Skip to content

provide separate build args for amd64 and arm64 builds #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dminnear-rh wants to merge 1 commit into from
Closed

provide separate build args for amd64 and arm64 builds #63

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 43 additions & 8 deletions .github/workflows/docker-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,20 +66,55 @@ jobs:
with:
images: ${{ env.REGISTRY }}/${{ matrix.image.name }}

# Build and push Docker image with Buildx
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
# Build amd64 image (no push)
- name: Build amd64 Docker image
id: build-amd64
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: Containerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
platforms: linux/amd64
push: false
tags: ${{ steps.meta.outputs.tags }}-amd64
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
TARGETARCH=amd64
ALTTARGETARCH=x86_64
OPTTARGETARCH=
EXTRARPMS=

# Build arm64 image (no push)
- name: Build arm64 Docker image
id: build-arm64
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: Containerfile
platforms: linux/arm64
push: false
tags: ${{ steps.meta.outputs.tags }}-arm64
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
TARGETARCH=arm64
ALTTARGETARCH=aarch64
OPTTARGETARCH=arm64-
EXTRARPMS=gcc python3-devel glibc-devel libxcrypt-devel

# Push combined multi-arch manifest as single tag
- name: Push multi-arch manifest
id: manifest
run: |
docker buildx imagetools create \
--tag "${{ steps.meta.outputs.tags }}" \
"${{ steps.meta.outputs.tags }}-amd64" \
"${{ steps.meta.outputs.tags }}-arm64"
# Get the digest of the created manifest
DIGEST=$(docker buildx imagetools inspect "${{ steps.meta.outputs.tags }}" --format '{{.Manifest.Digest}}')
echo "digest=${DIGEST}" >> "$GITHUB_OUTPUT"

# Sign the resulting Docker image digest.
# This will only write to the public Rekor transparency log when the Docker
Expand All @@ -90,7 +125,7 @@ jobs:
env:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
DIGEST: ${{ steps.manifest.outputs.digest }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${TAGS}" | xargs -I "{}" cosign sign --yes "{}@${DIGEST}"