44 push :
55 branches :
66 - main
7+ - multi-arch # WIP
78
89env :
910 REGISTRY : ghcr.io
1011 IMAGE_NAME : ${{ github.repository }}
12+ REGISTRY_IMAGE : ghcr.io/${{ github.repository }}
1113
1214jobs :
13- build-and-push-image :
14- runs-on : ubuntu-latest
15+ build :
16+ strategy :
17+ fail-fast : false
18+ matrix :
19+ platform :
20+ - linux/amd64
21+ - linux/arm64
22+ include :
23+ - platform : linux/amd64
24+ os : ubuntu-latest
25+ platform_pair : linux-amd64
26+ - platform : linux/arm64
27+ os : ubuntu-24.04-arm
28+ platform_pair : linux-arm64
29+
30+ runs-on : ${{ matrix.os }}
31+
1532 permissions :
1633 contents : read
1734 packages : write
@@ -27,35 +44,95 @@ jobs:
2744 uses : actions/cache@v4
2845 with :
2946 path : /tmp/.buildx-cache
30- key : ${{ runner.os }}-buildx-${{ github.sha }}
47+ key : ${{ matrix.platform_pair }}-buildx-${{ github.sha }}
3148 restore-keys : |
32- ${{ runner.os }}-buildx-
49+ ${{ matrix.platform_pair }}-buildx-
3350
3451name : Log in to the Container registry
35- uses : docker/login-action@v1
52+ uses : docker/login-action@v3
3653 with :
3754 registry : ${{ env.REGISTRY }}
3855 username : ${{ github.actor }}
3956 password : ${{ secrets.GITHUB_TOKEN }}
4057
4158 - name : Extract metadata (tags, labels) for Docker
4259 id : meta
43- uses : docker/metadata-action@v3
60+ uses : docker/metadata-action@v5
4461 with :
45- images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
62+ images : ${{ env.REGISTRY_IMAGE }}
4663 tags : |
4764 type=ref,event=branch
4865 type=ref,event=tag
4966 type=ref,event=pr
5067 type=sha,prefix=snapshot-
51- flavor : latest=${{ github.ref == 'refs/heads/main' }}
68+ # flavor: latest=${{ github.ref == 'refs/heads/main' }}
5269
53- - name : Build
70+ - name : Build and push by digest
71+ id : build
5472 uses : docker/build-push-action@v6
5573 with :
5674 context : .
57- push : true
75+ platforms : ${{ matrix.platform }}
5876 tags : ${{ steps.meta.outputs.tags }}
5977 labels : ${{ steps.meta.outputs.labels }}
6078 cache-from : type=local,src=/tmp/.buildx-cache
6179 cache-to : type=local,dest=/tmp/.buildx-cache
80+ outputs : type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
81+
82+ - name : Export digest
83+ run : |
84+ mkdir -p ${{ runner.temp }}/digests
85+ digest="${{ steps.build.outputs.digest }}"
86+ touch "${{ runner.temp }}/digests/${digest#sha256:}"
87+
88+ name : Upload digest
89+ uses : actions/upload-artifact@v4
90+ with :
91+ name : digests-${{ matrix.platform_pair }}
92+ path : ${{ runner.temp }}/digests/*
93+ if-no-files-found : error
94+ retention-days : 1
95+
96+ merge :
97+ runs-on : ubuntu-latest
98+ needs :
99+ - build
100+ steps :
101+ - name : Download digests
102+ uses : actions/download-artifact@v4
103+ with :
104+ path : ${{ runner.temp }}/digests
105+ pattern : digests-*
106+ merge-multiple : true
107+
108+ - name : Log in to the Container registry
109+ uses : docker/login-action@v3
110+ with :
111+ registry : ${{ env.REGISTRY }}
112+ username : ${{ github.actor }}
113+ password : ${{ secrets.GITHUB_TOKEN }}
114+
115+ - name : Set up Docker Buildx
116+ uses : docker/setup-buildx-action@v3
117+
118+ - name : Extract metadata (tags, labels) for Docker
119+ id : meta
120+ uses : docker/metadata-action@v5
121+ with :
122+ images : ${{ env.REGISTRY_IMAGE }}
123+ tags : |
124+ type=ref,event=branch
125+ type=ref,event=tag
126+ type=ref,event=pr
127+ type=sha,prefix=snapshot-
128+ flavor : latest=${{ github.ref == 'refs/heads/main' }}
129+
130+ - name : Create manifest list and push
131+ working-directory : ${{ runner.temp }}/digests
132+ run : |
133+ docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
134+ $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
135+
136+ name : Inspect image
137+ run : |
138+ docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
0 commit comments