1010 - ' **'
1111
1212jobs :
13- push-release :
13+ build-artifacts :
1414 strategy :
1515 fail-fast : false
1616 matrix :
17- GO_VERSION :
18- - " 1.25.2"
19- runs-on : ubuntu-24.04
17+ include :
18+ - GO_VERSION : " 1.25.2"
19+ ARCH : " amd64"
20+ RUNNER : " ubuntu-24.04"
21+ - GO_VERSION : " 1.25.2"
22+ ARCH : " arm64"
23+ RUNNER : " ubuntu-24.04-arm"
24+ runs-on : ${{ matrix.RUNNER }}
2025 permissions :
2126 contents : write
2227 packages : write
28+ outputs :
29+ version : ${{ steps.version.outputs.version }}
30+ go_version : ${{ matrix.GO_VERSION }}
2331 steps :
2432 - uses : actions/checkout@v4
2533 with :
@@ -29,20 +37,61 @@ jobs:
2937 - name : Verify release ancestry
3038 run : ./tools/verify-release-ancestry.sh "$GITHUB_SHA"
3139
40+ - name : Set up Docker Buildx
41+ uses : docker/setup-buildx-action@v3
42+
43+ - name : Set version output
44+ id : version
45+ run : |
46+ VERSION="${{ matrix.GO_VERSION }}.$(date +%s)"
47+ echo "version=${VERSION}" >> $GITHUB_OUTPUT
48+
3249name : Build Boulder container and .deb
3350 id : build
3451 env :
3552 GO_VERSION : ${{ matrix.GO_VERSION }}
53+ DOCKER_DEFAULT_PLATFORM : linux/${{ matrix.ARCH }}
3654 run : ./tools/container-build.sh
3755
38- - name : Tag Boulder container
39- run : docker tag boulder "ghcr.io/letsencrypt/boulder:${{ github.ref_name }}-go${{ matrix.GO_VERSION }}"
56+ - name : Export container image for multi-platform
57+ run : |
58+ VERSION="${{ steps.version.outputs.version }}"
59+ docker save "boulder:${VERSION}-${{ matrix.ARCH }}" | gzip > "boulder-image-${{ matrix.ARCH }}.tar.gz"
60+
61+ name : Upload build artifacts
62+ uses : actions/upload-artifact@v4
63+ with :
64+ name : boulder-${{ matrix.ARCH }}
65+ path : |
66+ boulder*.deb
67+ boulder*.tar.gz
68+ boulder-image-${{ matrix.ARCH }}.tar.gz
69+ retention-days : 1
4070
41- - name : Compute checksums
42- id : checksums
43- # The files listed on this line must be identical to the files uploaded
44- # in the last step.
45- run : sha256sum boulder*.deb boulder*.tar.gz >| boulder-${{ matrix.GO_VERSION }}.$(date +%s)-$(git rev-parse --short=8 HEAD).checksums.txt
71+ create-release :
72+ needs : build-artifacts
73+ runs-on : ubuntu-24.04
74+ permissions :
75+ contents : write
76+ packages : write
77+ steps :
78+ - uses : actions/checkout@v4
79+ with :
80+ persist-credentials : false
81+ fetch-depth : ' 0'
82+
83+ - name : Download all artifacts
84+ uses : actions/download-artifact@v4
85+ with :
86+ path : artifacts/
87+
88+ - name : Prepare release files
89+ run : |
90+ # Move all .deb and .tar.gz files to current directory
91+ find artifacts/ -name "*.deb" -o -name "*.tar.gz" | grep -v "boulder-image-" | xargs -I {} cp {} .
92+
93+ # Compute checksums for release files only
94+ sha256sum boulder*.deb boulder*.tar.gz >| boulder-${{ needs.build-artifacts.outputs.version }}.$(git rev-parse --short=8 HEAD).checksums.txt
4695
4796name : Create release
4897 env :
@@ -57,16 +106,68 @@ jobs:
57106 # https://cli.github.com/manual/gh_release_upload
58107 run : gh release upload "${GITHUB_REF_NAME}" boulder*.deb boulder*.tar.gz boulder*.checksums.txt
59108
60- - name : Build ct-test-srv container
61- run : docker buildx build . --build-arg "GO_VERSION=${{ matrix.GO_VERSION }}" -f test/ct-test-srv/Dockerfile -t "ghcr.io/letsencrypt/ct-test-srv:${{ github.ref_name }}-go${{ matrix.GO_VERSION }}"
109+ push-images :
110+ needs : build-artifacts
111+ runs-on : ubuntu-24.04
112+ permissions :
113+ contents : read
114+ packages : write
115+ steps :
116+ - uses : actions/checkout@v4
117+ with :
118+ persist-credentials : false
119+
120+ - name : Set up QEMU
121+ uses : docker/setup-qemu-action@v3
122+
123+ - name : Set up Docker Buildx
124+ uses : docker/setup-buildx-action@v3
125+
126+ - name : Download container images
127+ uses : actions/download-artifact@v4
128+ with :
129+ path : artifacts/
130+
131+ - name : Load and tag images
132+ run : |
133+ # Load architecture-specific images
134+ docker load < artifacts/boulder-amd64/boulder-image-amd64.tar.gz
135+ docker load < artifacts/boulder-arm64/boulder-image-arm64.tar.gz
136+
137+ VERSION="${{ needs.build-artifacts.outputs.version }}"
138+ BASE_TAG="ghcr.io/letsencrypt/boulder:${{ github.ref_name }}-go${VERSION}"
139+
140+ # Tag with architecture-specific tags for manifest creation
141+ docker tag "boulder:${VERSION}-amd64" "${BASE_TAG}-amd64"
142+ docker tag "boulder:${VERSION}-arm64" "${BASE_TAG}-arm64"
62143
63144name : Login to ghcr.io
64145 run : printenv GITHUB_TOKEN | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
65146 env :
66147 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
67148
68- - name : Push Boulder container
69- run : docker push "ghcr.io/letsencrypt/boulder:${{ github.ref_name }}-go${{ matrix.GO_VERSION }}"
149+ - name : Push architecture-specific images
150+ run : |
151+ VERSION="${{ needs.build-artifacts.outputs.version }}"
152+ BASE_TAG="ghcr.io/letsencrypt/boulder:${{ github.ref_name }}-go${VERSION}"
153+ docker push "${BASE_TAG}-amd64"
154+ docker push "${BASE_TAG}-arm64"
155+
156+ name : Create and push multi-platform manifest
157+ run : |
158+ VERSION="${{ needs.build-artifacts.outputs.version }}"
159+ BASE_TAG="ghcr.io/letsencrypt/boulder:${{ github.ref_name }}-go${VERSION}"
160+
161+ docker buildx imagetools create -t "${BASE_TAG}" \
162+ "${BASE_TAG}-amd64" \
163+ "${BASE_TAG}-arm64"
70164
71- - name : Push ct-test-srv container
72- run : docker push "ghcr.io/letsencrypt/ct-test-srv:${{ github.ref_name }}-go${{ matrix.GO_VERSION }}"
165+ name : Build and push ct-test-srv multi-platform
166+ run : |
167+ VERSION="${{ needs.build-artifacts.outputs.version }}"
168+ docker buildx build . \
169+ --build-arg "GO_VERSION=${{ needs.build-artifacts.outputs.go_version }}" \
170+ -f test/ct-test-srv/Dockerfile \
171+ --platform linux/amd64,linux/arm64 \
172+ -t "ghcr.io/letsencrypt/ct-test-srv:${{ github.ref_name }}-go${VERSION}" \
173+ --push
0 commit comments