From eca19a5fc7ec6243cea18851eae075a3ffe6daea Mon Sep 17 00:00:00 2001
From: Chris Nesbitt-Smith <chris@cns.me.uk>
Date: Tue, 30 Dec 2025 09:36:19 +0000
Subject: [PATCH 1/3] Add multi-arch GHCR build workflow

- Add GitHub Actions workflow to build and push multi-arch images (amd64/arm64)
- Extract image tag dynamically from Dockerfile base image
- Push to ghcr.io/<owner>/drupal-container:<tag>
- Update README with GHCR documentation
---
 .github/workflows/build-push.yml | 51 ++++++++++++++++++++++++++++++++
 README.md                        | 18 +++++++++--
 2 files changed, 67 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/build-push.yml

diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
new file mode 100644
index 0000000..de0daeb
--- /dev/null
+++ b/.github/workflows/build-push.yml
@@ -0,0 +1,51 @@
+name: Build and Push Multi-arch Image
+
+on:
+  push:
+    branches:
+      - php*
+  workflow_dispatch:
+
+jobs:
+  build-push:
+    name: Build and push multi-arch image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Extract base image tag from Dockerfile
+        id: extract-tag
+        run: |
+          # Extract FROM line and convert php:8.3-apache → php8.3-apache
+          BASE_IMAGE=$(grep -m1 '^FROM' Dockerfile | awk '{print $2}')
+          TAG=$(echo "$BASE_IMAGE" | tr ':' '-' | tr '/' '-')
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+          echo "Extracted tag: $TAG"
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/${{ github.repository }}:${{ steps.extract-tag.outputs.tag }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/README.md b/README.md
index 1df9d94..b8177ef 100644
--- a/README.md
+++ b/README.md
@@ -19,9 +19,23 @@ docker-compose stop
 
 ## Building the Docker image
 
-The Docker image lives in [Docker Hub](https://hub.docker.com/repository/docker/localgovdrupal/apache-php). Ask in [Slack](https://localgovdrupal.slack.com/) if you need the permissions to push new images.
+### Automated builds (GHCR)
 
-Build with:
+Multi-architecture images (amd64/arm64) are automatically built and pushed to GitHub Container Registry on every push to `php*` branches:
+
+```
+ghcr.io/<owner>/drupal-container:<php-version>-apache
+```
+
+For example: `ghcr.io/localgovdrupal/drupal-container:php-8.3-apache`
+
+You can also trigger a build manually via the [Actions tab](../../actions/workflows/build-push.yml).
+
+### Manual builds (Docker Hub)
+
+The Docker image also lives in [Docker Hub](https://hub.docker.com/repository/docker/localgovdrupal/apache-php). Ask in [Slack](https://localgovdrupal.slack.com/) if you need the permissions to push new images.
+
+Build and push manually with:
 
 ```bash
 export branch=$(git symbolic-ref --short HEAD)

From c13c41b0988b61725730c9b42e8e64f1a3e79a2d Mon Sep 17 00:00:00 2001
From: Chris Nesbitt-Smith <chris@cns.me.uk>
Date: Fri, 23 Jan 2026 10:36:45 +0000
Subject: [PATCH 2/3] feat(ci): add merge_group trigger for merge queue support
 (#1)

---
 .github/workflows/test.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e3e576f..f38fa52 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -7,6 +7,9 @@ on:
   pull_request:
     branches:
       - php*
+  merge_group:
+    branches:
+      - php*
 
 jobs:
   test:

From cbc8b07967912f5dc388dc67b57fd1404aa6c1fe Mon Sep 17 00:00:00 2001
From: Chris Nesbitt-Smith <chris@cns.me.uk>
Date: Fri, 23 Jan 2026 10:38:46 +0000
Subject: [PATCH 3/3] chore: add Dependabot configuration for Docker and GitHub
 Actions (#2)

---
 .github/dependabot.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..a18937b
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "php8.3"
+    groups:
+      docker:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "php8.3"
+    groups:
+      github-actions:
+        patterns:
+          - "*"