feat: ghcr impl to create images here.

Author: utcarshsrivastava-collab

.github/workflows/ci.yml

@@ -2,7 +2,7 @@ name: CI
 
 on:
   push:
-    branches: [main, staging, dev]
+    branches: ['**']
   pull_request:
     branches: [main, staging, dev]
 
@@ -16,15 +16,42 @@ permissions:
 jobs:
   test-build:
     name: Test and Build
-    if: github.ref != 'refs/heads/dev' || github.event_name == 'pull_request'
+    if: >-
+      github.event_name == 'pull_request' ||
+      github.ref == 'refs/heads/main' ||
+      github.ref == 'refs/heads/staging'
     uses: ./.github/workflows/test-build.yml
     secrets: inherit
 
+  # Resolve auto-incrementing GHCR tag for non-main branches (<branch>-0.0.N)
+  resolve-ghcr-tag:
+    name: Resolve GHCR Tag
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref != 'refs/heads/main'
+    permissions:
+      contents: read
+      packages: read
+    outputs:
+      image_tag: ${{ steps.tag.outputs.image_tag }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Compute next GHCR tag
+        id: tag
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
+        run: |
+          TAG="$(bash scripts/ci/ghcr-next-branch-tag.sh "${{ github.ref_name }}")"
+          echo "image_tag=${TAG}" >> "$GITHUB_OUTPUT"
+          echo "Computed GHCR tag: ${TAG}"
+
   # Detect if this is a version release commit (e.g., "v0.5.24: ...")
   detect-version:
     name: Detect Version
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/dev')
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
     outputs:
       version: ${{ steps.extract.outputs.version }}
       is_release: ${{ steps.extract.outputs.is_release }}
@@ -46,14 +73,66 @@ jobs:
             echo "ℹ️ Not a release commit"
           fi
 
-  # Dev: build all 3 images for ECR only (no GHCR, no ARM64)
+  # Non-main branches: build all 3 images for GHCR with auto-increment tag
+  build-ghcr-branch:
+    name: Build GHCR Branch Images
+    needs: [resolve-ghcr-tag]
+    if: github.event_name == 'push' && github.ref != 'refs/heads/main'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: ./docker/app.Dockerfile
+            ghcr_image: ghcr.io/${{ github.repository_owner }}/p2-sim-simstudio
+          - dockerfile: ./docker/db.Dockerfile
+            ghcr_image: ghcr.io/${{ github.repository_owner }}/p2-sim-migrations
+          - dockerfile: ./docker/realtime.Dockerfile
+            ghcr_image: ghcr.io/${{ github.repository_owner }}/p2-sim-realtime
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Generate tags
+        id: meta
+        run: |
+          IMAGE_TAG="${{ needs.resolve-ghcr-tag.outputs.image_tag }}"
+          GHCR_IMAGE="${{ matrix.ghcr_image }}"
+          echo "tags=${GHCR_IMAGE}:${IMAGE_TAG},${GHCR_IMAGE}:${IMAGE_TAG}-${{ github.sha }}" >> "$GITHUB_OUTPUT"
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          provenance: false
+          sbom: false
+
+  # Dev: build all 3 images for ECR only (no ARM64)
   build-dev:
     name: Build Dev ECR
     needs: [detect-version]
     if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
-    runs-on: blacksmith-8vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     permissions:
       contents: read
+      packages: write
       id-token: write
     strategy:
       fail-fast: false
@@ -67,7 +146,7 @@ jobs:
             ecr_repo_secret: ECR_REALTIME
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -86,22 +165,28 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: useblacksmith/setup-docker-builder@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Resolve ECR repo name
         id: ecr-repo
         run: echo "name=$ECR_REPO" >> $GITHUB_OUTPUT
         env:
           ECR_REPO: ${{ matrix.ecr_repo_secret == 'ECR_APP' && secrets.ECR_APP || matrix.ecr_repo_secret == 'ECR_MIGRATIONS' && secrets.ECR_MIGRATIONS || matrix.ecr_repo_secret == 'ECR_REALTIME' && secrets.ECR_REALTIME || '' }}
 
+      - name: Generate tags
+        id: meta
+        run: |
+          ECR_IMAGE="${{ steps.login-ecr.outputs.registry }}/${{ steps.ecr-repo.outputs.name }}:dev"
+          echo "tags=${ECR_IMAGE}" >> "$GITHUB_OUTPUT"
+
       - name: Build and push
-        uses: useblacksmith/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ${{ matrix.dockerfile }}
           platforms: linux/amd64
           push: true
-          tags: ${{ steps.login-ecr.outputs.registry }}/${{ steps.ecr-repo.outputs.name }}:dev
+          tags: ${{ steps.meta.outputs.tags }}
           provenance: false
           sbom: false
 
@@ -112,7 +197,7 @@ jobs:
     if: >-
       github.event_name == 'push' &&
       (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
-    runs-on: blacksmith-8vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
@@ -122,13 +207,13 @@ jobs:
       matrix:
         include:
           - dockerfile: ./docker/app.Dockerfile
-            ghcr_image: ghcr.io/simstudioai/simstudio
+            ghcr_image: ghcr.io/${{ github.repository_owner }}/p2-sim-simstudio
             ecr_repo_secret: ECR_APP
           - dockerfile: ./docker/db.Dockerfile
-            ghcr_image: ghcr.io/simstudioai/migrations
+            ghcr_image: ghcr.io/${{ github.repository_owner }}/p2-sim-migrations
             ecr_repo_secret: ECR_MIGRATIONS
           - dockerfile: ./docker/realtime.Dockerfile
-            ghcr_image: ghcr.io/simstudioai/realtime
+            ghcr_image: ghcr.io/${{ github.repository_owner }}/p2-sim-realtime
             ecr_repo_secret: ECR_REALTIME
     steps:
       - name: Checkout code
@@ -151,15 +236,14 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GHCR
-        if: github.ref == 'refs/heads/main'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: useblacksmith/setup-docker-builder@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Resolve ECR repo name
         id: ecr-repo
@@ -199,7 +283,7 @@ jobs:
           echo "tags=${TAGS}" >> $GITHUB_OUTPUT
 
       - name: Build and push images
-        uses: useblacksmith/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ${{ matrix.dockerfile }}
@@ -213,7 +297,7 @@ jobs:
   build-ghcr-arm64:
     name: Build ARM64 (GHCR Only)
     needs: [detect-version]
-    runs-on: blacksmith-8vcpu-ubuntu-2404-arm
+    runs-on: ubuntu-24.04-arm
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     permissions:
       contents: read
@@ -223,11 +307,11 @@ jobs:
       matrix:
         include:
           - dockerfile: ./docker/app.Dockerfile
-            image: ghcr.io/simstudioai/simstudio
+            image: ghcr.io/${{ github.repository_owner }}/p2-sim-simstudio
           - dockerfile: ./docker/db.Dockerfile
-            image: ghcr.io/simstudioai/migrations
+            image: ghcr.io/${{ github.repository_owner }}/p2-sim-migrations
           - dockerfile: ./docker/realtime.Dockerfile
-            image: ghcr.io/simstudioai/realtime
+            image: ghcr.io/${{ github.repository_owner }}/p2-sim-realtime
 
     steps:
       - name: Checkout code
@@ -241,7 +325,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: useblacksmith/setup-docker-builder@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Generate ARM64 tags
         id: meta
@@ -259,7 +343,7 @@ jobs:
           echo "tags=${TAGS}" >> $GITHUB_OUTPUT
 
       - name: Build and push ARM64 to GHCR
-        uses: useblacksmith/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ${{ matrix.dockerfile }}
@@ -272,17 +356,17 @@ jobs:
   # Create GHCR multi-arch manifests (only for main, after both builds)
   create-ghcr-manifests:
     name: Create GHCR Manifests
-    runs-on: blacksmith-2vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     needs: [build-amd64, build-ghcr-arm64, detect-version]
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     permissions:
       packages: write
     strategy:
       matrix:
         include:
-          - image: ghcr.io/simstudioai/simstudio
-          - image: ghcr.io/simstudioai/migrations
-          - image: ghcr.io/simstudioai/realtime
+          - image: ghcr.io/${{ github.repository_owner }}/p2-sim-simstudio
+          - image: ghcr.io/${{ github.repository_owner }}/p2-sim-migrations
+          - image: ghcr.io/${{ github.repository_owner }}/p2-sim-realtime
 
     steps:
       - name: Login to GHCR
@@ -329,7 +413,7 @@ jobs:
   # Check if docs changed
   check-docs-changes:
     name: Check Docs Changes
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     outputs:
       docs_changed: ${{ steps.filter.outputs.docs }}
@@ -357,7 +441,7 @@ jobs:
   # Create GitHub Release (only for version commits on main, after all builds complete)
   create-release:
     name: Create GitHub Release
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     needs: [create-ghcr-manifests, detect-version]
     if: needs.detect-version.outputs.is_release == 'true'
     permissions: