From 5dee88d8d5fa1b85ce4a84c12f2b1fc26bbb2948 Mon Sep 17 00:00:00 2001 From: David Parry Date: Mon, 23 Mar 2026 16:40:36 +1100 Subject: [PATCH] Adds multi-arch docker builds from `amd64` and `arm64` --- .github/workflows/build-disk-collector.yml | 81 ++++++++++++++++--- .github/workflows/build-primary-image.yml | 89 +++++++++++++++++---- .github/workflows/build-sidecar-updater.yml | 81 ++++++++++++++++--- 3 files changed, 208 insertions(+), 43 deletions(-) diff --git a/.github/workflows/build-disk-collector.yml b/.github/workflows/build-disk-collector.yml index 7649ba5..57f8a23 100644 --- a/.github/workflows/build-disk-collector.yml +++ b/.github/workflows/build-disk-collector.yml @@ -23,29 +23,84 @@ jobs: - name: check-auth id: check-auth run: echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT + build: - name: Build disk-collector image + name: Build disk-collector image (${{ matrix.platform }}) needs: check_authorization if: needs.check_authorization.outputs.isAuthorized == 'true' + runs-on: ${{ matrix.runner }} + permissions: + contents: read + packages: write + strategy: + fail-fast: false + matrix: + include: + - platform: linux/amd64 + runner: ubuntu-latest + - platform: linux/arm64 + runner: ubuntu-latest-arm64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + context: install/sidecar-disk-collector + platforms: ${{ matrix.platform }} + outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector,push-by-digest=true,name-canonical=true,push=true + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + name: Create and push multi-arch manifest + needs: build runs-on: ubuntu-latest permissions: contents: read packages: write steps: - - name: Checkout code - uses: actions/checkout@v4 + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v5 - with: - context: install/sidecar-disk-collector - push: true - tags: | - ghcr.io/crosstalk-solutions/project-nomad-disk-collector:${{ inputs.version }} - ghcr.io/crosstalk-solutions/project-nomad-disk-collector:v${{ inputs.version }} - ${{ inputs.tag_latest && 'ghcr.io/crosstalk-solutions/project-nomad-disk-collector:latest' || '' }} + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create \ + -t ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${{ inputs.version }} \ + -t ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:v${{ inputs.version }} \ + ${{ inputs.tag_latest && '-t ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:latest' || '' }} \ + $(printf 'ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector@sha256:%s ' *) + - name: Inspect image + run: | + docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${{ inputs.version }} diff --git a/.github/workflows/build-primary-image.yml b/.github/workflows/build-primary-image.yml index daf0e54..b2d54b3 100644 --- a/.github/workflows/build-primary-image.yml +++ b/.github/workflows/build-primary-image.yml @@ -22,33 +22,88 @@ jobs: steps: - name: check-auth id: check-auth - run: echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT + run: echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT + build: - name: Build Docker image + name: Build primary image (${{ matrix.platform }}) needs: check_authorization if: needs.check_authorization.outputs.isAuthorized == 'true' + runs-on: ${{ matrix.runner }} + permissions: + contents: read + packages: write + strategy: + fail-fast: false + matrix: + include: + - platform: linux/amd64 + runner: ubuntu-latest + - platform: linux/arm64 + runner: ubuntu-latest-arm64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.platform }} + outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/project-nomad,push-by-digest=true,name-canonical=true,push=true + build-args: | + VERSION=${{ inputs.version }} + BUILD_DATE=${{ github.event.workflow_run.created_at }} + VCS_REF=${{ github.sha }} + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + name: Create and push multi-arch manifest + needs: build runs-on: ubuntu-latest permissions: contents: read packages: write steps: - - name: Checkout code - uses: actions/checkout@v4 + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v5 - with: - push: true - tags: | - ghcr.io/crosstalk-solutions/project-nomad:${{ inputs.version }} - ghcr.io/crosstalk-solutions/project-nomad:v${{ inputs.version }} - ${{ inputs.tag_latest && 'ghcr.io/crosstalk-solutions/project-nomad:latest' || '' }} - build-args: | - VERSION=${{ inputs.version }} - BUILD_DATE=${{ github.event.workflow_run.created_at }} - VCS_REF=${{ github.sha }} + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create \ + -t ghcr.io/${{ github.repository_owner }}/project-nomad:${{ inputs.version }} \ + -t ghcr.io/${{ github.repository_owner }}/project-nomad:v${{ inputs.version }} \ + ${{ inputs.tag_latest && '-t ghcr.io/${{ github.repository_owner }}/project-nomad:latest' || '' }} \ + $(printf 'ghcr.io/${{ github.repository_owner }}/project-nomad@sha256:%s ' *) + - name: Inspect image + run: | + docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad:${{ inputs.version }} diff --git a/.github/workflows/build-sidecar-updater.yml b/.github/workflows/build-sidecar-updater.yml index 822bc28..1a09368 100644 --- a/.github/workflows/build-sidecar-updater.yml +++ b/.github/workflows/build-sidecar-updater.yml @@ -23,29 +23,84 @@ jobs: - name: check-auth id: check-auth run: echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT + build: - name: Build sidecar-updater image + name: Build sidecar-updater image (${{ matrix.platform }}) needs: check_authorization if: needs.check_authorization.outputs.isAuthorized == 'true' + runs-on: ${{ matrix.runner }} + permissions: + contents: read + packages: write + strategy: + fail-fast: false + matrix: + include: + - platform: linux/amd64 + runner: ubuntu-latest + - platform: linux/arm64 + runner: ubuntu-latest-arm64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + context: install/sidecar-updater + platforms: ${{ matrix.platform }} + outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater,push-by-digest=true,name-canonical=true,push=true + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + name: Create and push multi-arch manifest + needs: build runs-on: ubuntu-latest permissions: contents: read packages: write steps: - - name: Checkout code - uses: actions/checkout@v4 + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v5 - with: - context: install/sidecar-updater - push: true - tags: | - ghcr.io/crosstalk-solutions/project-nomad-sidecar-updater:${{ inputs.version }} - ghcr.io/crosstalk-solutions/project-nomad-sidecar-updater:v${{ inputs.version }} - ${{ inputs.tag_latest && 'ghcr.io/crosstalk-solutions/project-nomad-sidecar-updater:latest' || '' }} + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create \ + -t ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${{ inputs.version }} \ + -t ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:v${{ inputs.version }} \ + ${{ inputs.tag_latest && '-t ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:latest' || '' }} \ + $(printf 'ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater@sha256:%s ' *) + - name: Inspect image + run: | + docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${{ inputs.version }}