Update GitHub Actions workflow for binder image builds

- Fix Dockerfile path (container/Dockerfile.base.optimized)
- Switch from DockerHub to GHCR
- Add path triggers for Cython/dependency changes
- Add workflow_dispatch for manual builds
- Add cross-repo dispatch to update launcher

Developed by Underworld Team with AI assistance (Claude)

Author: lmoresi

.github/workflows/docker-image.yml

@@ -1,33 +1,69 @@
-name: Image Build and Push
+name: Build and Push Binder Image
+
+# Builds the Underworld3 binder-ready Docker image and pushes to GHCR
+# The image is used by mybinder.org via the uw3-binder-launcher repository
 
 on:
-  push: 
-    branches:
-      - development
+  push:
+    branches: [main, uw3-release-candidate, development]
+    paths:
+      # Only rebuild when these files change (Cython/dependencies require rebuild)
+      - 'container/Dockerfile.base.optimized'
+      - 'pixi.toml'
+      - 'pixi.lock'
+      - 'src/**/*.pyx'
+      - 'src/**/*.c'
+      - 'setup.py'
+  workflow_dispatch:
+    inputs:
+      force_rebuild:
+        description: 'Force full rebuild (no cache)'
+        type: boolean
+        default: false
 
 jobs:
-  push-to-dockerhub:
+  build-and-push:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Exact branch name
-        run: echo "BRANCH=${GITHUB_REF##*/}" >> $GITHUB_ENV
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Login to DockerHub
+      - name: Login to GHCR
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.XXX_USERNAME }}
-          password: ${{ secrets.XXX_PWORD }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract branch name
+        run: echo "BRANCH=${GITHUB_REF##*/}" >> $GITHUB_ENV
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v5
         with:
           context: .
+          file: container/Dockerfile.base.optimized
           push: true
-          file: ./Dockerfile
           platforms: linux/amd64
-          # see https://github.com/docker/build-push-action/issues/276 for syntax help
-          tags: underworldcode/underworld3:${{ env.BRANCH }} #-$(date +%s)
+          no-cache: ${{ inputs.force_rebuild || false }}
+          tags: |
+            ghcr.io/underworldcode/uw3-base:${{ env.BRANCH }}-slim
+            ghcr.io/underworldcode/uw3-base:latest-slim
+
+      # Trigger launcher repo to update its Dockerfile reference
+      # Requires LAUNCHER_PAT secret (Personal Access Token with repo scope)
+      - name: Trigger launcher update
+        if: success()
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.LAUNCHER_PAT }}
+          repository: underworldcode/uw3-binder-launcher
+          event-type: image-updated
+          client-payload: '{"branch": "${{ env.BRANCH }}"}'