Merge pull request #275 from lsst-sqre/tickets/DM-52929

rra · web-flow · commit 3e5ed2798259 · 2025-12-01T12:10:51.000-08:00
DM-52929: Build multi-platform images
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -18,10 +18,11 @@ env:
       - "dependabot/**"
       - "gh-readonly-queue/**"
       - "renovate/**"
+      - "t/**"
       - "tickets/**"
       - "u/**"
-    tags:
-      - "*"
+  release:
+    types: [published]
 
 jobs:
   test:
@@ -45,42 +46,38 @@ jobs:
         run: uv run --only-group=tox tox run -e lint,typing,py,coverage-report
 
   build:
-    runs-on: ubuntu-latest
     needs: [test]
-    timeout-minutes: 15
+    uses: lsst-sqre/multiplatform-build-and-push/.github/workflows/build.yaml@v2
+    secrets: inherit
+    with:
+      images: ghcr.io/${{ github.repository }}
 
     # Only do Docker builds of tagged releases and pull requests from ticket
     # branches. This will still trigger on pull requests from untrusted
     # repositories whose branch names match our tickets/* branch convention,
     # but in this case the build will fail with an error since the secret
     # won't be set.
     if: >
-      github.event_name != 'merge_group'
-      && (startsWith(github.ref, 'refs/tags/')
-          || startsWith(github.head_ref, 'tickets/'))
-
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-
-      - uses: lsst-sqre/build-and-push-to-ghcr@v1
-        id: build
-        with:
-          image: ${{ github.repository }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Report result
-        run: |
-          echo Pushed ghcr.io/${{ github.repository }}:${{ steps.build.outputs.tag }}
+      (github.event_name == 'release' && github.event.action == 'published')
+      || (github.event_name != 'merge_group'
+          && (startsWith(github.head_ref, 'tickets/')
+              || startsWith(github.head_ref, 't/')))
 
-      - uses: lsst-sqre/build-and-push-to-ghcr@v1
-        id: build-worker
-        with:
-          dockerfile: Dockerfile.worker
-          image: ${{ github.repository }}-worker
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+  build-worker:
+    needs: [test]
+    uses: lsst-sqre/multiplatform-build-and-push/.github/workflows/build.yaml@v2
+    secrets: inherit
+    with:
+      dockerfile: Dockerfile.worker
+      images: ghcr.io/${{ github.repository }}-worker
 
-      - name: Report result
-        run: |
-          echo Pushed ghcr.io/${{ github.repository }}-worker:${{ steps.build-worker.outputs.tag }}
+    # Only do Docker builds of tagged releases and pull requests from ticket
+    # branches. This will still trigger on pull requests from untrusted
+    # repositories whose branch names match our tickets/* branch convention,
+    # but in this case the build will fail with an error since the secret
+    # won't be set.
+    if: >
+      (github.event_name == 'release' && github.event.action == 'published')
+      || (github.event_name != 'merge_group'
+          && (startsWith(github.head_ref, 'tickets/')
+              || startsWith(github.head_ref, 't/')))
diff --git a/changelog.d/20251201_100727_rra_DM_52929.md b/changelog.d/20251201_100727_rra_DM_52929.md
@@ -0,0 +1,3 @@
+### New features
+
+- Publish multi-platform images that support both linux/amd64 and linux/arm64.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+### New features`
	`2`	`+`
	`3`	`+- Publish multi-platform images that support both linux/amd64 and linux/arm64.`