Replace manual container build workflow with Container Build Flow Action

[Copilot]

Replaces the 80-line manual Docker build workflow with the Container Build Flow Action to add intelligent flow detection and automatic PR comments while reducing complexity by 36%.

Changes

• Workflow replacement: Replaced manual Docker Buildx setup, registry logins, metadata extraction, and tag generation with single action call
• Intelligent flow detection: Automatically applies appropriate tags based on context:
  • pr-{sha} for PRs to dev
  • dev-{sha} for PRs from dev→main
  • patch-{sha} for direct PRs to main
  • wip-{sha} for other branches
• Trigger expansion: Added pull_request events and main branch to enable PR builds and post-merge builds
• PR comments: Enabled automatic comments with build status, image tags, and pull commands
• Permissions: Added pull-requests: write for PR comment capability

Preserved Features

All existing functionality maintained:

• Dual registry push (Docker Hub + GHCR)
• SBOM and provenance attestations
• Build caching (GitHub Actions cache)
• Platform support (linux/amd64)
• Secret usage (DOCKER_HUB_USERNAME, DOCKER_HUB_ACCESS_TOKEN, GITHUB_TOKEN)

Configuration

- name: Build and Push Container
  uses: wgtechlabs/container-build-flow-action@v1
  with:
    registry: both
    dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
    dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
    ghcr-token: ${{ secrets.GITHUB_TOKEN }}
    main-branch: main
    dev-branch: dev
    dockerfile: ./Dockerfile
    context: .
    platforms: linux/amd64
    image-name: unthread-telegram-bot
    pr-comment-enabled: true
    provenance: true
    sbom: true
    cache-enabled: true

Release workflow (release.yml) and validation workflow (validate.yml) remain unchanged.

Original prompt

Integrate Container Build Flow Action for Automated Container Builds

🎯 Task: Integrate Container Build Flow Action

📋 Overview

Replace the current manual container build workflow with the automated Container Build Flow Action to simplify development builds, add intelligent flow detection, and enable automatic PR comments.

🎯 Objectives

• Replace .github/workflows/build.yml with the Container Build Flow Action
• Maintain all existing features (dual registry, SBOM, provenance)
• Add intelligent flow detection (PR, DEV, PATCH, WIP)
• Enable automatic PR comments with pull instructions
• Reduce workflow complexity by ~60% while adding features

📁 Files to Modify

Update: .github/workflows/build.yml

🔧 Implementation Requirements

Current Workflow Configuration

• Trigger: Push to dev branch only
• Registries: Both Docker Hub (wgtechlabs/unthread-telegram-bot) and GHCR (ghcr.io/wgtechlabs/unthread-telegram-bot)
• Platform: linux/amd64 only
• Security: SBOM and provenance attestations enabled
• Tags: dev and dev-{short_sha}
• Secrets: Uses DOCKER_HUB_USERNAME, DOCKER_HUB_ACCESS_TOKEN, GITHUB_TOKEN

New Workflow Specifications

Replace the entire content of .github/workflows/build.yml with:

name: Build

on:
  pull_request:
    branches: [main, dev]
  push:
    branches: [main, dev]

jobs:
  build:
    name: Container Build & Push
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      pull-requests: write
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      
      - name: Build and Push Container
        uses: wgtechlabs/container-build-flow-action@v1
        with:
          # Registry Configuration
          registry: both
          dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
          dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
          ghcr-token: ${{ secrets.GITHUB_TOKEN }}
          
          # Branch Configuration
          main-branch: main
          dev-branch: dev
          
          # Build Configuration
          dockerfile: ./Dockerfile
          context: .
          platforms: linux/amd64
          
          # Image Naming
          image-name: unthread-telegram-bot
          
          # PR Comments
          pr-comment-enabled: true
          
          # Security Features
          provenance: true
          sbom: true
          
          # Build Cache
          cache-enabled: true

✨ Key Features to Gain

1. Intelligent Flow Detection

The action automatically detects and applies appropriate tags:

• PR Flow: PRs to dev → pr-{sha} tags
• DEV Flow: PRs from dev to main → dev-{sha} tags
• PATCH Flow: PRs to main (not from dev) → patch-{sha} tags
• WIP Flow: Other branches → wip-{sha} tags

2. Automatic PR Comments

When triggered by pull requests, the action automatically posts a comment with:

• Build flow type detected
• Complete image tags for both registries
• Ready-to-use docker pull commands
• Build metadata (SHA, platforms, timestamp)

3. Dual Registry Support

Maintains current behavior:

• Pushes to both Docker Hub and GHCR
• Uses organization secrets for authentication
• Consistent tagging across both registries

4. Security Features

Preserves all security features:

• SBOM generation
• Provenance attestations
• Build cache optimization

🔍 Testing Strategy

Test Scenarios

1. Push to dev branch → Should build with dev-{sha} tags
2. PR to dev branch → Should build with pr-{sha} tags + post PR comment
3. PR from dev to main → Should build with dev-{sha} tags + post PR comment
4. Verify both registries → Check Docker Hub and GHCR for images
5. Verify PR comments → Ensure comment appears with correct pull commands

Expected Output

After successful build, verify:

• ✅ Images pushed to wgtechlabs/unthread-telegram-bot (Docker Hub)
• ✅ Images pushed to ghcr.io/wgtechlabs/unthread-telegram-bot (GHCR)
• ✅ SBOM and provenance attestations attached
• ✅ PR comment posted (if triggered by PR)
• ✅ Build cache working (faster subsequent builds)

📊 Success Criteria

• Workflow file updated with Container Build Flow Action
• Successful build triggered on push to dev
• Images available on both Docker Hub and GHCR
• Appropriate tags applied based on flow type
• SBOM and provenance attestations present
• PR comment posted automatically (test with a sample PR)
• No breaking changes to existing functionality

📚 Reference Implementation

See the working example in the related project:

• Repository: wgtechlabs/unthread-webhook-server
• Workflow: .github/workflows/build.yml

🔗 Action Documentation

• Action Repository: https://github.com/wgtechlabs/container-build-flow-actio...

Created from VS Code via the GitHub Pull Request extension.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[github-actions]

🔧 Container Build Complete - PR Build

Build Status: ✅ Success
Flow Type: pr
Description: Feature development and testing

---

📦 Pull Image

Docker Hub: docker pull wgtechlabs/unthread-telegram-bot:pr-cfb1ef2

GHCR: docker pull ghcr.io/wgtechlabs/unthread-telegram-bot:pr-cfb1ef2

---

📋 Build Details

Property	Value
Flow Type	pr
Commit	e77495d
Registry	Docker Hub + GHCR

🏷️ Image Tags

• wgtechlabs/unthread-telegram-bot:pr-cfb1ef2
• ghcr.io/wgtechlabs/unthread-telegram-bot:pr-cfb1ef2

---

🔍 Testing Your Changes

1. Pull the image using one of the commands above
2. Run the container with your test configuration
3. Verify the changes work as expected
4. Report any issues in this PR

---

🚀 Quick Start

# Pull and run the container
Docker Hub: docker pull wgtechlabs/unthread-telegram-bot:pr-cfb1ef2
docker run <your-options> <image>

---

_{🤖 Powered by Container Build Flow Action
💻 with ❤️ by Waren Gonzaga under WG Technology Labs, and Him 🙏}