From 7ab425b07a76f123719a7e3735e72da0a24b8a53 Mon Sep 17 00:00:00 2001
From: rcourtman <courtmanr@gmail.com>
Date: Fri, 10 Oct 2025 07:44:34 +0000
Subject: [PATCH] Publish docker agent image via GHCR workflow

---
 .github/workflows/docker-agent-image.yml | 59 ++++++++++++++++++++++++
 Dockerfile                               | 14 +++++-
 docs/DOCKER_MONITORING.md                |  2 +-
 3 files changed, 73 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/docker-agent-image.yml

diff --git a/.github/workflows/docker-agent-image.yml b/.github/workflows/docker-agent-image.yml
new file mode 100644
index 000000000..1a9d3e6e3
--- /dev/null
+++ b/.github/workflows/docker-agent-image.yml
@@ -0,0 +1,59 @@
+name: Build and Publish Docker Agent Image
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'Dockerfile'
+      - 'cmd/pulse-docker-agent/**'
+      - 'internal/dockeragent/**'
+      - 'go.mod'
+      - 'go.sum'
+      - '.github/workflows/docker-agent-image.yml'
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  build-agent-image:
+    name: Build & Push agent image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Read version
+        id: version
+        run: |
+          VERSION=$(tr -d '\n' < VERSION)
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Build and push agent image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          target: agent_runtime
+          platforms: linux/amd64,linux/arm64
+          push: true
+          provenance: false
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/pulse-docker-agent:latest
+            ghcr.io/${{ github.repository_owner }}/pulse-docker-agent:${{ steps.version.outputs.version }}
diff --git a/Dockerfile b/Dockerfile
index d2c862c01..e5aab39ee 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -45,7 +45,19 @@ RUN CGO_ENABLED=0 GOOS=linux go build \
     -trimpath \
     -o pulse-docker-agent ./cmd/pulse-docker-agent
 
-# Final stage
+# Runtime image for the Docker agent (offered via --target agent_runtime)
+FROM alpine:latest AS agent_runtime
+
+RUN apk --no-cache add ca-certificates tzdata
+
+WORKDIR /app
+
+COPY --from=backend-builder /app/pulse-docker-agent /usr/local/bin/pulse-docker-agent
+COPY --from=backend-builder /app/VERSION /VERSION
+
+ENTRYPOINT ["/usr/local/bin/pulse-docker-agent"]
+
+# Final stage (Pulse server runtime)
 FROM alpine:latest
 
 RUN apk --no-cache add ca-certificates tzdata su-exec
diff --git a/docs/DOCKER_MONITORING.md b/docs/DOCKER_MONITORING.md
index 4ade16f6e..33946944d 100644
--- a/docs/DOCKER_MONITORING.md
+++ b/docs/DOCKER_MONITORING.md
@@ -89,7 +89,7 @@ docker run -d \
   ghcr.io/rcourtman/pulse-docker-agent:latest
 ```
 
-> **Note**: The container image is published with the first release that includes the agent. Build locally if you are testing nightly builds.
+> **Note**: Official images for `linux/amd64` and `linux/arm64` are published to `ghcr.io/rcourtman/pulse-docker-agent`. To test local changes, run `docker build --target agent_runtime -t pulse-docker-agent:test .` from the repository root.
 
 ## Configuration reference