feat: refactor Docker builds to use native ARM64 runners with Determinate Nix (#25)

* feat: refactor Docker build to use native ARM64 runners with Determinate Nix

Key improvements:
- Use GitHub's native ARM64 runners (ubuntu-24.04-arm) for public repos
- Replace Docker-in-Docker Nix builds with Determinate Systems installer
- Add Magic Nix Cache for blazing fast rebuilds
- Simplify Dockerfile by using pre-built binaries
- Add .dockerignore for faster context uploads
- Create matrix build strategy for parallel AMD64/ARM64 builds
- Generate multi-arch manifest from individual arch images

Expected benefits:
- 5-7x faster build times (native ARM64 vs QEMU emulation)
- Parallel execution instead of sequential builds
- Better resource utilization with Magic Nix Cache
- Elimination of Docker-in-Docker overhead

* feat: refactor release workflow to use native ARM64 builds

Key improvements:
- Split release into three jobs: prepare-release, build (matrix), manifest
- Use native ARM64 runners (ubuntu-24.04-arm) for ARM64 builds
- Replace QEMU emulation with Determinate Nix installer + Magic Cache
- Parallel AMD64/ARM64 builds instead of sequential
- Maintain all existing release functionality (version bumping, branches, changelog, GitHub releases)
- Create multi-arch manifests from individual architecture images

Expected benefits:
- 5-7x faster release builds (native vs QEMU)
- Parallel execution of AMD64/ARM64 builds
- Magic Nix Cache for faster subsequent releases
- Better resource utilization with native compilation

* fix: improve release changelog generation

Key improvements:
- Generate changelog BEFORE version bump commit to exclude it
- Categorize commits by type (feat, fix, docs, refactor, chore, other)
- Filter out noise (version bumps, merges, release commits)
- Use emoji categories for better readability
- Pass changelog from prepare-release to manifest job
- Ensure meaningful changes are highlighted in releases

This ensures releases contain useful information about actual changes
rather than just the version bump commit message.

* feat: add branch testing support to release workflow

Key improvements:
- Detect if running on main branch vs feature branch
- On branches: show release preview in step summary (no actual release)
- On main: create actual GitHub release and merge branches
- Prevent version bumps, branch creation, and commits when testing
- Add comprehensive test summaries for branch runs
- Safe testing without side effects

This allows testing the complete release workflow including:
- Version calculation
- Changelog generation
- Docker builds and manifest creation
- Release notes preview

Without creating actual releases or modifying repository.

* style: apply pre-commit formatting fixes

- Fix Nix formatting with alejandra
- Fix YAML formatting with yamlfmt
- Ensure all files comply with project style guidelines

These changes were automatically applied by pre-commit hooks.

Author: ck3mp3r

.github/workflows/buildx.yaml

@@ -10,7 +10,17 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - arch: amd64
+            runner: ubuntu-latest
+            platform: linux/amd64
+          - arch: arm64
+            runner: ubuntu-24.04-arm
+            platform: linux/arm64
+
+    runs-on: ${{ matrix.runner }}
     permissions:
       contents: read
       packages: write
@@ -19,8 +29,15 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - name: Install Nix with Determinate Systems installer
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run the Magic Nix Cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Build operator with Nix
+        run: |
+          nix build --print-build-logs
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -38,9 +55,9 @@ jobs:
           VERSION=$(grep '^version = ' operator/Cargo.toml | sed 's/version = "\(.*\)"/\1/')
 
           if [ "${{ github.ref }}" = "refs/heads/main" ]; then
-            TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}"
+            TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-${{ matrix.arch }},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}-${{ matrix.arch }}"
           else
-            TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}-$(git rev-parse --short HEAD)"
+            TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}-$(git rev-parse --short HEAD)-${{ matrix.arch }}"
           fi
 
           echo "tags=$TAGS" >> $GITHUB_OUTPUT
@@ -50,8 +67,45 @@ jobs:
         with:
           context: ./operator
           file: ./operator/docker/Dockerfile
-          platforms: linux/amd64,linux/arm64
+          platforms: ${{ matrix.platform }}
           push: true
           tags: ${{ steps.tags.outputs.tags }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=gha,scope=${{ matrix.arch }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
+          build-contexts: |
+            nix-result=result
+
+  manifest:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create and push multi-arch manifest
+        run: |
+          VERSION=$(grep '^version = ' operator/Cargo.toml | sed 's/version = "\(.*\)"/\1/')
+
+          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
+            docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \
+              ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-amd64 \
+              ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-arm64
+
+            docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION} \
+              ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}-amd64 \
+              ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}-arm64
+          else
+            docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}-$(git rev-parse --short HEAD) \
+              ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}-$(git rev-parse --short HEAD)-amd64 \
+              ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}-$(git rev-parse --short HEAD)-arm64
+          fi