feat: publish rpc-proxy Dockerfile on tag (#1454)

* feat: first commit

* feat: file refactor

* feat: file refactor

* feat: file refactor

* feat: file refactor

* feat: file refactor

* feat: file refactor

* feat: file refactor

* feat: file refactor

* feat: file refactor

* feat: file refactor

* feat: file refactor

.github/workflows/on-tag.yml

@@ -0,0 +1,15 @@
+name: Jobs on tag
+
+on:
+    push:
+        tags:
+            - '*'
+
+jobs:
+    npm-publish:
+        uses: ./.github/workflows/publish-sdk.yml
+        secrets: inherit
+
+    rpc-proxy-docker-publish:
+        uses: ./.github/workflows/rpc-proxy.yml
+        secrets: inherit

.github/workflows/publish-sdk.yml

@@ -1,9 +1,7 @@
 name: Publish NPM package
 
 on:
-    push:
-        tags:
-            - '*'
+  workflow_call:
 
 permissions:
     contents: read

.github/workflows/rpc-proxy-docker.yml

@@ -0,0 +1,76 @@
+name: RPC Proxy - Docker build, scan and push
+
+on:
+   workflow_call:
+
+permissions:
+  contents: read
+  packages: write
+  checks: write
+  actions: read
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: vechain/sdk-rpc-proxy
+
+      - name: Build and export to Docker
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: docker/rpc-proxy/Dockerfile
+          load: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Split tags and get the first value for scanning
+        id: split-tags
+        run: echo "first-tag=$(echo '${{ steps.meta.outputs.tags }}' | cut -d',' -f1)" >> $GITHUB_OUTPUT
+
+      - name: Run Trivy Scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.split-tags.outputs.first-tag }}
+          format: 'table'
+          ignore-unfixed: true
+          exit-code: '1'
+          vuln-type: os,library
+          severity: CRITICAL,HIGH,MEDIUM
+          scanners: misconfig,vuln,secret
+        env:
+          # See https://github.com/aquasecurity/trivy/discussions/7538
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+
+      - name: Build and push
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: docker/rpc-proxy/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/rpc-proxy-test.yml

@@ -4,8 +4,7 @@ on:
     workflow_call:
 
 jobs:
-    build:
-        name: Test RPC Proxy
+    test:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout repository

.github/workflows/rpc-proxy.yml

@@ -5,11 +5,11 @@ on:
 
 jobs:
     test:
+      if: github.ref != 'refs/tags/*'
       uses: ./.github/workflows/rpc-proxy-test.yml
       secrets: inherit
 
-    docker-vulnerability-check:
-      uses: ./.github/workflows/rpc-proxy-vulnerability-scan.yml
+    docker:
+      uses: ./.github/workflows/rpc-proxy-docker.yml
       secrets: inherit
-
-
+