techprimate
diff --git a/‎.dockerignore‎
Lines changed: 55 additions & 30 deletions b/‎.dockerignore‎
Lines changed: 55 additions & 30 deletions
diff --git a/‎.github/workflows/build-cli-docker.yml‎
Lines changed: 196 additions & 0 deletions b/‎.github/workflows/build-cli-docker.yml‎
Lines changed: 196 additions & 0 deletions
@@ -3,43 +3,68 @@
 .gitignore
 .gitattributes
 
-# CI/CD
-.github
-
-# Documentation
-*.md
-docs/
+# Build artifacts
+dist/
+**/dist/
+# Allow CLI binaries for Docker builds
+!dist/github-actions-utils-cli-linux-*
+build/
+**/build/
+*.swp
+*.swo
+*~
 
-# Development
-.cursor/
-.vscode/
-.idea/
+# Node
+node_modules/
+**/node_modules/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.npm
+.pnpm-store
 
-# Build artifacts (we copy specific binaries)
-dist/*
-!dist/github-actions-utils-cli-linux-*
+# macOS files
+**/.DS_Store
 
-# Go
-go.sum
-*.test
-*.out
-coverage.txt
+# Testing
+coverage/
+.nyc_output
 
-# Dependencies
-vendor/
+# IDE
+.idea/
+.vscode/
+*.iml
+*.swp
+*.swo
+*~
+.DS_Store
 
 # OS
-.DS_Store
 Thumbs.db
 
-# Misc
-LICENSE
-renovate.json
-dprint.json
-Brewfile
-Makefile
+# Deployment
+deploy/
+.pulumi/
 
-# Keep only what's needed for the build
-!dist/github-actions-utils-cli-linux-amd64
-!dist/github-actions-utils-cli-linux-arm64
+# Docs
+docs/
+*.md
+!README.md
 
+# Examples and tests
+examples/
+*_test.go
+testdata/
+
+# CI/CD
+.github/
+.gitlab-ci.yml
+.travis.yml
+
+# Misc
+.env
+.env.*
+!.env.example
+tmp/
+temp/
+*.log
@@ -0,0 +1,196 @@
+name: Build CLI Docker Images
+
+on:
+  workflow_call:
+    inputs:
+      tag_name:
+        description: "Tag name for Docker images"
+        required: true
+        type: string
+      is_prerelease:
+        description: "Whether this is a prerelease"
+        required: true
+        type: string
+
+jobs:
+  build:
+    name: Build CLI Docker Image (${{ matrix.platform.name }})
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    timeout-minutes: 30
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - name: linux/amd64
+            tag: linux-amd64
+          - name: linux/arm64
+            tag: linux-arm64
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.platform.name }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v5
+
+      - name: Download CLI artifacts
+        uses: actions/download-artifact@v6
+        with:
+          path: dist
+          pattern: cli-${{ matrix.platform.tag }}
+          merge-multiple: true
+
+      - name: List downloaded files
+        run: ls -lh dist/
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            docker.io/${{ github.repository }}
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=${{ inputs.tag_name }}
+          labels: |
+            org.opencontainers.image.title=GitHub Actions Utils CLI
+            org.opencontainers.image.description=MCP server for GitHub Actions utilities
+            maintainer=techprimate GmbH <[email protected]>
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build ${{ github.event_name == 'pull_request' && '(dry run)' || 'and push' }} by digest
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: ${{ matrix.platform.name }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache-${{ matrix.platform.tag }}
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache-${{ matrix.platform.tag }},mode=max
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
+      - name: Export digest
+        if: github.event_name != 'pull_request'
+        run: |
+          set -e
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+          ls -la /tmp/digests
+
+      - name: Upload digest
+        if: github.event_name != 'pull_request'
+        uses: actions/upload-artifact@v5
+        with:
+          name: cli-docker-digests-${{ matrix.platform.tag }}
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    name: Create Manifest List
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.event_name != 'pull_request'
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    timeout-minutes: 10
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}-merge
+      cancel-in-progress: true
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v6
+        with:
+          path: /tmp/digests
+          pattern: cli-docker-digests-*
+          merge-multiple: true
+
+      - name: List digests
+        run: ls -la /tmp/digests
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Create Docker Metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            docker.io/${{ github.repository }}
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=${{ inputs.tag_name }}
+            type=raw,value=latest,enable=${{ inputs.is_prerelease == 'true' }}
+            type=semver,pattern={{version}},value=${{ inputs.tag_name }},enable=${{ inputs.is_prerelease == 'false' }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ inputs.tag_name }},enable=${{ inputs.is_prerelease == 'false' }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create manifest list and push
+        working-directory: /tmp/digests
+        run: |
+          # Extract all tags
+          image_tags=$(printf '%s' "$DOCKER_METADATA_OUTPUT_JSON" | jq -cr '.tags | map("-t " + .) | join(" ")')
+          echo "Creating manifest list with tags: $image_tags"
+
+          # Extract unique image names (without tags) to build digest references
+          image_names=$(printf '%s' "$DOCKER_METADATA_OUTPUT_JSON" | jq -cr '.tags | map(split(":")[0]) | unique | join(" ")')
+          echo "Image names: $image_names"
+
+          # Build digest references for all images
+          digest_refs=""
+          for image_name in $image_names; do
+            for digest_file in *; do
+              digest_refs="$digest_refs ${image_name}@sha256:${digest_file}"
+            done
+          done
+          echo "Digest references: $digest_refs"
+
+          echo "Creating manifest using buildx..."
+          docker buildx imagetools create $image_tags $digest_refs
+
+          # Inspect the first tag for verification
+          first_tag=$(printf '%s' "$DOCKER_METADATA_OUTPUT_JSON" | jq -cr '.tags[0]')
+          docker buildx imagetools inspect "$first_tag"