.github/workflows/docker.yml

name: Build and Push Docker Image

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest

    strategy:
      matrix:
        platform: [linux/amd64, linux/arm64]

    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Get commit sha
        run: echo "COMMIT_SHA=$(git rev-parse --short=7 HEAD)" >> $GITHUB_ENV
      - name: Get os name
        run: echo "OS=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
      - name: Add SSH key
        if: matrix.platform == 'linux/arm64'
        env:
          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -p ${{ secrets.ARM_NODE_PORT }} -H ${{ secrets.ARM_NODE_ADDR }} >> ~/.ssh/known_hosts
          ssh-agent -a $SSH_AUTH_SOCK > /dev/null
          echo "${{ secrets.SSH_PRIVATE_KEY }}" | ssh-add -
      - name: Set up Docker Buildx for amd64
        if: matrix.platform == 'linux/amd64'
        uses: docker/setup-buildx-action@v3
        with:
          platforms: ${{ matrix.platform }}
      - name: Set up Docker Buildx for arm64
        if: matrix.platform == 'linux/arm64'
        env:
          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
        uses: docker/setup-buildx-action@v3
        with:
          platforms: ${{ matrix.platform }}
          endpoint: ssh://${{ secrets.ARM_NODE_USER }}@${{ secrets.ARM_NODE_ADDR }}:${{ secrets.ARM_NODE_PORT }}
      - name: Build and export
        id: buildx
        env:
          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
        uses: docker/build-push-action@v5
        with:
          context: .
          provenance: false
          platforms: ${{ matrix.platform }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          # image to tar
          outputs: type=tar,dest=./${{ env.OS }}-image.tar
      - name: Image ID Output for amd64
        if: matrix.platform == 'linux/amd64'
        run: echo "${{ steps.buildx.outputs.imageid }}" > "${{ env.OS }}-image-id.txt"
      - name: Upload image id
        uses: actions/upload-artifact@v4
        with:
          name: ${{ env.OS }}-image-id.txt
          path: ${{ env.OS }}-image-id.txt
      - name: Upload image tar
        uses: actions/upload-artifact@v4
        with:
          name: ${{ env.OS }}-image.tar
          path: ${{ env.OS }}-image.tar
  tag-merge:
    permissions:
      contents: read
      id-token: write
    runs-on: ubuntu-22.04

    needs: build

    steps:
      - name: Download image id (amd64)
        uses: actions/download-artifact@v4
        with:
          name: amd64-image-id.txt
      - name: Download image id (arm64)
        uses: actions/download-artifact@v4
        with:
          name: arm64-image-id.txt
      - name: Download image tar (amd64)
        uses: actions/download-artifact@v4
        with:
          name: amd64-image.tar
      - name: Download image tar (arm64)
        uses: actions/download-artifact@v4
        with:
          name: arm64-image.tar
      - name: Set image id output
        id: imageid
        run: |
          echo "AMD64_ID=$(cat amd64-image-id.txt)" >> $GITHUB_ENV
          echo "ARM64_ID=$(cat arm64-image-id.txt)" >> $GITHUB_ENV
      - name: Authenticate to Google Cloud
        id: auth
        uses: google-github-actions/auth@v2
        with:
          token_format: access_token
          workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
          service_account: ${{ secrets.SERVICE_ACCOUNT }}
      - name: Login to Artifact Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.ARTIFACT_REGISTRY }}
          username: oauth2accesstoken
          password: ${{ steps.auth.outputs.access_token }}
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3
      - name: Load image
        run: docker import amd64-image.tar
      - name: Load image
        run: docker import arm64-image.tar
      - name: Tag
        run: |
          docker manifest create \
            ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:latest \
            ${{ env.AMD64_ID }} \
            ${{ env.ARM64_ID }}
          docker manifest annotate --arch amd64 \
            ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:latest \
            ${{ env.AMD64_ID }}
          docker manifest annotate --arch arm64 \
            ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:latest \
            ${{ env.ARM64_ID }}
      - name: Push
        run: docker manifest push ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:latest
      - name: Summary
        run: |
          echo "Job completed! 🎉" >> $GITHUB_STEP_SUMMARY
          echo "Image pushed to `${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:latest`" >> $GITHUB_STEP_SUMMARY
          echo "## Details" >> $GITHUB_STEP_SUMMARY
          echo "linux/arm64: `${{ env.ARM64_ID }}`" >> $GITHUB_STEP_SUMMARY
          echo "linux/amd64: `${{ env.AMD64_ID }}`" >> $GITHUB_STEP_SUMMARY