Merge pull request #1112 from GitGuardian/severine/produce-docker-arm-images

sevbch · web-flow · commit fe276926af82 · 2025-07-15T17:58:13.000+02:00
feat: push linux/arm64 docker images
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -164,41 +164,39 @@ jobs:
           GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
           GITGUARDIAN_API_URL: ${{ secrets.GITGUARDIAN_API_URL }}
 
-  dockerhub-unstable:
-    name: Push Docker image to Docker Hub
+  push_docker_images-unstable:
+    name: Push Docker image to Docker Hub and GitHub Packages
     runs-on: ubuntu-22.04
     if: github.ref == 'refs/heads/main' && github.event_name == 'push'
     needs:
       - lint
       - build
       - test_github_secret_scan_action
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Build and push
-        uses: docker/build-push-action@v1
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: gitguardian/ggshield
-          tags: unstable
 
-  github_packages-unstable:
-    name: Push Docker image to GitHub Packages
-    runs-on: ubuntu-22.04
-    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-    needs:
-      - lint
-      - build
-      - test_github_secret_scan_action
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v4
-      - name: Push to GitHub Packages
-        uses: docker/build-push-action@v1
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
-          username: ${{ github.actor }}
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-          registry: docker.pkg.github.com
-          repository: gitguardian/ggshield/ggshield
-          tags: unstable
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            gitguardian/ggshield:unstable
+            ghcr.io/gitguardian/ggshield/ggshield:unstable
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -92,38 +92,49 @@ jobs:
     with:
       version: ${{ needs.release.outputs.tag }}
 
-  push_to_docker_hub:
-    name: Push Docker image to Docker Hub
+  push_docker_images:
+    name: Push Docker image to Docker Hub and GitHub Packages
     runs-on: ubuntu-22.04
     if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Build and push
-        uses: docker/build-push-action@v1
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            gitguardian/ggshield
+            ghcr.io/gitguardian/ggshield/ggshield
+          tags: |
+            type=ref,event=tag
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: gitguardian/ggshield
-          tag_with_ref: true
-          tags: latest
 
-  push_to_github_packages:
-    name: Push Docker image to GitHub Packages
-    runs-on: ubuntu-22.04
-    if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v4
-      - name: Push to GitHub Packages
-        uses: docker/build-push-action@v1
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
-          username: ${{ github.actor }}
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-          registry: docker.pkg.github.com
-          repository: gitguardian/ggshield/ggshield
-          tag_with_ref: true
-          tags: latest
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+            gitguardian/ggshield:latest
+            ghcr.io/gitguardian/ggshield/ggshield:latest
 
   push_to_cloudsmith:
     needs: build_release_assets
diff --git a/changelog.d/20250709_184012_severine.bonnechere_produce_docker_arm_images.md b/changelog.d/20250709_184012_severine.bonnechere_produce_docker_arm_images.md
@@ -0,0 +1,42 @@
+<!--
+A new scriv changelog fragment.
+
+Uncomment the section that is right (remove the HTML comment wrapper).
+For top level release notes, leave all the headers commented out.
+-->
+
+<!--
+### Removed
+
+- A bullet item for the Removed category.
+
+-->
+
+### Added
+
+- ggshield docker image is now multi-platform for both linux/amd64 and linux/arm64 (#952).
+
+<!--
+### Changed
+
+- A bullet item for the Changed category.
+
+-->
+<!--
+### Deprecated
+
+- A bullet item for the Deprecated category.
+
+-->
+<!--
+### Fixed
+
+- A bullet item for the Fixed category.
+
+-->
+<!--
+### Security
+
+- A bullet item for the Security category.
+
+-->
