rework ci-cd

Msprg · Msprg · commit 43688d022d5e · 2025-12-08T14:17:29.000Z
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -25,56 +25,28 @@ on:
     types: [ published ]
 
 jobs:
-  build:
-    if: github.event_name != 'release'
-    runs-on: ubuntu-latest
-    steps:
-    - &checkout-step
-      name: Check out repository
-      uses: actions/checkout@v4
-
-    - &setup-qemu-step
-      name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-
-    - &login-step
-      name: Login to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-    
-    - &setup-buildx-step
-      name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-    
-    - name: Build and push
-      uses: docker/build-push-action@v6
-      with:
-        context: .
-        push: true
-        platforms: linux/amd64
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-        tags: |
-          ${{ env.IMAGE_NAME }}:latest-${{ github.ref_name }}
-
   build-matrix:
-    if: github.event_name == 'release'
+    if: github.event_name != 'pull_request'
+    outputs:
+      safe_ref: ${{ steps.ref.outputs.safe_ref }}
     runs-on: ${{ matrix.runner }}
     strategy:
       matrix:
         include:
           - arch: amd64
             platform: linux/amd64
-            runner: ubuntu-latest
+            runner: ubuntu-22.04
           - arch: arm64
             platform: linux/arm64
-            runner: ubuntu-latest-arm64
+            runner: ubuntu-22.04-arm64
     steps:
     - name: Check out repository
       uses: actions/checkout@v4
 
+    - name: Prepare ref name
+      id: ref
+      run: echo "safe_ref=${GITHUB_REF_NAME//\//-}" >> "$GITHUB_OUTPUT"
+
     - name: Login to Docker Hub
       uses: docker/login-action@v3
       with:
@@ -84,7 +56,8 @@ jobs:
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
 
-    - name: Build and push architecture-specific image
+    - name: Build and push branch images
+      if: github.event_name == 'push'
       uses: docker/build-push-action@v6
       with:
         context: .
@@ -93,10 +66,40 @@ jobs:
         cache-from: type=gha
         cache-to: type=gha,mode=max
         tags: |
-          ${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}-${{ matrix.arch }}
+          ${{ env.IMAGE_NAME }}:latest-${{ steps.ref.outputs.safe_ref }}-${{ matrix.arch }}
+
+    - name: Build and push release images
+      if: github.event_name == 'release'
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        push: true
+        platforms: ${{ matrix.platform }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        tags: |
+          ${{ env.IMAGE_NAME }}:${{ steps.ref.outputs.safe_ref }}-${{ matrix.arch }}
           ${{ env.IMAGE_NAME }}:latest-${{ matrix.arch }}
 
-  create-manifest:
+  create-branch-manifest:
+    if: github.event_name == 'push'
+    needs: build-matrix
+    runs-on: ubuntu-latest
+    steps:
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Create and push multi-arch manifest for branch tip
+      run: |
+        docker manifest create ${{ env.IMAGE_NAME }}:latest-${{ needs.build-matrix.outputs.safe_ref }} \
+          --amend ${{ env.IMAGE_NAME }}:latest-${{ needs.build-matrix.outputs.safe_ref }}-amd64 \
+          --amend ${{ env.IMAGE_NAME }}:latest-${{ needs.build-matrix.outputs.safe_ref }}-arm64
+        docker manifest push ${{ env.IMAGE_NAME }}:latest-${{ needs.build-matrix.outputs.safe_ref }}
+
+  create-release-manifest:
     if: github.event_name == 'release'
     needs: build-matrix
     runs-on: ubuntu-latest
