From fd78c1947c2f496dd2914914b6377e85b81a31bb Mon Sep 17 00:00:00 2001
From: Martin Varga <martin.varga@lutraconsulting.co.uk>
Date: Thu, 6 Mar 2025 15:37:20 +0100
Subject: [PATCH 1/3] Add docker image build on workflow dispatch

---
 .github/workflows/build.yaml | 42 ++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 .github/workflows/build.yaml

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 00000000..d4a9ccc3
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,42 @@
+name: Build images
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+
+env:
+  AWS_REGION: eu-west-1
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.MM_SERVER_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.MM_SERVER_AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+      - name: Build, tag, and push CE images to Amazon ECR
+        env:
+          BUILD_HASH: ${{ github.sha }}
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: mergin
+        run: |
+          IMAGE_TAG="build-ce-$GITHUB_SHA"
+          echo "IMAGE_TAG=$IMAGE_TAG" >> "$GITHUB_ENV"
+          cd server
+          docker build -f Dockerfile . --build-arg BUILD_HASH=${BUILD_HASH} -t $ECR_REGISTRY/mergin/$REPOSITORY-back:$IMAGE_TAG;          
+          cd ../web-app
+          docker build -f Dockerfile . -t $ECR_REGISTRY/mergin/$REPOSITORY-front:$IMAGE_TAG
+          docker push $ECR_REGISTRY/mergin/$REPOSITORY-back:$IMAGE_TAG
+          docker push $ECR_REGISTRY/mergin/$REPOSITORY-front:$IMAGE_TAG
+      - name: Build info
+        run: |
+          echo "IMAGE_TAG=$IMAGE_TAG"
+          echo "GITHUB_SHA=$GITHUB_SHA"
+          echo "TARGET_BRANCH=${{ github.ref_name }}"

From 29ccd4f8f6834e158157e989df62c85f38e25203 Mon Sep 17 00:00:00 2001
From: Martin Varga <martin.varga@lutraconsulting.co.uk>
Date: Fri, 7 Mar 2025 09:38:32 +0100
Subject: [PATCH 2/3] Push dev images to dedicated ECR repository

---
 .github/workflows/build.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d4a9ccc3..28a7fb65 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -25,16 +25,16 @@ jobs:
         env:
           BUILD_HASH: ${{ github.sha }}
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          REPOSITORY: mergin
+          REPOSITORY: mergin/mergin-ce
         run: |
-          IMAGE_TAG="build-ce-$GITHUB_SHA"
+          IMAGE_TAG="build-$GITHUB_SHA"
           echo "IMAGE_TAG=$IMAGE_TAG" >> "$GITHUB_ENV"
           cd server
-          docker build -f Dockerfile . --build-arg BUILD_HASH=${BUILD_HASH} -t $ECR_REGISTRY/mergin/$REPOSITORY-back:$IMAGE_TAG;          
+          docker build -f Dockerfile . --build-arg BUILD_HASH=${BUILD_HASH} -t $ECR_REGISTRY/$REPOSITORY-back:$IMAGE_TAG;          
           cd ../web-app
-          docker build -f Dockerfile . -t $ECR_REGISTRY/mergin/$REPOSITORY-front:$IMAGE_TAG
-          docker push $ECR_REGISTRY/mergin/$REPOSITORY-back:$IMAGE_TAG
-          docker push $ECR_REGISTRY/mergin/$REPOSITORY-front:$IMAGE_TAG
+          docker build -f Dockerfile . -t $ECR_REGISTRY/$REPOSITORY-front:$IMAGE_TAG
+          docker push $ECR_REGISTRY/$REPOSITORY-back:$IMAGE_TAG
+          docker push $ECR_REGISTRY/$REPOSITORY-front:$IMAGE_TAG
       - name: Build info
         run: |
           echo "IMAGE_TAG=$IMAGE_TAG"

From 93c4837b0819897bbcb23019ea7a88655f796b5d Mon Sep 17 00:00:00 2001
From: Martin Varga <martin.varga@lutraconsulting.co.uk>
Date: Fri, 7 Mar 2025 10:20:12 +0100
Subject: [PATCH 3/3] chore: update secrets

---
 .github/workflows/build.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 28a7fb65..e5b85bb7 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -15,8 +15,8 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.MM_SERVER_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.MM_SERVER_AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_ACCESS_PASSWORD }}
           aws-region: ${{ env.AWS_REGION }}
       - name: Login to Amazon ECR
         id: login-ecr