build amd64 and arm64 on appropriate os architecture

scheibinger · scheibinger · commit c52003a3bd32 · 2025-01-29T13:29:04.000+01:00
diff --git a/.github/workflows/images-pull-request.yaml b/.github/workflows/images-pull-request.yaml
@@ -1,6 +1,8 @@
 name: Docker Images - Pull Request
 on: pull_request
 
+env:
+  REGISTRY_ALIAS: w0i8p0z9
 jobs:
   #  hadolint:
   #    name: Lint Dockerfiles
@@ -11,7 +13,7 @@ jobs:
   #        with:
   #          recursive: true
 
-  chkmodified:
+  check-modified:
     name: Check modified
     runs-on: ubuntu-latest
     outputs:
@@ -32,33 +34,110 @@ jobs:
         env:
           CHANGED_FILES: ${{ steps.get_changed_files.outputs.all_modified_files }}
 
-  build-public:
-    needs: chkmodified
-    runs-on: ubuntu-24.04-arm
-    environment: ecr-prod-publish
-    permissions:
-      id-token: write
-      contents: read
+  build-amd64:
+    name: Build & Push AMD64 Image
+    runs-on: ubuntu-latest  # Ensure it supports x86_64
+    needs: [ check-modified ]
     strategy:
-      matrix: ${{ fromJson(needs.chkmodified.outputs.dockerfile_dirs) }}
+      matrix: ${{ fromJson(needs.check-modified.outputs.dockerfile_dirs) }}
       fail-fast: false
-
     steps:
-      - name: Build
-        uses: smartcontractkit/.github/actions/cicd-build-publish-docker@main # v0.1.0
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+        with:
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.AWS_OIDC_PUBLISH_ECR_ROLE_ARN }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+        with:
+          registry-type: 'public'
+          registries: ${{ secrets.AWS_PROD_ACCOUNT_NUMBER }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and Push AMD64 Image
+        uses: docker/build-push-action@v5
         with:
-          # general inputs
-          ecr-repo-name: ${{ matrix.image }}
-          publish: 'false'
-          dockerfile: ./images/${{ matrix.image }}/Dockerfile
           context: ./images/${{ matrix.image }}/
+          file: ./images/${{ matrix.image }}/Dockerfile
+          push: true
+          platforms: linux/amd64
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/${ env.REGISTRY_ALIAS }/${{ matrix.image }}:sha-${{ github.sha }}-amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  build-arm64:
+    name: Build & Push Arm64 Image
+    runs-on: ubuntu-24.04-arm  # Ensure it supports x86_64
+    needs: [ check-modified ]
+    strategy:
+      matrix: ${{ fromJson(needs.check-modified.outputs.dockerfile_dirs) }}
+      fail-fast: false
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+        with:
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.AWS_OIDC_PUBLISH_ECR_ROLE_ARN }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+        with:
           registry-type: 'public'
-          registry-alias: 'w0i8p0z9'
-          multi-platform: 'true'
-          # platforms: linux/amd64,linux/arm64
+          registries: ${{ secrets.AWS_PROD_ACCOUNT_NUMBER }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and Push Arm64 Image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./images/${{ matrix.image }}/
+          file: ./images/${{ matrix.image }}/Dockerfile
+          push: true
           platforms: linux/arm64
           tags: |
-            type=sha,prefix=pr=,event=pr
-          # aws inputs
-          aws-role-arn: ${{ secrets.AWS_OIDC_PUBLISH_ECR_ROLE_ARN }}
-          aws-account-number: ${{ secrets.AWS_PROD_ACCOUNT_NUMBER }}
+            ${{ steps.login-ecr.outputs.registry }}/${ env.REGISTRY_ALIAS }/${{ matrix.image }}:sha-${{ github.sha }}-arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  create-manifest:
+    name: Create & Push Multi-Arch Manifest
+    runs-on: ubuntu-latest
+    strategy:
+      matrix: ${{ fromJson(needs.check-modified.outputs.dockerfile_dirs) }}
+      fail-fast: false
+    needs: [check-modified, build-amd64, build-arm64]
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+        with:
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.AWS_OIDC_PUBLISH_ECR_ROLE_ARN }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+        with:
+          registry-type: 'public'
+          registries: ${{ secrets.AWS_PROD_ACCOUNT_NUMBER }}
+
+      - name: Create and Push Multi-Architecture Manifest
+        run: |
+          docker manifest create ${{ steps.login-ecr.outputs.registry }}/${ env.REGISTRY_ALIAS }/${{ matrix.image }}:sha-${{ github.sha }} \
+            --amend ${{ steps.login-ecr.outputs.registry }}/${ env.REGISTRY_ALIAS }/${{ matrix.image }}:sha-${{ github.sha }}-amd64 \
+            --amend ${{ steps.login-ecr.outputs.registry }}/${ env.REGISTRY_ALIAS }/${{ matrix.image }}:sha-${{ github.sha }}-arm64
+
+          docker manifest push ${{ steps.login-ecr.outputs.registry }}/${ env.REGISTRY_ALIAS }/${{ matrix.image }}:sha-${{ github.sha }}
+
