From e576b358cbd4bb8f06bddad48992615172c8ec3e Mon Sep 17 00:00:00 2001
From: John Garbutt <john.garbutt@stackhpc.com>
Date: Tue, 5 Nov 2024 16:04:15 +0000
Subject: [PATCH] Update container build

---
 .github/workflows/docker.yaml | 41 +++++++++++++----------------------
 1 file changed, 15 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index fbfcc21..34fcf65 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -3,24 +3,20 @@ name: Docker image
 on: push
 jobs:
   build_push_api:
-    name: Build and push execution environment
+    name: Build and push image
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write         # needed for signing the images with GitHub OIDC Token
+      packages: write         # required for pushing container images
+      security-events: write  # required for pushing SARIF files
+
     steps:
       - name: Check out the repository
-        uses: actions/checkout@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: actions/checkout@v4
 
-      - name: Set up Docker layer caching
-        uses: actions/cache@v2
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -28,7 +24,7 @@ jobs:
 
       - name: Calculate metadata for image
         id: image-meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           images: ghcr.io/stackhpc/os-capacity
           # Produce the branch name or tag and the SHA as tags
@@ -36,21 +32,14 @@ jobs:
             type=ref,event=branch
             type=ref,event=tag
             type=sha,prefix=
+
       - name: Build and push image
-        uses: docker/build-push-action@v2
+        uses: azimuth-cloud/github-actions/docker-multiarch-build-push@master
         with:
+          cache-key: os-capacity
           context: .
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.image-meta.outputs.tags }}
           labels: ${{ steps.image-meta.outputs.labels }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
-
-      # Temp fix
-      # https://github.com/docker/build-push-action/issues/252
-      # https://github.com/moby/buildkit/issues/1896
-      # https://github.com/docker/buildx/pull/535
-      - name: Move cache
-        run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          github-token: ${{ secrets.GITHUB_TOKEN }}