ci: add Docker Hub publish workflow + fix Dockerfile deps

- .github/workflows/docker-publish.yml: new workflow that builds and
  pushes Docker images to Docker Hub on every push to main and on
  version tags (v*.*.*)
  - Builds robinwaslander/kanbu-api and robinwaslander/kanbu-web in
    parallel (fail-fast: false)
  - Tags: latest (main branch) + semver (v1.2.3 and v1.2)
  - GitHub Actions layer cache (type=gha) for fast incremental builds
  - Uses docker/build-push-action@v6 with BuildKit

- docker/Dockerfile.api: add packages/openclaw-bridge/package.json to
  deps stage (was missing, caused pnpm workspace resolution failure)
- docker/Dockerfile.web: same fix

Requires GitHub repository secrets:
  DOCKERHUB_USERNAME = robinwaslander
  DOCKERHUB_TOKEN = Docker Hub PAT with Read/Write/Delete

Author: Kees 🧀

.github/workflows/docker-publish.yml

@@ -0,0 +1,58 @@
+name: Docker Publish
+
+on:
+  push:
+    branches: [main]
+    tags: ['v*.*.*']
+
+jobs:
+  docker:
+    name: Build & Push (${{ matrix.service }})
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - service: api
+            dockerfile: docker/Dockerfile.api
+            image: robinwaslander/kanbu-api
+          - service: web
+            dockerfile: docker/Dockerfile.web
+            image: robinwaslander/kanbu-web
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata (tags & labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=${{ matrix.service }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.service }}

docker/Dockerfile.api

@@ -15,6 +15,7 @@ COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 COPY apps/api/package.json ./apps/api/
 COPY apps/web/package.json ./apps/web/
 COPY packages/shared/package.json ./packages/shared/
+COPY packages/openclaw-bridge/package.json ./packages/openclaw-bridge/
 COPY packages/cli/package.json ./packages/cli/
 COPY packages/git-hooks/package.json ./packages/git-hooks/
 COPY packages/mcp-server/package.json ./packages/mcp-server/

docker/Dockerfile.web

@@ -14,6 +14,7 @@ COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 COPY apps/web/package.json ./apps/web/
 COPY apps/api/package.json ./apps/api/
 COPY packages/shared/package.json ./packages/shared/
+COPY packages/openclaw-bridge/package.json ./packages/openclaw-bridge/
 COPY packages/cli/package.json ./packages/cli/
 COPY packages/git-hooks/package.json ./packages/git-hooks/
 COPY packages/mcp-server/package.json ./packages/mcp-server/