Skip to content

Commit d7f06de

Browse files
authored
Update docker-publish.yml towards multiplatform?
1 parent 5afa5e9 commit d7f06de

1 file changed

Lines changed: 72 additions & 9 deletions

File tree

.github/workflows/docker-publish.yml

Lines changed: 72 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -24,18 +24,23 @@ env:
2424

2525
jobs:
2626
build:
27-
27+
name: Build on ${{ matrix.platform.name }}
2828
runs-on: ubuntu-latest
29-
permissions:
30-
contents: read
31-
packages: write
32-
# This is used to complete the identity challenge
33-
# with sigstore/fulcio when running outside of PRs.
34-
id-token: write
35-
29+
strategy:
30+
fail-fast: false
31+
matrix:
32+
platform:
33+
- linux/amd64
34+
- linux/arm64
3635
steps:
36+
3737
- name: Checkout repository
3838
uses: actions/checkout@v4
39+
- name: Prepare
40+
# Sanitize platform name
41+
run: |
42+
platform=${{ matrix.platform.name }}
43+
echo "PLATFORM=${platform//\//-}" >> $GITHUB_ENV
3944
4045
# Install the cosign tool except on PR
4146
# https://github.com/sigstore/cosign-installer
@@ -73,14 +78,72 @@ jobs:
7378
# https://github.com/docker/build-push-action
7479
- name: Build and push Docker image
7580
id: build-and-push
76-
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
81+
uses: docker/build-push-action@v6
7782
with:
7883
context: .
84+
platforms: ${{ matrix.platform }}
7985
push: ${{ github.event_name != 'pull_request' }}
8086
tags: ${{ steps.meta.outputs.tags }}
8187
labels: ${{ steps.meta.outputs.labels }}
8288
cache-from: type=gha
8389
cache-to: type=gha,mode=max
90+
- name: Export digest
91+
run: |
92+
mkdir -p ${{ runner.temp }}/digests
93+
digest="${{ steps.build.outputs.digest }}"
94+
touch "${{ runner.temp }}/digests/${digest#sha256:}"
95+
96+
- name: Upload digest
97+
uses: actions/upload-artifact@v4
98+
with:
99+
name: digests-${{ env.PLATFORM_PAIR }}
100+
path: ${{ runner.temp }}/digests/*
101+
if-no-files-found: error
102+
retention-days: 1
103+
104+
merge:
105+
runs-on: ubuntu-latest
106+
needs:
107+
- build
108+
steps:
109+
- name: Download digests
110+
uses: actions/download-artifact@v4
111+
with:
112+
path: ${{ runner.temp }}/digests
113+
pattern: digests-*
114+
merge-multiple: true
115+
116+
- name: Log into registry ${{ env.REGISTRY }}
117+
if: github.event_name != 'pull_request'
118+
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
119+
with:
120+
registry: ${{ env.REGISTRY }}
121+
username: ${{ github.actor }}
122+
password: ${{ secrets.GITHUB_TOKEN }}
123+
124+
- name: Set up Docker Buildx
125+
uses: docker/setup-buildx-action@v3
126+
127+
- name: Docker meta
128+
id: meta
129+
uses: docker/metadata-action@v5
130+
with:
131+
images: ${{ env.REGISTRY_IMAGE }}
132+
tags: |
133+
type=ref,event=branch
134+
type=ref,event=pr
135+
type=semver,pattern={{version}}
136+
type=semver,pattern={{major}}.{{minor}}
137+
138+
- name: Create manifest list and push
139+
working-directory: ${{ runner.temp }}/digests
140+
run: |
141+
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
142+
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
143+
144+
- name: Inspect image
145+
run: |
146+
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
84147
85148
# Sign the resulting Docker image digest except on PRs.
86149
# This will only write to the public Rekor transparency log when the Docker

0 commit comments

Comments
 (0)