From 361eb61fe134790301f3738e042534544545648a Mon Sep 17 00:00:00 2001
From: Daria Mayorova <mayorova@users.noreply.github.com>
Date: Thu, 15 Jan 2026 12:29:50 +0100
Subject: [PATCH 1/2] Add github action for building image

---
 .github/workflows/container-image-buildah.yml | 93 +++++++++++++++++++
 .github/workflows/container.yml               | 27 ++++++
 2 files changed, 120 insertions(+)
 create mode 100644 .github/workflows/container-image-buildah.yml
 create mode 100644 .github/workflows/container.yml

diff --git a/.github/workflows/container-image-buildah.yml b/.github/workflows/container-image-buildah.yml
new file mode 100644
index 00000000..224b8061
--- /dev/null
+++ b/.github/workflows/container-image-buildah.yml
@@ -0,0 +1,93 @@
+name: Build zync oci container image
+
+on:
+  workflow_call:
+    inputs:
+      platforms:
+        description: comma-separated list of platforms to build for, e.g. linux/amd64,linux/s390x,linux/ppc64le
+        default: linux/amd64
+        type: string
+      custom_tag:
+        description: optional custom tag on remote repo you want image to be tagged with
+        required: false
+        default: ''
+        type: string
+    secrets:
+      QUAY_USER_NAME:
+        required: false
+      QUAY_PASSWORD:
+        required: false
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: quay.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  buildah:
+    runs-on: ubuntu-latest
+    steps:
+    # Allow multi-target builds
+    # - name: Set up QEMU
+    #  uses: docker/setup-qemu-action@v2
+    #  with:
+    #    platforms: ${{ inputs.platforms }}
+
+    - name: Log in to Red Hat Registry
+      uses: redhat-actions/podman-login@v1
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ secrets.QUAY_USER_NAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=schedule
+          type=ref,event=branch,enable=${{ github.ref_name != 'master' && inputs.custom_tag == '' }}
+          type=raw,value=latest,enable=${{ github.ref_name == 'master' }}
+          type=raw,value=nightly,enable=${{ github.ref_name == 'master' }}
+          ${{ inputs.custom_tag }}
+          type=ref,event=tag
+          type=ref,event=pr
+
+    - uses: actions/checkout@v6
+
+    - name: Build image
+      id: build-image
+      uses: redhat-actions/buildah-build@v2
+      with:
+        tags: ${{ steps.meta.outputs.tags }}
+        # enable platforms once base image has them
+        # platforms: ${{ inputs.platforms }}
+        labels: ${{ steps.meta.outputs.labels }}
+        layers: false
+        oci: true
+        tls-verify: true
+        extra-args: |
+          --squash
+        containerfiles: |
+          Dockerfile
+
+    - name: Echo Outputs
+      run: |
+        echo "Image: ${{ steps.build-image.outputs.image }}"
+        echo "Tags: ${{ steps.build-image.outputs.tags }}"
+        echo "Tagged Image: ${{ steps.build-image.outputs.image-with-tag }}"
+
+    - name: Check images created
+      run: buildah images
+
+    - name: Push To quay.io
+      id: push-to-quay
+      uses: redhat-actions/push-to-registry@v2
+      if: github.event_name != 'pull_request'
+      with:
+        tags: ${{ steps.build-image.outputs.tags }}
+
+    - name: Print image url
+      run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
new file mode 100644
index 00000000..c950ca83
--- /dev/null
+++ b/.github/workflows/container.yml
@@ -0,0 +1,27 @@
+name: Container build
+on:
+  push:
+    branches:
+    - master
+    - managed-services
+    - 3scale-[0-9]+.[0-9]+-stable
+    tags:
+    - 3scale-[0-9]+.[0-9]+.[0-9]+-GA
+  workflow_dispatch:
+    inputs:
+      platforms:
+        description: comma-separated list of platforms to build for, downstream supported are linux/amd64,linux/s390x,linux/ppc64le
+        default: linux/amd64
+      custom_tag:
+        description: a custom tag on remote repo you want image to be tagged with
+        default: scratch
+
+jobs:
+  call-build:
+    uses: ./.github/workflows/container-image-buildah.yml
+    with:
+      platforms: ${{ inputs.platforms }}
+      custom_tag: ${{ inputs.custom_tag }}
+    secrets: # inherit doesn't work for some reason
+      QUAY_USER_NAME: ${{ secrets.QUAY_USER_NAME }}
+      QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}

From 0309a83facc18f8e900fa5e3b90f133d66947a64 Mon Sep 17 00:00:00 2001
From: Daria Mayorova <mayorova@users.noreply.github.com>
Date: Thu, 15 Jan 2026 13:11:07 +0100
Subject: [PATCH 2/2] Remove managed-services branch from container build
 workflow

---
 .github/workflows/container.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index c950ca83..c2f0d83d 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -3,7 +3,6 @@ on:
   push:
     branches:
     - master
-    - managed-services
     - 3scale-[0-9]+.[0-9]+-stable
     tags:
     - 3scale-[0-9]+.[0-9]+.[0-9]+-GA