pagopa · christian-calabrese · Jun 16, 2026 · Jun 17, 2026 · Jun 17, 2026 · Jun 17, 2026
@@ -5,6 +5,10 @@ on:
   push:
     branches:
       - main
+    # Path filters are not evaluated for tag pushes.
+    # Trigger image publication on project release tags as well.
+    tags:
+      - "dx-metrics-import@*"
     paths:
       - "apps/dx-metrics-import/package.json"
       - "packages/dx-metrics-core/**"
@@ -26,14 +30,28 @@ jobs:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
+      - name: Resolve Docker image name from Nx config
+        id: image_name
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          image_name=$(jq -r '.nx.release.docker.repositoryName // empty' apps/dx-metrics-import/package.json)
+          if [[ -z "$image_name" ]]; then
+            echo "::error::Missing nx.release.docker.repositoryName in apps/dx-metrics-import/package.json"
+            exit 1
+          fi
+
+          echo "image_name=$image_name" >> "$GITHUB_OUTPUT"
+
       - name: Docker Build and Push
         uses: pagopa/dx/actions/docker-build-push@main
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           dockerfile_path: ./apps/dx-metrics-import/Dockerfile
           dockerfile_context: .
-          docker_image_name: pagopa/dx-metrics-import
+          docker_image_name: ${{ steps.image_name.outputs.image_name }}
           docker_image_description: "Scheduled import job for the DX Metrics portal. Fetches GitHub engineering metrics and writes them to PostgreSQL."
           docker_image_authors: PagoPA
           build_platforms: linux/amd64

@@ -5,6 +5,10 @@ on:
   push:
     branches:
       - main
+    # Path filters are not evaluated for tag pushes.
+    # Trigger production deploys on project release tags as well.
+    tags:
+      - "dx-metrics@*"
     paths:
       - "apps/dx-metrics/package.json"
       - "packages/dx-metrics-core/**"
@@ -16,8 +20,32 @@ permissions:
   attestations: write
 
 jobs:
+  resolve-image-name:
+    name: Resolve Docker Image Name
+    runs-on: ubuntu-latest
+    outputs:
+      image_name: ${{ steps.image_name.outputs.image_name }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Resolve Docker image name from Nx config
+        id: image_name
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          image_name=$(jq -r '.nx.release.docker.repositoryName // empty' apps/dx-metrics/package.json)
+          if [[ -z "$image_name" ]]; then
+            echo "::error::Missing nx.release.docker.repositoryName in apps/dx-metrics/package.json"
+            exit 1
+          fi
+
+          echo "image_name=$image_name" >> "$GITHUB_OUTPUT"
+
   deploy:
     name: Deploy DX Metrics as Container App
+    needs: resolve-image-name
     concurrency:
       group: ${{ github.workflow }}-cd
       # Override this configuration to prevent cancelling a running deploy.
@@ -27,7 +55,7 @@ jobs:
     with:
       dockerfile_path: ./apps/dx-metrics/Dockerfile
       dockerfile_context: .
-      docker_image_name: pagopa/dx-metrics
+      docker_image_name: ${{ needs.resolve-image-name.outputs.image_name }}
       docker_image_description: "DX Metrics is a monitoring and analytics service for the PagoPA Developer Experience (DX) team, providing insights into development experience."
       container_app: dx-p-itn-metrics-portal-ca-01
       resource_group_name: dx-p-itn-common-rg-01

@@ -6,6 +6,10 @@ on:
   push:
     branches:
       - main
+    # Path filters are not evaluated for tag pushes.
+    # Trigger image publication on project release tags as well.
+    tags:
+      - "app_configuration_tests_all_scenarios@*"
     paths:
       - "infra/modules/azure_app_configuration/tests/apps/all_scenarios/**"
 
@@ -21,14 +25,24 @@ jobs:
       id-token: write
       attestations: write
       packages: write
-    env:
-      IMAGE_NAME: "pagopa/e2e-appconfiguration-all-scenarios"
-      IMAGE_TAG: "latest"
-
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
+      - name: Resolve Docker image name from Nx config
+        id: image_name
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/project.json)
+          if [[ -z "$image_name" ]]; then
+            echo "::error::Missing release.docker.repositoryName in infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/project.json"
+            exit 1
+          fi
+
+          echo "image_name=$image_name" >> "$GITHUB_OUTPUT"
+
       - name: Docker Build and Push
         id: docker_build
         uses: pagopa/dx/actions/docker-build-push@main
@@ -37,7 +51,7 @@ jobs:
         with:
           dockerfile_path: infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/Dockerfile
           dockerfile_context: infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/src
-          docker_image_name: ${{ env.IMAGE_NAME }}
+          docker_image_name: ${{ steps.image_name.outputs.image_name }}
           docker_image_description: "Web app which exposes endpoints to access App Configuration. Used for E2E tests of the Azure App Configuration Terraform module."
           docker_image_authors: "PagoPA"
           build_platforms: "linux/amd64,linux/arm64"

@@ -6,6 +6,10 @@ on:
   push:
     branches:
       - main
+    # Path filters are not evaluated for tag pushes.
+    # Trigger image publication on project release tags as well.
+    tags:
+      - "azure_merge_roles_tests_blob_rbac_probe@*"
     paths:
       - "infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/**"
 
@@ -18,13 +22,24 @@ jobs:
       id-token: write
       attestations: write
       packages: write
-    env:
-      IMAGE_NAME: "pagopa/e2e-azure-merge-roles-blob-rbac"
-
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
+      - name: Resolve Docker image name from Nx config
+        id: image_name
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json)
+          if [[ -z "$image_name" ]]; then
+            echo "::error::Missing release.docker.repositoryName in infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json"
+            exit 1
+          fi
+
+          echo "image_name=$image_name" >> "$GITHUB_OUTPUT"
+
       - name: Docker Build and Push
         id: docker_build
         uses: ./actions/docker-build-push
@@ -33,7 +48,7 @@ jobs:
         with:
           dockerfile_path: infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/Dockerfile
           dockerfile_context: infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe
-          docker_image_name: ${{ env.IMAGE_NAME }}
+          docker_image_name: ${{ steps.image_name.outputs.image_name }}
           docker_image_description: "Web app which exposes data-plane and control-plane
             endpoints to probe Azure Storage RBAC. Used for E2E tests of the
             Azure Merge Roles Terraform module."

@@ -6,6 +6,10 @@ on:
   push:
     branches:
       - main
+    # Path filters are not evaluated for tag pushes.
+    # Trigger image publication on project release tags as well.
+    tags:
+      - "cosmos_db_tests_network_access@*"
     paths:
       - "infra/modules/azure_cosmos_account/tests/apps/network_access/**"
 
@@ -18,14 +22,24 @@ jobs:
       id-token: write
       attestations: write
       packages: write
-    env:
-      IMAGE_NAME: "pagopa/e2e-cosmos-network-access"
-      IMAGE_TAG: "latest"
-
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
+      - name: Resolve Docker image name from Nx config
+        id: image_name
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/azure_cosmos_account/tests/apps/network_access/project.json)
+          if [[ -z "$image_name" ]]; then
+            echo "::error::Missing release.docker.repositoryName in infra/modules/azure_cosmos_account/tests/apps/network_access/project.json"
+            exit 1
+          fi
+
+          echo "image_name=$image_name" >> "$GITHUB_OUTPUT"
+
       - name: Docker Build and Push
         id: docker_build
         uses: pagopa/dx/actions/docker-build-push@main
@@ -34,7 +48,7 @@ jobs:
         with:
           dockerfile_path: infra/modules/azure_cosmos_account/tests/apps/network_access/Dockerfile
           dockerfile_context: infra/modules/azure_cosmos_account/tests/apps/network_access/src
-          docker_image_name: ${{ env.IMAGE_NAME }}
+          docker_image_name: ${{ steps.image_name.outputs.image_name }}
           docker_image_description: "Web app which exposes a single endpoint to probe Azure Cosmos DB. Used for E2E tests of the Azure Cosmos DB Terraform module."
           docker_image_authors: "PagoPA"
           build_platforms: "linux/amd64,linux/arm64"

@@ -19,13 +19,25 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-    env:
-      IMAGE_NAME: "pagopa/e2e-cosmos-network-access"
 
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
+      - name: Resolve Docker image name from Nx config
+        id: image_name
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/azure_cosmos_account/tests/apps/network_access/project.json)
+          if [[ -z "$image_name" ]]; then
+            echo "::error::Missing release.docker.repositoryName in infra/modules/azure_cosmos_account/tests/apps/network_access/project.json"
+            exit 1
+          fi
+
+          echo "image_name=$image_name" >> "$GITHUB_OUTPUT"
+
       - name: Docker Build
         id: docker_build
         uses: pagopa/dx/actions/docker-build-push@main
@@ -34,7 +46,7 @@ jobs:
         with:
           dockerfile_path: infra/modules/azure_cosmos_account/tests/apps/network_access/Dockerfile
           dockerfile_context: infra/modules/azure_cosmos_account/tests/apps/network_access/src
-          docker_image_name: ${{ env.IMAGE_NAME }}
+          docker_image_name: ${{ steps.image_name.outputs.image_name }}
           docker_image_description: "Web app which exposes a single endpoint to probe Azure Cosmos DB. Used for E2E tests of the Azure Cosmos DB Terraform module."
           docker_image_authors: "PagoPA"
           build_platforms: "linux/amd64,linux/arm64"

@@ -36,5 +36,27 @@
     "tsx": "catalog:",
     "typescript": "catalog:",
     "vitest": "catalog:"
+  },
+  "nx": {
+    "targets": {
+      "docker:build": {
+        "options": {
+          "env": {
+            "DOCKER_BUILD_PLATFORMS": "linux/arm64"
+          }
+        }
+      },
+      "nx-release-publish": {
+        "executor": "nx:run-commands",
+        "options": {
+          "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}"
+        }
+      }
+    },
+    "release": {
+      "docker": {
+        "repositoryName": "pagopa/dx-metrics-import"
+      }
+    }
   }
 }
@@ -35,5 +35,27 @@
     "tailwindcss": "^4.2.4",
     "typescript": "catalog:",
     "vitest": "catalog:"
+  },
+  "nx": {
+    "targets": {
+      "docker:build": {
+        "options": {
+          "env": {
+            "DOCKER_BUILD_PLATFORMS": "linux/arm64"
+          }
+        }
+      },
+      "nx-release-publish": {
+        "executor": "nx:run-commands",
+        "options": {
+          "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}"
+        }
+      }
+    },
+    "release": {
+      "docker": {
+        "repositoryName": "pagopa/dx-metrics"
+      }
+    }
   }
 }
@@ -1,4 +1,4 @@
-FROM public.ecr.aws/docker/library/node:24-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14 AS base
+FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/node:24-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14 AS base
 # 1. Enable pnpm
 RUN corepack enable
 
@@ -15,7 +15,7 @@ COPY ./packages ./packages
 # 5. Install ALL dependencies for mcpserver and its workspace dependencies
 RUN pnpm install --filter @pagopa/dx-mcpserver...
 # 6. Build the mcpserver app
-RUN pnpm nx build @pagopa/dx-mcpserver
+RUN NX_DAEMON=false pnpm nx build @pagopa/dx-mcpserver
 # 7. Prune development-only dependencies for the final image
 RUN pnpm --filter @pagopa/dx-mcpserver deploy --legacy --prod /app/deploy
 

@@ -45,5 +45,20 @@
     "format": "prettier --write .",
     "format:check": "prettier --check .",
     "version": "node ./scripts/generate-server-manifest.js"
+  },
+  "nx": {
+    "targets": {
+      "nx-release-publish": {
+        "executor": "nx:run-commands",
+        "options": {
+          "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}"
+        }
+      }
+    },
+    "release": {
+      "docker": {
+        "repositoryName": "pagopa/dx-mcpserver"
+      }
+    }
   }
 }
@@ -2,8 +2,19 @@
   "$schema": "../../node_modules/nx/schemas/project-schema.json",
   "name": "self-hosted-runner",
   "targets": {
+    "nx-release-publish": {
+      "executor": "nx:run-commands",
+      "options": {
+        "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}"
+      }
+    },
     "docker:build": {
       "options": {
+        "cwd": "containers/self-hosted-runner",
+        "args": [
+          "--tag containers-self-hosted-runner",
+          "-f Dockerfile"
+        ],
         "platform": "linux/amd64"
       }
     }