Skip to content

feat: add multi-arch Docker build support with backward compatibility #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Tazer wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat: add multi-arch Docker build support with backward compatibility #60

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f39e52a
feat: add multi-arch Docker build support with backward compatibility
Tazer Jan 16, 2026
5e6d17e
chore: use feat/multi-arch-docker-builds branch for action references
Tazer Jan 16, 2026
86f7583
fix: move matrix condition from job-level to step-level
Tazer Jan 16, 2026
4a441fe
fix: add multi_arch input to docker-service-publish workflow
Tazer Jan 16, 2026
4d59211
fix: use dynamic matrix to avoid launching arm64 runner when multi_ar…
Tazer Jan 16, 2026
622ee50
fix: preserve original job names for required checks compatibility
Tazer Jan 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 24 additions & 13 deletions .github/actions/build-image/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,11 @@ inputs:
default: "tazerr"
dockerhub_pull_token:
description: "dockerhub pull token"
required: true
required: true
platform:
description: "Target platform (e.g., linux/amd64, linux/arm64)"
required: false
default: "linux/amd64"
runs:
using: composite
steps:
Expand Down Expand Up @@ -83,13 +87,20 @@ runs:
known_hosts: ${{ inputs.ssh_known_hosts }}
- name: Copy SSH Key
shell: bash
run: cp ~/.ssh/id_rsa .
run: cp ~/.ssh/id_rsa .
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."dhi.io"]
mirrors = ["dhi.io"]
mirrors = ["dhi.io"]
- name: Set platform suffix
id: platform
shell: bash
run: |
PLATFORM="${{ inputs.platform }}"
PLATFORM_SUFFIX="${PLATFORM//\//-}"
echo "suffix=$PLATFORM_SUFFIX" >> $GITHUB_OUTPUT
- name: Set tag
shell: bash
env:
Expand All @@ -109,17 +120,17 @@ runs:
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
key: ${{ runner.os }}-${{ steps.platform.outputs.suffix }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
${{ runner.os }}-${{ steps.platform.outputs.suffix }}-buildx-
- name: Build and push
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main'
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
platforms: ${{ inputs.platform }}
push: false
outputs: type=docker,dest=${{ runner.temp }}/image${{inputs.tag-prefix}}.tar
outputs: type=docker,dest=${{ runner.temp }}/image${{inputs.tag-prefix}}-${{ steps.platform.outputs.suffix }}.tar
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclick-${{ env.BUILD_NUMBER }}
file: ${{inputs.dockerfile}}
build-args: ${{ inputs.build-args }}
Expand All @@ -130,9 +141,9 @@ runs:
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
platforms: ${{ inputs.platform }}
push: false
outputs: type=docker,dest=${{ runner.temp }}/image${{inputs.tag-prefix}}.tar
outputs: type=docker,dest=${{ runner.temp }}/image${{inputs.tag-prefix}}-${{ steps.platform.outputs.suffix }}.tar
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickpr-${{ steps.findPr.outputs.pr }}-${{ env.BUILD_NUMBER }}
file: ${{inputs.dockerfile}}
build-args: ${{ inputs.build-args }}
Expand All @@ -152,9 +163,9 @@ runs:
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
platforms: ${{ inputs.platform }}
push: false
outputs: type=docker,dest=${{ runner.temp }}/image${{inputs.tag-prefix}}.tar
outputs: type=docker,dest=${{ runner.temp }}/image${{inputs.tag-prefix}}-${{ steps.platform.outputs.suffix }}.tar
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickrelease-${{ env.BUILD_NUMBER }}
file: ${{inputs.dockerfile}}
build-args: ${{ inputs.build-args }}
Expand All @@ -175,5 +186,5 @@ runs:
- name: Upload Docker Artifact
uses: actions/upload-artifact@v4
with:
name: docker-image-${{inputs.image}}${{inputs.tag-prefix}}
path: ${{ runner.temp }}/image${{inputs.tag-prefix}}.tar
name: docker-image-${{inputs.image}}${{inputs.tag-prefix}}-${{ steps.platform.outputs.suffix }}
path: ${{ runner.temp }}/image${{inputs.tag-prefix}}-${{ steps.platform.outputs.suffix }}.tar
65 changes: 54 additions & 11 deletions .github/actions/build-publish-docker/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,17 @@ inputs:
dockerhub_pull_token:
description: "dockerhub pull token"
required: true
platform:
description: "Target platform (e.g., linux/amd64, linux/arm64)"
required: false
default: "linux/amd64"
outputs:
image-tag:
description: "The pushed image tag (without registry)"
value: ${{ steps.set-output.outputs.image-tag }}
full-image:
description: "The full pushed image with registry"
value: ${{ steps.set-output.outputs.full-image }}
runs:
using: "composite"
steps:
Expand Down Expand Up @@ -96,7 +107,18 @@ runs:
with:
buildkitd-config-inline: |
[registry."dhi.io"]
mirrors = ["dhi.io"]
mirrors = ["dhi.io"]
- name: Set platform suffix
id: platform
shell: bash
run: |
PLATFORM="${{ inputs.platform }}"
# Convert linux/amd64 to linux-amd64
PLATFORM_SUFFIX="${PLATFORM//\//-}"
# Extract just the arch (amd64, arm64)
ARCH="${PLATFORM#*/}"
echo "suffix=$PLATFORM_SUFFIX" >> $GITHUB_OUTPUT
echo "arch=$ARCH" >> $GITHUB_OUTPUT
- name: Set tag
shell: bash
env:
Expand All @@ -116,17 +138,17 @@ runs:
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
key: ${{ runner.os }}-${{ steps.platform.outputs.arch }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
${{ runner.os }}-${{ steps.platform.outputs.arch }}-buildx-
- name: Build and push
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main'
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
platforms: ${{ inputs.platform }}
push: true
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclick-${{ env.BUILD_NUMBER }}
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclick-${{ env.BUILD_NUMBER }}-${{ steps.platform.outputs.arch }}
file: ${{inputs.dockerfile}}
build-args: ${{ inputs.build-args }}
cache-from: type=local,src=/tmp/.buildx-cache
Expand All @@ -136,9 +158,9 @@ runs:
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
platforms: ${{ inputs.platform }}
push: true
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}latest
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}latest-${{ steps.platform.outputs.arch }}
file: ${{inputs.dockerfile}}
build-args: ${{ inputs.build-args }}
cache-from: type=local,src=/tmp/.buildx-cache
Expand All @@ -148,9 +170,9 @@ runs:
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
platforms: ${{ inputs.platform }}
push: true
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickpr-${{ steps.findPr.outputs.pr }}-${{ env.BUILD_NUMBER }}
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickpr-${{ steps.findPr.outputs.pr }}-${{ env.BUILD_NUMBER }}-${{ steps.platform.outputs.arch }}
file: ${{inputs.dockerfile}}
build-args: ${{ inputs.build-args }}
cache-from: type=local,src=/tmp/.buildx-cache
Expand All @@ -169,9 +191,9 @@ runs:
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
platforms: ${{ inputs.platform }}
push: true
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickrelease-${{ env.BUILD_NUMBER }}
tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickrelease-${{ env.BUILD_NUMBER }}-${{ steps.platform.outputs.arch }}
file: ${{inputs.dockerfile}}
build-args: ${{ inputs.build-args }}
cache-from: type=local,src=/tmp/.buildx-cache
Expand All @@ -187,3 +209,24 @@ runs:
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Set outputs
id: set-output
shell: bash
run: |
# Determine the base tag (without arch suffix)
if [[ "${{ github.ref }}" == "refs/heads/master" || "${{ github.ref }}" == "refs/heads/main" ]]; then
BASE_TAG="${{ inputs.tag-prefix }}oneclick-${{ env.BUILD_NUMBER }}"
elif [[ "${{ github.ref }}" == *"release"* ]]; then
BASE_TAG="${{ inputs.tag-prefix }}oneclickrelease-${{ env.BUILD_NUMBER }}"
elif [[ -n "${{ steps.findPr.outputs.pr }}" ]]; then
BASE_TAG="${{ inputs.tag-prefix }}oneclickpr-${{ steps.findPr.outputs.pr }}-${{ env.BUILD_NUMBER }}"
else
BASE_TAG="${{ inputs.tag-prefix }}oneclick-${{ env.BUILD_NUMBER }}"
fi

ARCH_TAG="${BASE_TAG}-${{ steps.platform.outputs.arch }}"
FULL_IMAGE="${{ steps.login-ecr.outputs.registry }}/${{ inputs.image }}:${ARCH_TAG}"

echo "image-tag=${ARCH_TAG}" >> $GITHUB_OUTPUT
echo "full-image=${FULL_IMAGE}" >> $GITHUB_OUTPUT
echo "base-tag=${BASE_TAG}" >> $GITHUB_OUTPUT
160 changes: 160 additions & 0 deletions .github/actions/create-manifest/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
name: "Create Multi-Arch Manifest"
description: "Create and push a multi-arch manifest from platform-specific images"
inputs:
image:
description: "Image name (without registry)"
required: true
start-build-from:
description: "Build number offset"
required: false
default: "0"
ecr_aws_access_key_id:
description: "ECR AWS access key ID"
required: true
ecr_aws_secret_key:
description: "ECR AWS secret key"
required: true
dockerhub_username:
description: "Docker Hub username"
required: true
default: "tazerr"
dockerhub_pull_token:
description: "Docker Hub pull token"
required: true
latest_tag:
description: "Also create latest manifest"
required: false
default: "false"
tag-prefix:
description: "Tag prefix"
required: false
default: ""
github_token:
description: "GitHub token for PR detection"
required: false
default: ""

runs:
using: "composite"
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ inputs.ecr_aws_access_key_id }}
aws-secret-access-key: ${{ inputs.ecr_aws_secret_key }}
aws-region: eu-west-1

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Docker Hub login
shell: bash
run: echo "${{ inputs.dockerhub_pull_token }}" | docker login -u "${{ inputs.dockerhub_username }}" --password-stdin

- name: DHI registry login
shell: bash
run: echo "${{ inputs.dockerhub_pull_token }}" | docker login dhi.io -u "${{ inputs.dockerhub_username }}" --password-stdin

- name: Set build number
shell: bash
env:
RUN_NUMBER: ${{ github.run_number }}
START_FROM: ${{ inputs.start-build-from }}
run: |
BUILD_NUMBER=$(($RUN_NUMBER + $START_FROM))
echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV

- uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
state: open

- name: Create and push manifest
shell: bash
run: |
REGISTRY="${{ steps.login-ecr.outputs.registry }}"
IMAGE="${{ inputs.image }}"
PREFIX="${{ inputs.tag-prefix }}"

# Determine the base tag (same logic as build action)
if [[ "${{ github.ref }}" == "refs/heads/master" || "${{ github.ref }}" == "refs/heads/main" ]]; then
TAG="${PREFIX}oneclick-${{ env.BUILD_NUMBER }}"
elif [[ "${{ github.ref }}" == *"release"* ]]; then
TAG="${PREFIX}oneclickrelease-${{ env.BUILD_NUMBER }}"
elif [[ -n "${{ steps.findPr.outputs.pr }}" ]]; then
TAG="${PREFIX}oneclickpr-${{ steps.findPr.outputs.pr }}-${{ env.BUILD_NUMBER }}"
else
TAG="${PREFIX}oneclick-${{ env.BUILD_NUMBER }}"
fi

AMD64_IMAGE="${REGISTRY}/${IMAGE}:${TAG}-amd64"
ARM64_IMAGE="${REGISTRY}/${IMAGE}:${TAG}-arm64"
MANIFEST_IMAGE="${REGISTRY}/${IMAGE}:${TAG}"

echo "Creating manifest for ${MANIFEST_IMAGE}"
echo " - AMD64: ${AMD64_IMAGE}"

# Check if ARM64 image exists
ARM64_EXISTS=false
if docker manifest inspect "${ARM64_IMAGE}" > /dev/null 2>&1; then
ARM64_EXISTS=true
echo " - ARM64: ${ARM64_IMAGE}"
else
echo " - ARM64: not available (single-arch build)"
fi

# Create the manifest with available images
if [[ "$ARM64_EXISTS" == "true" ]]; then
docker manifest create "${MANIFEST_IMAGE}" \
"${AMD64_IMAGE}" \
"${ARM64_IMAGE}"
docker manifest annotate "${MANIFEST_IMAGE}" "${AMD64_IMAGE}" --os linux --arch amd64
docker manifest annotate "${MANIFEST_IMAGE}" "${ARM64_IMAGE}" --os linux --arch arm64
else
docker manifest create "${MANIFEST_IMAGE}" \
"${AMD64_IMAGE}"
docker manifest annotate "${MANIFEST_IMAGE}" "${AMD64_IMAGE}" --os linux --arch amd64
fi

# Push the manifest
docker manifest push "${MANIFEST_IMAGE}"

echo "Successfully pushed manifest: ${MANIFEST_IMAGE}"
docker manifest inspect "${MANIFEST_IMAGE}"

- name: Create and push latest manifest
if: inputs.latest_tag == 'true'
shell: bash
run: |
REGISTRY="${{ steps.login-ecr.outputs.registry }}"
IMAGE="${{ inputs.image }}"
PREFIX="${{ inputs.tag-prefix }}"

AMD64_IMAGE="${REGISTRY}/${IMAGE}:${PREFIX}latest-amd64"
ARM64_IMAGE="${REGISTRY}/${IMAGE}:${PREFIX}latest-arm64"
MANIFEST_IMAGE="${REGISTRY}/${IMAGE}:${PREFIX}latest"

echo "Creating latest manifest for ${MANIFEST_IMAGE}"

# Check if ARM64 image exists
ARM64_EXISTS=false
if docker manifest inspect "${ARM64_IMAGE}" > /dev/null 2>&1; then
ARM64_EXISTS=true
fi

if [[ "$ARM64_EXISTS" == "true" ]]; then
docker manifest create "${MANIFEST_IMAGE}" \
"${AMD64_IMAGE}" \
"${ARM64_IMAGE}"
docker manifest annotate "${MANIFEST_IMAGE}" "${AMD64_IMAGE}" --os linux --arch amd64
docker manifest annotate "${MANIFEST_IMAGE}" "${ARM64_IMAGE}" --os linux --arch arm64
else
docker manifest create "${MANIFEST_IMAGE}" \
"${AMD64_IMAGE}"
docker manifest annotate "${MANIFEST_IMAGE}" "${AMD64_IMAGE}" --os linux --arch amd64
fi

docker manifest push "${MANIFEST_IMAGE}"

echo "Successfully pushed latest manifest: ${MANIFEST_IMAGE}"
Loading