11name : Docker
2-
3- # This workflow uses actions that are not certified by GitHub.
4- # They are provided by a third-party and are governed by
5- # separate terms of service, privacy policy, and support
6- # documentation.
7-
82on :
93 push :
10- branches :
4+ branches :
115 - main
126 - development
137 - ' feature/**'
148 - ' AN-*'
15- # Publish semver tags as releases.
169 tags : [ 'v*.*.*' ]
1710 pull_request :
1811 branches : [ "main", "development", "feature/v2-network" ]
1912
2013env :
21- # Use docker.io for Docker Hub if empty
2214 REGISTRY : ghcr.io
23- # github.repository as <account>/<repo>
2415 IMAGE_NAME : ${{ github.repository }}
2516
26-
2717jobs :
2818 build :
29- runs-on : ubuntu-latest
19+ # Select native arch runners per matrix entry
3020 strategy :
3121 fail-fast : false
3222 matrix :
33- platform : [linux/amd64, linux/arm64]
23+ include :
24+ - arch : amd64
25+ runs_on : ubuntu-22.04
26+ platform : linux/amd64
27+ - arch : arm64
28+ runs_on : ubuntu-22.04-arm
29+ platform : linux/arm64
30+ runs-on : ${{ matrix.runs_on }}
31+
3432 permissions :
3533 contents : read
3634 packages : write
37- # This is used to complete the identity challenge
38- # with sigstore/fulcio when running outside of PRs.
3935 id-token : write
4036
4137 steps :
@@ -45,17 +41,10 @@ jobs:
4541 - name : Normalize image name to lowercase
4642 run : echo "IMAGE_NAME_LOWER=${IMAGE_NAME,,}" >> $GITHUB_ENV
4743
48- # Set up BuildKit Docker container builder to be able to build
49- # multi-platform images and export cache
50- # https://github.com/docker/setup-buildx-action
44+ # Buildx is still used, but no emulation needed since runners are native
5145 - name : Set up Docker Buildx
5246 uses : docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
5347
54- - name : Set up QEMU
55- uses : docker/setup-qemu-action@v3
56-
57- # Login against a Docker registry except on PR
58- # https://github.com/docker/login-action
5948 - name : Log into registry ${{ env.REGISTRY }}
6049 if : github.event_name != 'pull_request'
6150 uses : docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
@@ -64,16 +53,12 @@ jobs:
6453 username : ${{ github.actor }}
6554 password : ${{ secrets.GITHUB_TOKEN }}
6655
67- # Extract metadata (tags, labels) for Docker
68- # https://github.com/docker/metadata-action
6956 - name : Extract Docker metadata
7057 id : meta
7158 uses : docker/metadata-action@v5
7259 with :
7360 images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }}
7461
75- # Build and push per-arch image by digest (don't push on PR)
76- # https://github.com/docker/build-push-action
7762 - name : Build and push by digest (${{ matrix.platform }})
7863 id : build
7964 uses : docker/build-push-action@v6
10590 merge :
10691 if : ${{ github.event_name != 'pull_request' }}
10792 needs : build
108- runs-on : anduro-runner
93+ runs-on : ubuntu-22.04
10994 permissions :
11095 contents : read
11196 packages : write
@@ -128,7 +113,6 @@ jobs:
128113 path : /tmp/digests
129114 merge-multiple : true
130115
131- # Extract metadata (tags, labels) for Docker
132116 - name : Extract Docker metadata
133117 id : meta
134118 uses : docker/metadata-action@v5
@@ -146,11 +130,10 @@ jobs:
146130 docker buildx imagetools create -t "$tag" $args
147131 done
148132
149- # Install the cosign tool
150133name : Install cosign
151134 uses : sigstore/cosign-installer@v3.5.0
152135
153136 - name : Sign the published Docker images
154137 env :
155138 TAGS : ${{ steps.meta.outputs.tags }}
156- run : echo "${TAGS}" | xargs -I {} cosign sign --yes {}
139+ run : echo "${TAGS}" | xargs -I {} cosign sign --yes {}
0 commit comments