backend/enh/docker-push-for-ci #32

	name: CI

	on:
	push:
	branches: ["main"] # Only trigger on pushes to the main branch
	pull_request:
	branches: ["main"]

	workflow_dispatch:

	jobs:
	build:
	runs-on: x86_64-linux

	steps:
	- uses: actions/checkout@v4

	- uses: cachix/cachix-action@v15
	with:
	name: nammayatri
	authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
	skipPush: true

	- name: Build all flake outputs
	run: om ci

	- name: Build and push Docker image
	if: github.event_name == 'push' && github.event.pull_request.merged == true
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	set -euo pipefail

	ARG1="${1:-dockerImage}"
	shift 1 \|\| true

	set -x
	# Show git status as Docker tag is based on the working copy status
	git status

	# Build the flake output and load the Docker image
	docker load -i "$(nix build .#"$ARG1" --print-out-paths --no-update-lock-file)"

	# Fetch the image name and tag
	IMAGE_NAME="$(nix eval --json .#packages.x86_64-linux."$ARG1".buildArgs \| jq -r '"\(.name):\(.tag)"')"
	echo "Built and loaded: ${IMAGE_NAME}"

	# Use a temporary directory for HOME to avoid insecure password storage
	HOME="$(mktemp -d)"
	export HOME

	# Ensure the Docker image is removed after pushing
	trap 'docker rmi "${IMAGE_NAME}"; rm -rf "$HOME"' EXIT

	# Push the Docker image
	echo "$GITHUB_TOKEN" \| docker login ghcr.io -u "${{ github.actor }}" --password-stdin
	docker tag "ghcr.io/nammayatri/beckn-gateway:a7c614" "$IMAGE_NAME"
	docker push "$IMAGE_NAME"

	echo "Pushed image: ${IMAGE_NAME}"

	# Log out from Docker registry
	docker logout ghcr.io

Provide feedback