ci: Extract docker build into separate workflow

.github/workflows/main-docker.yml

@@ -0,0 +1,96 @@
+on:
+    push:
+      branches:
+        - "develop"
+        - "feature/update**"
+        - "feature/server_esm**"
+      paths-ignore:
+        - "docs/**"
+        - "bin/**"
+      tags:
+        - "v*"
+    workflow_dispatch:  
+
+env:
+    GHCR_REGISTRY: ghcr.io
+    DOCKERHUB_REGISTRY: docker.io
+    IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+    build_docker:
+        name: Build Docker images
+        runs-on: ubuntu-latest
+        permissions:
+          contents: read
+          packages: write
+          attestations: write
+          id-token: write
+        steps:
+          - uses: actions/checkout@v4
+          - name: Extract metadata (tags, labels) for GHCR image
+            id: ghcr-meta
+            uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+            with:
+              images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
+              tags: 
+          - name: Extract metadata (tags, labels) for DockerHub image
+            id: dh-meta
+            uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+            with:
+              images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
+          - name: Set up node & dependencies
+            uses: actions/setup-node@v4
+            with:
+              node-version: 20
+              cache: "npm"
+          - run: npm ci
+          - name: Run the TypeScript build
+            run: npx tsc
+          - name: Create server-package.json
+            run: cat package.json | grep -v electron > server-package.json
+          - name: Log in to the GHCR container registry
+            uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+            with:
+              registry: ${{ env.GHCR_REGISTRY }}
+              username: ${{ github.actor }}
+              password: ${{ secrets.GITHUB_TOKEN }}
+          - uses: docker/setup-buildx-action@v3
+          - name: Build and push container image to GHCR
+            uses: docker/build-push-action@v6
+            id: ghcr-push
+            with:
+              context: .
+              push: true
+              tags: ${{ steps.ghcr-meta.outputs.tags }}
+              labels: ${{ steps.ghcr-meta.outputs.labels }}
+              cache-from: type=gha
+              cache-to: type=gha,mode=max
+          - name: Generate and push artifact attestation to GHCR
+            uses: actions/attest-build-provenance@v1
+            with:
+              subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}}
+              subject-digest: ${{ steps.ghcr-push.outputs.digest }}
+              push-to-registry: true
+          - name: Log in to the DockerHub container registry
+            uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+            with:
+              registry: ${{ env.DOCKERHUB_REGISTRY }}
+              username: ${{ secrets.DOCKERHUB_USERNAME }}
+              password: ${{ secrets.DOCKERHUB_TOKEN }}
+          - name: Build and push image to DockerHub
+            uses: docker/build-push-action@v6
+            id: dh-push
+            with:
+              context: .
+              push: true
+              tags: ${{ steps.dh-meta.outputs.tags }}
+              labels: ${{ steps.dh-meta.outputs.labels }}
+              cache-from: type=gha
+              cache-to: type=gha,mode=max
+          - name: Generate and push artifact attestation to DockerHub
+            uses: actions/attest-build-provenance@v1
+            with:
+              subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}
+              subject-digest: ${{ steps.dh-push.outputs.digest }}
+              push-to-registry: true
+    

.github/workflows/main.yml

@@ -16,11 +16,6 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-env:
-  GHCR_REGISTRY: ghcr.io
-  DOCKERHUB_REGISTRY: docker.io
-  IMAGE_NAME: ${{ github.repository }}
-
 jobs:
   build_darwin-x64:
     name: Build macOS x86_64
@@ -143,79 +138,3 @@ jobs:
         with:
           name: TriliumNext Notes for Windows (Setup)
           path: out/make/squirrel.windows/x64/*.exe
-  build_docker:
-    name: Build Docker images
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      attestations: write
-      id-token: write
-    steps:
-      - uses: actions/checkout@v4
-      - name: Extract metadata (tags, labels) for GHCR image
-        id: ghcr-meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: 
-      - name: Extract metadata (tags, labels) for DockerHub image
-        id: dh-meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
-      - name: Set up node & dependencies
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: "npm"
-      - run: npm ci
-      - name: Run the TypeScript build
-        run: npx tsc
-      - name: Create server-package.json
-        run: cat package.json | grep -v electron > server-package.json
-      - name: Log in to the GHCR container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-buildx-action@v3
-      - name: Build and push container image to GHCR
-        uses: docker/build-push-action@v6
-        id: ghcr-push
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.ghcr-meta.outputs.tags }}
-          labels: ${{ steps.ghcr-meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - name: Generate and push artifact attestation to GHCR
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}}
-          subject-digest: ${{ steps.ghcr-push.outputs.digest }}
-          push-to-registry: true
-      - name: Log in to the DockerHub container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-        with:
-          registry: ${{ env.DOCKERHUB_REGISTRY }}
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Build and push image to DockerHub
-        uses: docker/build-push-action@v6
-        id: dh-push
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.dh-meta.outputs.tags }}
-          labels: ${{ steps.dh-meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - name: Generate and push artifact attestation to DockerHub
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}
-          subject-digest: ${{ steps.dh-push.outputs.digest }}
-          push-to-registry: true