Build Docker images locally when Dockerfiles change

[MatkovIvan]

Fixes SKIKO-1103 Properly handle Dockerfile changes in CI

1. Handle Dockerfile Changes in CI

When a PR modifies both the Dockerfile and C++ source, CI must build the library against the new container logic before merging to catch compatibility issues.
Workflows now detect Dockerfile changes and automatically build images locally before running tests. When no Dockerfile changes are detected, published images from ghcr.io are used.

2. Avoid GLIBC Mismatches: Run GitHub Actions Outside Containers

Running GitHub Actions native steps (like actions/checkout) inside custom containers causes GLIBC version mismatches since GitHub's Node.js-based actions require newer GLIBC than Amazon Linux 2 provides.
This change introduced new composite action docker-skiko-run that runs GitHub actions outside the container on ubuntu-24.04 runner, and only executes build/test commands inside the Docker container via docker run.

3. Environment Alignment: Use linux-compat for GitHub Actions Builds

GitHub Actions used Ubuntu 20.04 images with GLIBC 2.31, while TeamCity publishing used Amazon Linux 2 with GLIBC 2.26. This mismatch could mask GLIBC compatibility issues during PR validation.
Most GitHub Actions workflows now use linux-compat (Amazon Linux 2).

• Web builds are out of the scope here because emsdk requires newer GLIBC.
• Cross-compilation is out of the scope because there is no simply way to get arm shared libraries to x64 image on AL2

Note: TeamCity publishing should be updated to use linux-compat too

4. Introduce Orchestrator Workflows

New orchestrator workflows compose existing test/build/docs workflows:

• pull-request.yml - Runs on every PR: detects Docker changes, builds images if needed (dry-run), runs tests + publish dry run + docs validation
• post-merge.yml - Runs on push to master/release: detects Docker changes, publishes images if changed, runs tests + publish dry run + docs publication

So, we should have fewer "Run CI" temporary PRs now

5. Documentation as Pre-Merge Check

Documentation builds now run inside the same linux-compat Docker environment used for library builds, and are validated as part of PR checks (previously only ran post-merge).

6. Docker Tags Use Branch Names

Published Docker images are tagged with the branch name (e.g., master, release/0.9.46), so the release branches might publish its own version of the image. This way changes in master shouldn't prevent making a patch for a previous version if it's required

[Copilot]

Pull request overview

This PR refactors CI to ensure Dockerfile changes are validated by building images locally before running tests, avoids GLIBC mismatches by moving GitHub Actions steps outside containers, and introduces orchestrator workflows to compose CI stages for PRs and post-merge runs.

Changes:

• Added orchestrator workflows (pull-request.yml, post-merge.yml) and converted existing workflows to workflow_call.
• Introduced composite actions to build/pull images as needed and run commands inside Docker (docker-skiko-run, docker-skiko-publish).
• Consolidated Linux build environments around linux-compat (Amazon Linux 2) and expanded the linux-compat Dockerfile (libs, Xvfb, Android SDK/NDK).

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
skiko/docker/linux-compat/Dockerfile	Expands linux-compat image (Xvfb, native deps, Android SDK/NDK) for CI parity and UI testing.
skiko/docker/linux-arm64/Dockerfile	Removed in favor of multi-arch linux-compat.
skiko/docker/linux-android-amd64/Dockerfile	Removed in favor of linux-compat including Android SDK/NDK.
skiko/docker/linux-amd64/Dockerfile	Refactors sysroot header copying via env+loop.
skiko/buildSrc/src/main/kotlin/tasks/configuration/NativeTasksConfiguration.kt	Adds /usr/lib64 to Linux linker search paths.
.github/workflows/tests.yml	Converts to reusable workflow; runs Linux jobs via docker-skiko-run on ubuntu runners.
.github/workflows/pull-request.yml	New PR orchestrator composing docker publish dry-run, tests, publish dry-run, and docs.
.github/workflows/publish-dry-run.yml	Converts to reusable workflow; runs build steps via docker-skiko-run.
.github/workflows/post-merge.yml	New post-merge orchestrator (push to master/release/*) composing publish + validations.
.github/workflows/docs.yml	Converts to reusable workflow; builds docs inside linux-compat via docker-skiko-run.
.github/workflows/docker-publish.yml	Converts to reusable workflow; detects Docker changes and conditionally builds/publishes images tagged by branch.
.github/actions/setup-prerequisites/action.yml	Adds Linux runner disk cleanup before Gradle setup.
.github/actions/docker-skiko-run/action.yml	New composite action to detect Docker changes, build/pull images, and run commands in containers.
.github/actions/docker-skiko-publish/action.yml	New composite action to build and optionally publish images to GHCR (with tag normalization).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.