noot #82

	name: Build and Push Ko Container

	on:
	push:
	branches:
	- '*'
	tags:
	- 'v*'

	env:
	KO_DOCKER_REPO: oci.gfx.cafe/git/gfx/venn
	CGO_ENABLED: 0

	jobs:
	build-and-push:
	runs-on: ubuntu-latest
	permissions:
	contents: write
	packages: write

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: '1.25'

	- name: Install ko
	uses: ko-build/setup-ko@v0.6

	- name: Log in to Harbor Registry
	env:
	REGISTRY_USERNAME: ${{ secrets.HARBOR_USER }}
	REGISTRY_PASSWORD: ${{ secrets.HARBOR_SECRET }}
	run: \|
	echo "$REGISTRY_PASSWORD" \| ko login oci.gfx.cafe -u "$REGISTRY_USERNAME" --password-stdin

	- name: Log in to GitHub Container Registry
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| ko login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Build and push container (branch)
	if: github.ref_type == 'branch'
	run: \|
	BRANCH=${GITHUB_REF#refs/heads/}
	BRANCH_SAFE=$(echo $BRANCH \| sed 's/[^a-zA-Z0-9-]/-/g')
	SHORT_SHA=${GITHUB_SHA::7}

	# Build and push to Harbor
	ko build --bare ./cmd/venn --tags=${BRANCH_SAFE},${SHORT_SHA}

	# Build and push to GHCR
	KO_DOCKER_REPO=ghcr.io/gfx-labs/venn ko build --bare ./cmd/venn --tags=${BRANCH_SAFE},${SHORT_SHA}

	- name: Build and push container (version tag)
	if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v')
	run: \|
	TAG=${GITHUB_REF#refs/tags/}

	# Build and push to Harbor
	ko build --bare ./cmd/venn --tags=$TAG,latest

	# Build and push to GHCR
	KO_DOCKER_REPO=ghcr.io/gfx-labs/venn ko build --bare ./cmd/venn --tags=$TAG,latest

Provide feedback