Add a step for syncing README.md to Docker Hub in container-image.yml

.github/workflows/container-image.yml

@@ -3,7 +3,10 @@
 # builds, and builds the container images using the Containerfile. For all non-pull request events that
 # trigger this workflow, it logs into GHCR and Docker Hub using credentials from the workflow call inputs,
 # tags and pushes the images to both registries, and generates and pushes signed build provenance attestations
-# to each registry. For pull request events, it just builds the images but does not push them to the registries.
+# to each registry. Additionally, when a building and publishing the latest tag, it syncs the README file
+# determined by the container_readme_filepath input (or the first For-Container.md file found in the ./doc/
+# directory if not provided) with Docker Hub if it has been modified since the previous version of the latest
+# tag. For pull request events, it just builds the images but does not push them to the registries.
 
 name: Container Image
 
@@ -18,6 +21,10 @@ on:
         required: true
         type: string
         description: 'URL to the Icinga documentation for this project.'
+      container_readme_filepath:
+        required: false
+        type: string
+        description: 'Path to the README file to sync with Docker Hub. Defaults to the first For-Container.md file found in the ./doc/ directory.'
     # We do not need to require the secrets.GITHUB_TOKEN here because it is automatically
     # inherited from the workflow call [^1].
     #
@@ -46,6 +53,10 @@ env:
   # If true, the container image will be tagged with the major version (e.g., '1') when pushed to the registries.
   LATEST_MAJOR: false
 
+  # The path to the README file to sync with Docker Hub. If not provided, it defaults to
+  # the first For-Container.md file found in the ./doc/ directory.
+  README_FILEPATH: ${{ inputs.container_readme_filepath }}
+
 jobs:
   build-and-publish:
     name: Build and Publish
@@ -177,3 +188,43 @@ jobs:
           subject-name: index.docker.io/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build-and-push.outputs.digest }}
           push-to-registry: false
+
+      - name: Prepare For-Container.md file
+        if: ${{ env.LATEST == 'true' }}
+        run: |
+          if [ -z "${{ env.README_FILEPATH }}" ]; then
+            file_path=$(find ./doc/ -type f -name 'For-Container.md' | head -n 1)
+            if [ -z "$file_path" ]; then
+              echo "No For-Container.md file found in the ./doc/ directory."
+              exit 1
+            fi
+            echo "No custom container README file path provided. Using default path: $file_path"
+            echo "README_FILEPATH=$file_path" >> "$GITHUB_ENV"
+          else
+            # Check if the provided file exists.
+            if [ -f "${{ env.README_FILEPATH }}" ]; then
+              echo "Using provided container README file path: ${{ env.README_FILEPATH }}"
+            else
+              echo "Provided container README file path does not exist: ${{ env.README_FILEPATH }}"
+              exit 1
+            fi
+          fi
+
+          # Check if the README file has been modified since the github.event.before reference point
+          # and write the result to the README_MODIFIED ENV variable.
+          if ! git diff --quiet --exit-code ${{ github.event.before }} "${{ env.README_FILEPATH }}"; then
+            echo "README file has been modified since the last commit."
+            echo "README_MODIFIED=true" >> "$GITHUB_ENV"
+          else
+            echo "README file has not been modified since the last commit."
+            echo "README_MODIFIED=false" >> "$GITHUB_ENV"
+          fi
+
+      - name: Sync For-Container.md
+        uses: ms-jpq/sync-dockerhub-readme@e2991ea1ba48832e73555cdbd5b82f5a2e91ee9b # v1
+        if: ${{ env.README_MODIFIED == 'true' }}
+        with:
+          username: ${{ secrets.dockerhub_username }}
+          password: ${{ secrets.dockerhub_token }}
+          repository: ${{ env.IMAGE_NAME }}
+          readme: ${{ env.README_FILEPATH }}