feat(ci): publish snapshots and build docker images on every main push

.github/workflows/release-please.yml

@@ -2,6 +2,13 @@ name: release-please
 on:
   push:
     branches: [main]
+  workflow_dispatch:
+    inputs:
+      docker_version:
+        description: "Version to (re)build & push the Docker image for, e.g. 2.0.0 (no leading v). Runs only the docker job."
+        required: true
+        type: string
+
 permissions:
   contents: write
   pull-requests: write
@@ -22,33 +29,114 @@ jobs:
           config-file: release-please-config.json
           manifest-file: .release-please-manifest.json
 
+  # Resolves the current project version from gradle.properties for non-release
+  # pushes, so the snapshot jobs below know whether (and at which version) to run.
+  version:
+    needs: release-please
+    if: github.event_name == 'push' && needs.release-please.outputs.release_created != 'true'
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.read.outputs.version }}
+      is_snapshot: ${{ steps.read.outputs.is_snapshot }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Read version
+        id: read
+        shell: bash
+        run: |
+          VERSION="$(grep -E '^version=' gradle.properties | head -n1 | cut -d= -f2 | cut -d'#' -f1 | xargs)"
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          # Mirror the snapshot routing in build.gradle.kts (SNAPSHOT/BETA/ALPHA).
+          case "$VERSION" in
+            *SNAPSHOT*|*BETA*|*ALPHA*) IS_SNAPSHOT=true ;;
+            *)                          IS_SNAPSHOT=false ;;
+          esac
+          echo "is_snapshot=$IS_SNAPSHOT" >> "$GITHUB_OUTPUT"
+          echo "Resolved version '$VERSION' (snapshot=$IS_SNAPSHOT)"
+
+  # ---- Maven publish ----
   publish:
     needs: release-please
     if: needs.release-please.outputs.release_created == 'true'
-    uses: OneLiteFeatherNET/workflows/.github/workflows/gradle-publish.yml@v2.2.0
+    uses: OneLiteFeatherNET/workflows/.github/workflows/gradle-publish.yml@v2.3.0
     with:
       java-version: "25.0.3"
       java-distribution: "temurin"
     secrets: inherit
 
+  publish-snapshot:
+    needs: [release-please, version]
+    if: needs.version.outputs.is_snapshot == 'true'
+    uses: OneLiteFeatherNET/workflows/.github/workflows/gradle-publish.yml@v2.3.0
+    with:
+      java-version: "25.0.3"
+      java-distribution: "temurin"
+    secrets: inherit
+
+  # ---- Release Docker image (Gradle produces the context, docker-publish builds it) ----
+  build-context:
+    name: Build Docker context
+    needs: release-please
+    # On a real release, or on a manual dispatch to (re)publish a given version.
+    if: |
+      always() &&
+      ((github.event_name == 'push' && needs.release-please.outputs.release_created == 'true') ||
+       github.event_name == 'workflow_dispatch')
+    uses: OneLiteFeatherNET/workflows/.github/workflows/gradle-docker-context.yml@v2.3.0
+    with:
+      version: ${{ github.event_name == 'workflow_dispatch' && inputs.docker_version || needs.release-please.outputs.version }}
+      gradle-command: "./gradlew jar optimizedBuildLayers optimizedDockerfile -Pversion=$VERSION"
+      context-path: "build/docker/optimized"
+      artifact-name: "docker-context-release"
+    secrets: inherit
+
   docker:
     name: Build Docker Artifacts
-    needs: release-please
+    needs: [release-please, build-context]
     permissions:
       contents: read
       id-token: write   # keyless cosign signing via GitHub OIDC
-    # Runs on a real release, or on a manual dispatch to (re)publish a given version.
     if: |
-      always() &&
+      always() && needs.build-context.result == 'success' &&
       ((github.event_name == 'push' && needs.release-please.outputs.release_created == 'true') ||
        github.event_name == 'workflow_dispatch')
-    uses: OneLiteFeatherNET/workflows/.github/workflows/docker-publish.yml@v2.2.0
+    uses: OneLiteFeatherNET/workflows/.github/workflows/docker-publish.yml@v2.3.0
     with:
       image-name: "onelitefeather/vulpes-backend"
       version: ${{ github.event_name == 'workflow_dispatch' && inputs.docker_version || needs.release-please.outputs.version }}
-      setup-java: true
-      build-command: "./gradlew jar optimizedBuildLayers optimizedDockerfile -Pversion=$VERSION"
-      context: "./build/docker/optimized"
+      context: "build/docker/optimized"
+      artifact-name: "docker-context-release"
+      blob-chunk: "90000000"   # ~90 MB, under the 100 MB Cloudflare cap
+      req-concurrent: "4"
+    secrets: inherit
+
+  # ---- Snapshot Docker image (on every non-release push to main) ----
+  build-context-snapshot:
+    name: Build Docker context (snapshot)
+    needs: [release-please, version]
+    if: needs.version.outputs.is_snapshot == 'true'
+    uses: OneLiteFeatherNET/workflows/.github/workflows/gradle-docker-context.yml@v2.3.0
+    with:
+      version: ${{ needs.version.outputs.version }}
+      gradle-command: "./gradlew jar optimizedBuildLayers optimizedDockerfile -Pversion=$VERSION"
+      context-path: "build/docker/optimized"
+      artifact-name: "docker-context-snapshot"
+    secrets: inherit
+
+  docker-snapshot:
+    name: Build Docker Artifacts (snapshot)
+    needs: [version, build-context-snapshot]
+    permissions:
+      contents: read
+      id-token: write   # keyless cosign signing via GitHub OIDC
+    if: needs.version.outputs.is_snapshot == 'true'
+    uses: OneLiteFeatherNET/workflows/.github/workflows/docker-publish.yml@v2.3.0
+    with:
+      image-name: "onelitefeather/vulpes-backend"
+      version: ${{ needs.version.outputs.version }}
+      context: "build/docker/optimized"
+      artifact-name: "docker-context-snapshot"
       blob-chunk: "90000000"   # ~90 MB, under the 100 MB Cloudflare cap
       req-concurrent: "4"
     secrets: inherit