name: Container on: workflow_call: inputs: build_image_name: required: true type: string outputs: build_image: value: '${{ inputs.build_image_name }}:${{ github.sha }}' permissions: packages: write env: default_labels: | org.opencontainers.image.documentation=https://zitadel.com/docs org.opencontainers.image.vendor=CAOS AG jobs: build: name: zitadel runs-on: ubuntu-latest strategy: fail-fast: false matrix: arch: [amd64,arm64] steps: - uses: actions/checkout@v4 - name: Scratch meta id: scratch-meta uses: docker/metadata-action@v5 with: images: ${{ inputs.build_image_name }} labels: ${{ env.default_labels}} tags: | type=sha,prefix=,suffix=,format=long - name: Debug meta id: debug-meta uses: docker/metadata-action@v5 with: images: ${{ inputs.build_image_name }} labels: ${{ env.default_labels}} tags: | type=sha,prefix=,suffix=-debug,format=long - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: driver-opts: 'image=moby/buildkit:v0.11.6' - name: Login to Docker registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - uses: actions/download-artifact@v4 with: path: .artifacts name: zitadel-linux-${{ matrix.arch }} - name: Unpack executable run: | tar -xvf .artifacts/zitadel-linux-${{ matrix.arch }}.tar.gz mv zitadel-linux-${{ matrix.arch }}/zitadel ./zitadel - name: Debug id: build-debug uses: docker/build-push-action@v5 timeout-minutes: 3 with: context: . cache-from: type=gha cache-to: type=gha,mode=max file: build/Dockerfile target: artifact platforms: linux/${{ matrix.arch }} push: true labels: ${{ steps.debug-meta.outputs.labels }} outputs: type=image,name=${{ inputs.build_image_name }},push-by-digest=true,name-canonical=true,push=true - name: Scratch id: build-scratch uses: docker/build-push-action@v5 timeout-minutes: 3 with: context: . cache-from: type=gha cache-to: type=gha,mode=max file: build/Dockerfile target: final platforms: linux/${{ matrix.arch }} push: true labels: ${{ steps.scratch-meta.outputs.labels }} outputs: type=image,name=${{ inputs.build_image_name }},push-by-digest=true,name-canonical=true,push=true - name: Export debug digest run: | mkdir -p /tmp/digests/debug digest="${{ steps.build-debug.outputs.digest }}" touch "/tmp/digests/debug/${digest#sha256:}" - name: Export scratch digest run: | mkdir -p /tmp/digests/scratch digest="${{ steps.build-scratch.outputs.digest }}" touch "/tmp/digests/scratch/${digest#sha256:}" - name: Upload digest uses: actions/upload-artifact@v4 with: name: digests-${{ matrix.arch }} path: /tmp/digests if-no-files-found: error retention-days: 1 merge: runs-on: ubuntu-latest needs: - build strategy: fail-fast: false matrix: image: [scratch, debug] include: - image: scratch suffix: '' - image: debug suffix: '-debug' steps: - name: Download digests uses: actions/download-artifact@v4 with: pattern: digests-* path: /tmp/digests merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: driver-opts: 'image=moby/buildkit:v0.11.6' - name: Login to Docker registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker meta id: build-meta uses: docker/metadata-action@v5 with: images: '${{ inputs.build_image_name }}' tags: | type=sha,prefix=,suffix=${{ matrix.suffix }},format=long - name: Create build manifest list and push working-directory: /tmp/digests/${{ matrix.image }} run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< '${{ steps.build-meta.outputs.json }}') \ $(printf '${{ inputs.build_image_name }}@sha256:%s ' *) - name: Inspect build image run: | docker buildx imagetools inspect ${{ inputs.build_image_name }}:${{ github.sha }}${{ matrix.suffix }}