}
           # We generate tags manually in the "Gather image info" step
           # but still use metadata-action for labels
           tags: |
@@ -170,10 +206,10 @@ jobs:
         with:
           push: true
           context: .
-          file: docker/oidc-controller/Dockerfile
+          file: ${{ env.DOCKERFILE_PATH }}
           tags: ${{ steps.info.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          target: main
+          target: ${{ inputs.build_target || '' }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
           platforms: ${{ env.PLATFORMS }}