From dd8eda514beb436a820d38b01d7dc4b3192cf90a Mon Sep 17 00:00:00 2001
From: Frederic CORDIER <frederic.cordier@iex.ec>
Date: Tue, 2 Dec 2025 15:51:42 +0100
Subject: [PATCH 1/3] ci: add ci to build

---
 .github/workflows/ci.yaml | 63 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 .github/workflows/ci.yaml

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..031c74b
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,63 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+
+  prepare:
+    name: Determine image tag
+    runs-on: ubuntu-latest
+    if: |
+      github.ref_name == 'main' ||
+      startsWith(github.ref_name, 'feature/') ||
+      startsWith(github.ref_name, 'bugfix/') ||
+      (github.event_name == 'pull_request' && (startsWith(github.head_ref, 'feature/') || startsWith(github.head_ref, 'bugfix/')))
+    outputs:
+      image_tag: ${{ steps.determine-tag.outputs.image_tag }}
+      version: ${{ steps.determine-tag.outputs.version }}
+    steps:
+      - name: Determine base tag
+        id: determine-tag
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ] ; then
+            SHORT_SHA=$(echo ${{ github.event.pull_request.head.sha }} | cut -c1-8)
+            BRANCH_NAME="${{ github.head_ref }}"
+          else
+            SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-8)
+            BRANCH_NAME="${{ github.ref_name }}"
+          fi
+
+          if [ "${{ github.ref_name }}" = "main" ] ; then
+            echo "Processing main branch"
+            echo "image_tag=dev-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
+            echo "version=dev-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
+          else
+            # This covers feature/ and bugfix/ branches
+            echo "Processing feature/bugfix branch ${BRANCH_NAME}"
+            echo "image_tag=feature-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
+            echo "version=feature-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
+          fi
+
+  build-oci-image:
+    name: Build OCI images
+    needs: prepare
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@feature/allow-args-for-docker-build
+    with:
+      image-name: docker-regis.iex.ec/cvm-base
+      image-tag: ${{ needs.prepare.outputs.image_tag }}
+      dockerfile: Dockerfile
+      context: .
+      registry: docker-regis.iex.ec
+      push: false
+      security-scan: false
+      security-report: "table"
+      hadolint: false
+      platforms: linux/amd64
+      build-args: VERSION=${{ needs.prepare.outputs.version }}
+    secrets:
+      username: ${{ secrets.NEXUS_USERNAME }}
+      password: ${{ secrets.NEXUS_PASSWORD }}
\ No newline at end of file

From 763a8702f4caae42b34d998440b290bdbcb0c4cf Mon Sep 17 00:00:00 2001
From: Frederic CORDIER <frederic.cordier@iex.ec>
Date: Wed, 3 Dec 2025 12:14:06 +0100
Subject: [PATCH 2/3] ci: add private runner group

---
 .github/workflows/ci.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 031c74b..ba8a870 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -45,6 +45,8 @@ jobs:
   build-oci-image:
     name: Build OCI images
     needs: prepare
+    runs-on:
+      group: Azure_runners
     uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@feature/allow-args-for-docker-build
     with:
       image-name: docker-regis.iex.ec/cvm-base

From d990ab2b7024e3c2136259d2bead5cde7b7c7248 Mon Sep 17 00:00:00 2001
From: Frederic CORDIER <frederic.cordier@iex.ec>
Date: Wed, 3 Dec 2025 13:18:24 +0100
Subject: [PATCH 3/3] ci: remove private runner group

---
 .github/workflows/ci.yaml | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index ba8a870..bbd33a0 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -7,7 +7,6 @@ on:
   workflow_dispatch:
 
 jobs:
-
   prepare:
     name: Determine image tag
     runs-on: ubuntu-latest
@@ -44,17 +43,15 @@ jobs:
 
   build-oci-image:
     name: Build OCI images
-    needs: prepare
-    runs-on:
-      group: Azure_runners
     uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@feature/allow-args-for-docker-build
+    needs: prepare
     with:
       image-name: docker-regis.iex.ec/cvm-base
       image-tag: ${{ needs.prepare.outputs.image_tag }}
       dockerfile: Dockerfile
       context: .
       registry: docker-regis.iex.ec
-      push: false
+      push: true
       security-scan: false
       security-report: "table"
       hadolint: false
@@ -62,4 +59,4 @@ jobs:
       build-args: VERSION=${{ needs.prepare.outputs.version }}
     secrets:
       username: ${{ secrets.NEXUS_USERNAME }}
-      password: ${{ secrets.NEXUS_PASSWORD }}
\ No newline at end of file
+      password: ${{ secrets.NEXUS_PASSWORD }}