feat/ci: native arm64 build

.github/workflows/release.yml

@@ -27,7 +27,7 @@ jobs:
       - uses: vanilla-os/vib-gh-action@v1.0.7
         with:
             recipe: 'recipe.yml'
-            plugins: 'Vanilla-OS/vib-fsguard:v1.5.3'
+            plugins: 'Vanilla-OS/vib-fsguard:v1.6.1'
 
       - uses: actions/upload-artifact@v6
         with:

.github/workflows/vib-build.yml

@@ -90,7 +90,15 @@ jobs:
           fi
 
   build:
-    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - runner: ubuntu-latest
+            arch: amd64
+          - runner: ubuntu-24.04-arm
+            arch: arm64
+    runs-on: ${{ matrix.runner }}
     needs: check_update
     if: ${{ needs.check_update.outputs.has_updates == 'true' }}
 
@@ -105,12 +113,13 @@ jobs:
     - uses: vanilla-os/vib-gh-action@v1.0.7
       with:
         recipe: 'recipe.yml'
-        plugins: 'Vanilla-OS/vib-fsguard:v1.5.3'
+        plugins: 'Vanilla-OS/vib-fsguard:v1.6.1'
 
     - uses: actions/upload-artifact@v6
       with:
         name: Containerfile
         path: Containerfile
+        overwrite: true
 
     - name: Generate image name
       run: |
@@ -124,17 +133,10 @@ jobs:
         echo -n "${{ env.REPO_OWNER_LOWERCASE }}/${{ env.CUSTOM_IMAGE_NAME }}" > ./includes.container/image-info/image-name
 
     - name: Docker meta
-      id: docker_meta
+      id: meta
       uses: docker/metadata-action@v5
       with:
-        images: |
-          ${{ env. IMAGE_URL }}
-        tags: |
-          type=semver,pattern={{version}}
-          type=semver,pattern={{major}}.{{minor}}
-          type=semver,pattern={{raw}}
-          type=semver,pattern=v{{major}}
-          type=ref,event=branch
+        images: ${{ env.IMAGE_URL }}
 
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
@@ -147,25 +149,90 @@ jobs:
         username: ${{ github.repository_owner }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: Build and Push the Docker image
-      id: push
+    - name: Build and push by digest
+      id: build
       uses: docker/build-push-action@v6
       with:
         context: .
         file: Containerfile
-        push: ${{ github.event_name != 'pull_request' }}
-        tags: ${{ steps.docker_meta.outputs.tags }}
-        labels: ${{ steps.docker_meta.outputs.labels }}
+        tags: ${{ env.IMAGE_URL }}
+        labels: ${{ steps.meta.outputs.labels }}
         cache-from: type=gha
         cache-to: type=gha,mode=max
-        platforms: linux/amd64
+        platforms: linux/${{ matrix.arch }}
         provenance: false
+        outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
 
     - name: Attest pushed image
       uses: actions/attest-build-provenance@v3
       id: attest
       if: ${{ github.event_name != 'pull_request' }}
       with:
         subject-name: ${{ env.IMAGE_URL }}
-        subject-digest: ${{ steps.push.outputs.digest }}
+        subject-digest: ${{ steps.build.outputs.digest }}
         push-to-registry: false
+
+    - name: Export digest
+      if: ${{ github.event_name != 'pull_request' }}
+      run: |
+        mkdir -p ${{ runner.temp }}/digests
+        digest="${{ steps.build.outputs.digest }}"
+        touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+    - name: Upload digest
+      uses: actions/upload-artifact@v6
+      if: ${{ github.event_name != 'pull_request' }}
+      with:
+        name: digests-${{ matrix.arch }}
+        path: ${{ runner.temp }}/digests/*
+        if-no-files-found: error
+        retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name != 'pull_request' }}
+    needs: build
+    permissions:
+      packages: write # Allow pushing images to GHCR
+
+    steps:
+    - name: Generate image name
+      run: |
+        REPO_OWNER_LOWERCASE="$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')"
+        echo "REPO_OWNER_LOWERCASE=$REPO_OWNER_LOWERCASE">> "$GITHUB_ENV"
+        echo "IMAGE_URL=ghcr.io/$REPO_OWNER_LOWERCASE/${{ env.CUSTOM_IMAGE_NAME }}">> "$GITHUB_ENV"
+
+    - name: Download digests
+      uses: actions/download-artifact@v7
+      with:
+        path: ${{ runner.temp }}/digests
+        pattern: digests-*
+        merge-multiple: true
+
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.IMAGE_URL }}
+        tags: |
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{raw}}
+          type=semver,pattern=v{{major}}
+          type=ref,event=branch
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to GitHub Package Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Create manifest list and push
+      working-directory: ${{ runner.temp }}/digests
+      run: |
+        docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+          $(printf '${{ env.IMAGE_URL }}@sha256:%s ' *)