chore: cleanup old dockerfile not used

Author: lockwobr

.github/workflows/agent-ci.yaml

@@ -81,13 +81,13 @@ jobs:
                 export AGENT_VERSION=$(git tag --list 'agent*' --sort=-v:refname | head -n 1 | cut -d/ -f2)+${GIT_SHA}
                 # Convert + to - for docker tag compliance
                 export AGENT_IMAGE_TAG=$(echo "${AGENT_VERSION}" | tr + -)
-                TAGS="-t ${REGISTRY@L}/${{ github.repository }}/agent:${GIT_SHA} -t ${REGISTRY@L}/${{ github.repository }}/agent:${AGENT_IMAGE_TAG}"
+                TAGS="${GIT_SHA} ${AGENT_IMAGE_TAG}"
                 ;;
             tag)
                 # The version part of the tag
                 export AGENT_VERSION=$(echo "${{ github.ref_name }}" | cut -f 2 -d /)
                 export AGENT_IMAGE_TAG="${AGENT_VERSION}"
-                TAGS="-t ${REGISTRY@L}/${{ github.repository }}/agent:${GIT_SHA} -t ${REGISTRY@L}/${{ github.repository }}/agent:${AGENT_VERSION} -t ${REGISTRY@L}/${{ github.repository }}/agent:latest"
+                TAGS="${GIT_SHA} ${AGENT_VERSION} latest"
                 ;;
             *)
                 echo "Unknown type ${{ github.ref_type }}"
@@ -130,70 +130,132 @@ jobs:
         if: always()
         run: |
           cat test-summary.md >> $GITHUB_STEP_SUMMARY
-  build-and-push-agent:
-    runs-on: ubuntu-latest
+  # Build container images on native architecture runners (much faster than QEMU)
+  build-agent:
+    runs-on: ${{ matrix.runner }}
     needs: [test, compute-metadata, fetch-distroless-versions] # Don't run the build and push if the unit tests fail
-    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    strategy:
+      matrix:
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
     permissions:
       contents: read
       packages: write
       attestations: write
       id-token: write
-      # 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
       - name: Fetch all tags
         run: git fetch --tags --force
-      # Uses the `docker/login-action` action to log in to the Container registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
       - name: Log in to the Container registry
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      
-      # Setup for multi-platform
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Build the agent container image
+      # Build and tag container image for single platform on native hardware
+      - name: Build the agent container image (${{ matrix.platform }})
         id: build
         env:
           GIT_SHA: ${{ needs.compute-metadata.outputs.git-sha }}
           AGENT_VERSION: ${{ needs.compute-metadata.outputs.agent-version }}
-          TAGS: ${{ needs.compute-metadata.outputs.tags }}
         run: |
-          apt-get update && apt-get install -y make git jq
           cd agent
-          echo "📦 Building agent version: ${AGENT_VERSION}"
-          echo "🏷️  Tags: ${TAGS}"
-          export REGISTRY=${REGISTRY@L}
-          export BUILD_ARGS="--push"
-          make docker-build-only \
-            agent_version=${AGENT_VERSION} \
-            DISTROLESS_VERSION=${{ needs.fetch-distroless-versions.outputs.distroless-version }} \
-            PYTHON_VERSION=${{ env.PYTHON_VERSION }} \
-            DEBIAN_VERSION=${{ env.DEBIAN_VERSION }}
-          cat metadata.json
+          PLATFORM_TAG=$(echo "${{ matrix.platform }}" | tr '/' '-')
+          
+          # Lowercase for Docker compliance
+          IMAGE_NAME=$(echo "${{env.IMAGE_NAME}}" | tr '[:upper:]' '[:lower:]')
+          REGISTRY=$(echo "${{env.REGISTRY}}" | tr '[:upper:]' '[:lower:]')
+          
+          # Build platform-specific tags for all target tags
+          TAGS=""
+          for TAG in ${{ needs.compute-metadata.outputs.tags }}; do
+            TAGS="$TAGS -t ${REGISTRY}/${IMAGE_NAME}/agent:${TAG}-${PLATFORM_TAG}"
+          done
+          
+          set -x
+          docker buildx build \
+            --build-arg GIT_SHA=${GIT_SHA} \
+            --build-arg AGENT_VERSION=${AGENT_VERSION} \
+            --build-arg PYTHON_VERSION=${{ env.PYTHON_VERSION }} \
+            --build-arg DEBIAN_VERSION=${{ env.DEBIAN_VERSION }} \
+            --build-arg DISTROLESS_VERSION=${{ needs.fetch-distroless-versions.outputs.distroless-version }} \
+            --push \
+            --platform ${{ matrix.platform }} \
+            --provenance=false \
+            ${TAGS@L} \
+            --metadata-file=metadata.json \
+            -f ../containers/agent.Dockerfile .
+          
           echo "digest=$(cat metadata.json | jq -r .\"containerimage.digest\")" >> $GITHUB_OUTPUT
-          cat $GITHUB_OUTPUT
+
+  # Create multi-platform manifest from individual architecture builds
+  create-manifest:
+    runs-on: ubuntu-latest
+    needs: [compute-metadata, build-agent]
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    steps:
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      
+      # Create and push multi-platform manifests, then delete platform-specific tags
+      - name: Create manifests and cleanup
+        id: manifest
+        run: |
+          # Lowercase for Docker compliance
+          IMAGE_NAME=$(echo "${{env.IMAGE_NAME}}" | tr '[:upper:]' '[:lower:]')
+          REGISTRY=$(echo "${{env.REGISTRY}}" | tr '[:upper:]' '[:lower:]')
+          
+          # Create manifest for each tag combining amd64 and arm64 images
+          for TAG in ${{ needs.compute-metadata.outputs.tags }}; do
+            FULL_TAG="${REGISTRY}/${IMAGE_NAME}/agent:${TAG}"
+            echo "📦 Creating manifest for $FULL_TAG"
+            docker manifest create $FULL_TAG \
+              ${FULL_TAG}-linux-amd64 \
+              ${FULL_TAG}-linux-arm64
+            docker manifest push $FULL_TAG
+            echo "✅ Pushed $FULL_TAG"
+          done
+          
+          # Get digest of the main tag (git sha) for attestation
+          MAIN_TAG="${REGISTRY}/${IMAGE_NAME}/agent:${{ needs.compute-metadata.outputs.git-sha }}"
+          DIGEST=$(docker manifest inspect $MAIN_TAG | jq -r '.manifests[0].digest')
+          echo "digest=$DIGEST" >> $GITHUB_OUTPUT
+          echo "subject-name=${REGISTRY}/${IMAGE_NAME}/agent" >> $GITHUB_OUTPUT
+          
+          # Note: Platform-specific tags (e.g., v1.0.0-linux-amd64) are left in registry
+          # as intermediate artifacts. Users should pull the multi-platform manifest tags.
+          # GitHub Container Registry doesn't easily support programmatic tag deletion.
+          echo "✅ Multi-platform manifests created successfully"
       
-      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). 
+      # Generate supply chain security attestation for the multi-platform manifest
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v2
         with:
-          subject-name: ${{ env.REGISTRY }}/${{env.IMAGE_NAME}}/agent
-          subject-digest: ${{ steps.build.outputs.digest }}
+          subject-name: ${{ steps.manifest.outputs.subject-name }}
+          subject-digest: ${{ steps.manifest.outputs.digest }}
           push-to-registry: true
 
   operator-agent-tests:
     name: Operator Agent Integration Tests
     runs-on: ubuntu-latest
-    needs: [compute-metadata, build-and-push-agent]
+    needs: [compute-metadata, create-manifest]
     permissions:
       contents: read
       packages: read

.github/workflows/operator-ci.yaml

@@ -271,7 +271,6 @@ jobs:
           GIT_SHA: ${{ needs.compute-metadata.outputs.git-sha }}
           VERSION: ${{ needs.compute-metadata.outputs.version }}
         run: |
-          sudo apt-get update && sudo apt-get install -y jq
           cd operator
           PLATFORM_TAG=$(echo "${{ matrix.platform }}" | tr '/' '-')