From f128e6faf932131d6884dc1fbdc2b574aab7059d Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 20 May 2026 14:58:18 +0200
Subject: [PATCH 1/2] GHA: Use our standardised `container-image` workflow

---
 .github/workflows/container-image.yml     | 28 ++++++++++++++
 .github/workflows/docker.yml              | 45 -----------------------
 Dockerfile => Containerfile               |  0
 doc/02-Installation.md.d/For-Container.md |  7 ++++
 4 files changed, 35 insertions(+), 45 deletions(-)
 create mode 100644 .github/workflows/container-image.yml
 delete mode 100644 .github/workflows/docker.yml
 rename Dockerfile => Containerfile (100%)
 create mode 100644 doc/02-Installation.md.d/For-Container.md

diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml
new file mode 100644
index 00000000..def05b10
--- /dev/null
+++ b/.github/workflows/container-image.yml
@@ -0,0 +1,28 @@
+name: Container Image
+
+on:
+  push:
+    branches:
+      - main
+  pull_request: {}
+  release:
+    types:
+      - published
+
+jobs:
+  container-image:
+    # Required by the base Container Image Action [^1].
+    # [^1]: https://github.com/Icinga/github-actions/blob/main/.github/workflows/container-image.yml#L54-L58
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    name: Build and Public Container Image
+    uses: icinga/github-actions/.github/workflows/container-image.yml@main
+    with:
+      documentation_url: https://icinga.com/docs/icinga-notifications
+    secrets:
+      dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
+      dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
deleted file mode 100644
index e52ce14b..00000000
--- a/.github/workflows/docker.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: Docker
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-  release:
-    types: [ published ]
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: docker/metadata-action@v6
-      id: meta
-      with:
-        images: |
-          icinga/icinga-notifications
-        tags: |
-          type=ref,event=branch,enable={{is_default_branch}}
-          type=semver,pattern={{version}}
-          type=semver,pattern={{major}}.{{minor}}
-
-    - uses: docker/setup-qemu-action@v4
-
-    - uses: docker/setup-buildx-action@v4
-
-    - if: github.event_name != 'pull_request'
-      uses: docker/login-action@v4
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-    - name: Build and push
-      uses: docker/build-push-action@v7
-      with:
-        labels: ${{ steps.meta.outputs.labels }}
-        platforms: linux/amd64,linux/arm64
-        push: ${{ github.event_name != 'pull_request' }}
-        tags: ${{ steps.meta.outputs.tags }}
-        # Keep the .git to allow including the commit in the --version output, see also:
-        # https://docs.docker.com/build/building/context/#keep-git-directory
-        build-args: |
-          BUILDKIT_CONTEXT_KEEP_GIT_DIR=1
diff --git a/Dockerfile b/Containerfile
similarity index 100%
rename from Dockerfile
rename to Containerfile
diff --git a/doc/02-Installation.md.d/For-Container.md b/doc/02-Installation.md.d/For-Container.md
new file mode 100644
index 00000000..c5bb543e
--- /dev/null
+++ b/doc/02-Installation.md.d/For-Container.md
@@ -0,0 +1,7 @@
+# Installing Icinga Notifications in Containers
+
+This image integrates Icinga Notifications into your containerized environment.
+
+## Usage
+
+TODO...

From f94393b9d8a9e9f09321ac3541c83742f057ddad Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 20 May 2026 15:44:56 +0200
Subject: [PATCH 2/2] Containerfile: restructure build stages & cleanup build
 artifcats

---
 Containerfile | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/Containerfile b/Containerfile
index f04a576d..9c4e863b 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,17 +1,25 @@
 # Icinga Notifications | (c) 2023 Icinga GmbH | GPLv2+
 
-FROM docker.io/library/golang AS build
-ENV CGO_ENABLED=0
-COPY . /src/icinga-notifications
-WORKDIR /src/icinga-notifications
+FROM docker.io/library/golang AS base
 
+WORKDIR /icinga-notifications
+COPY go.mod go.sum ./
 RUN --mount=type=cache,target=/go/pkg/mod \
-    --mount=type=cache,target=/root/.cache/go-build \
-    make all
+	go mod download
+
+FROM base AS build
 
-RUN make DESTDIR=/target install
+# The source code must be mounted in read-write mode to allow the makefile to temporarily create the build artifacts
+# in the source directory. These artifacts will then directly be deleted after the build process is finished.
+RUN --mount=type=bind,source=.,target=.,rw \
+	--mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    CGO_ENABLED=0 make all && \
+    make test && \
+    make DESTDIR=/target install && \
+    make clean
 
-FROM docker.io/library/alpine
+FROM docker.io/library/alpine AS runtime
 
 COPY --from=build /target /