From 7ef7688a0998672775a2a82deaeab0952bcaa02d Mon Sep 17 00:00:00 2001
From: sophiebsw <sophiebsw@gmail.com>
Date: Sat, 30 May 2026 16:48:53 -0700
Subject: [PATCH 1/2] add github workflows

* adds build workflow to run the flake checker and build the image
* adds publish workflow to build and push to image to GHCR
* modifications to README and flake to accomodate these additions
---
 .github/workflows/build.yml   | 23 ++++++++++++++
 .github/workflows/publish.yml | 57 +++++++++++++++++++++++++++++++++++
 README.md                     |  4 ++-
 flake.nix                     |  2 +-
 4 files changed, 84 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/build.yml
 create mode 100644 .github/workflows/publish.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..1dbf41e
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,23 @@
+name: Build Image
+
+on:
+  push:
+
+concurrency:
+  group: build-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check-flake:
+    runs-on: ci-ocf-wordpress
+    steps:
+      - uses: actions/checkout@v5
+      - uses: DeterminateSystems/flake-checker-action@v9
+
+  build:
+    runs-on: ci-ocf-wordpress
+    needs: check-flake
+    steps:
+      - uses: actions/checkout@v5
+      - name: Build image
+        run: sh $(nix build .#image --no-link --print-out-paths) > /dev/null
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..aa9e03e
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,57 @@
+name: Build and Publish Image
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+env:
+  image_name: ocf-wordpress-core
+  registry: ghcr.io/${{ github.repository_owner }}
+
+jobs:
+  build:
+    # requires setting up a proper environment in the runner
+    #runs-on: ci-ocf-wordpress
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+      - uses: actions/checkout@v5
+
+      - uses: cachix/install-nix-action@v31
+
+      - name: Build and tag image
+        run: |
+          #mkdir -p /etc/containers && podman image trust set --type accept default
+          
+          
+          IMAGE_TAG=$(sh $(nix build .#image --no-link --print-out-paths) 2>/dev/null | podman load -q | grep -oe "$image_name:.*$" | sed -e "s/$image_name://")
+
+          echo "image_tags=$IMAGE_TAG" >> $GITHUB_ENV
+
+      - name: Tag latest
+        if: github.ref == 'refs/heads/main'
+        run: |
+          podman tag $image_name:$image_tags $image_name:latest
+
+          echo "image_tags=$image_tags latest" >> $GITHUB_ENV
+
+      - name: Log in to GHCR
+        uses: redhat-actions/podman-login@v1
+        with:
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          registry: ${{ env.registry }}
+
+      - name: Push to GHCR 
+        id: push-ghcr
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ env.image_name }}
+          tags: ${{ env.image_tags }}
+          registry: ${{ env.registry }}
+
+      - name: Print image url
+        run: echo "Image pushed to ${{ steps.push-ghcr.outputs.registry-paths }}"
diff --git a/README.md b/README.md
index d961f59..fbf31c7 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,9 @@
 # OCF Wordpress
 
 For development, the image can be built and added to Docker with the following command:
-`nix build .#docker && docker tag $(docker load -q < result | grep --only-matching -e 'ocf-wordpress-core:.*$') ocf-wordpress-core:latest`
+`docker tag $(sh $(nix build .#image --no-link --print-out-paths) 2>/dev/null | docker load -q | grep -oe "ocf-wordpress-core:.*$") ocf-wordpress-core:latest`
+or
+`podman tag $(sh $(nix build .#image --no-link --print-out-paths) 2>/dev/null | podman load -q | grep -oe "ocf-wordpress-core:.*$") ocf-wordpress-core:latest`
 
 A docker compose file is provided as a testing environment. This should never be used in any production setting or exposed publicly. You can start this by running:
 `docker compose up -d`
diff --git a/flake.nix b/flake.nix
index 69232da..88d3b01 100644
--- a/flake.nix
+++ b/flake.nix
@@ -96,7 +96,7 @@
           );
         in
         {
-          docker = pkgs.dockerTools.buildLayeredImage {
+          image = pkgs.dockerTools.streamLayeredImage {
             name = "ocf-wordpress-core";
             created = timestamp;
             mtime = timestamp;

From d7e531c9e0ad7aa9b7fc1f94416b4478959541bc Mon Sep 17 00:00:00 2001
From: sophiebsw <sophiebsw@gmail.com>
Date: Sat, 30 May 2026 17:36:34 -0700
Subject: [PATCH 2/2] rename build job to publish

---
 .github/workflows/publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index aa9e03e..07fb710 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -11,7 +11,7 @@ env:
   registry: ghcr.io/${{ github.repository_owner }}
 
 jobs:
-  build:
+  publish:
     # requires setting up a proper environment in the runner
     #runs-on: ci-ocf-wordpress
     runs-on: ubuntu-latest