Deploy Backend to prod #85

	name: Deploy WebWebWeb‑backend
	run-name: Deploy Backend to ${{ github.event.inputs.target \|\| 'unknown' }}

	on:
	workflow_dispatch:
	inputs:
	target:
	description: 'Which environment to deploy'
	required: true
	default: 'stage'
	type: choice
	options:
	- stage
	- prod

	env:
	REGISTRY: ghcr.io
	DOCKERFILE: Dockerfile
	IMAGE_NAME: ${{ github.repository }}

	jobs:
	build-and-push-image:
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write
	attestations: write
	id-token: write

	steps:
	- name: Determine target
	id: pick
	run: echo "target=${{ github.event.inputs.target }}" >> $GITHUB_OUTPUT

	- name: Checkout code
	uses: actions/checkout@v4
	with:
	ref: main
	fetch-depth: 0

	- name: Install Dependencies
	run: pip install -U -r requirements.txt

	- name: Log in to the Container registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract metadata (raw tag)
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	type=raw,value=${{ steps.pick.outputs.target }}

	- name: Build and push Docker image
	id: push
	uses: docker/build-push-action@v6
	with:
	context: .
	file: ${{ env.DOCKERFILE }}
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@v2
	with:
	subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	subject-digest: ${{ steps.push.outputs.digest }}
	push-to-registry: true

Provide feedback