From 4f4795d7e5d10f1e7239209ee33ce4e5c6287759 Mon Sep 17 00:00:00 2001
From: caipira113 <caipira@libnare.net>
Date: Wed, 20 Mar 2024 22:19:30 +0900
Subject: [PATCH] Structural decoupling for confidence in Docker build results

---
 .github/workflows/docker.yml | 110 +++++++++++++++++++++++++++--------
 1 file changed, 86 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index d38ffe7..72473fb 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -8,16 +8,81 @@ on:
 
 jobs:
   build:
-    permissions:
-      contents: read
-      id-token: write
     runs-on: ubuntu-latest
 
+    strategy:
+      matrix:
+        platform: [linux/amd64, linux/arm64]
+
     steps:
       - name: Checkout
         uses: actions/checkout@v3
       - name: Get commit sha
         run: echo "COMMIT_SHA=$(git rev-parse --short=7 HEAD)" >> $GITHUB_ENV
+      - name: Get os name
+        run: echo "OS=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
+      - name: Set up Docker Buildx
+        id: setup-buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: ${{ matrix.platform }}
+      - name: Build and Push
+        id: buildx
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          provenance: false
+          platforms: ${{ steps.setup-buildx.outputs.platforms }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          # image to tar
+          outputs: type=local,dest=./${{ env.OS }}-image.tar
+      - name: Image ID Output
+        run: echo "${{ steps.buildx.outputs.imageid }}" > "${{ env.OS }}-image.id"
+      - name: Upload image id
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.OS }}-image-id
+          path: ${{ env.OS }}-image.id
+      - name: Upload image tar
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.OS }}-image
+          path: ${{ env.OS }}-image.tar
+  tag-merge:
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-22.04
+
+    needs: build
+
+    steps:
+      - name: Download image id
+        uses: actions/download-artifact@v4
+        with:
+          name: amd64-image.id
+          path: amd64-image.id
+      - name: Download image id
+        uses: actions/download-artifact@v4
+        with:
+          name: arm64-image.id
+          path: arm64-image.id
+      - name: Download image tar
+        uses: actions/download-artifact@v4
+        with:
+          name: amd64-image
+          path: amd64-image.tar
+      - name: Download image tar
+        uses: actions/download-artifact@v4
+        with:
+          name: arm64-image
+          path: arm64-image.tar
+      - name: Set image id output
+        id: imageid
+        run: |
+          echo "amd64-image=$(cat amd64-image.id)" >> $GITHUB_OUTPUT
+          echo "arm64-image=$(cat arm64-image.id)" >> $GITHUB_OUTPUT
       - name: Authenticate to Google Cloud
         id: auth
         uses: google-github-actions/auth@v1
@@ -34,24 +99,21 @@ jobs:
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v2
-        with:
-          platforms: linux/amd64,linux/arm64
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}
-      - name: Build and Push
-        env:
-          IMAGE_TAG: ${{ github.sha }}
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          push: true
-          platforms: ${{ steps.buildx.outputs.platforms }}
-          provenance: false
-          tags: |
-            ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:${{ env.COMMIT_SHA }}
-            ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
\ No newline at end of file
+      - name: Load image
+        run: docker import ubuntu-image.tar
+      - name: Load image
+        run: docker import macos-image.tar
+      - name: Tag
+        run: |
+          docker manifest create \
+            ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:${{ github.sha }} \
+            ${{ steps.imageid.outputs.amd64-image }} \
+            ${{ steps.imageid.outputs.arm64-image }}
+          docker manifest annotate --arch amd64 \
+            ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:${{ github.sha }} \
+            ${{ steps.imageid.outputs.amd64-image }}
+          docker manifest annotate --arch arm64 \
+            ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:${{ github.sha }} \
+            ${{ steps.imageid.outputs.arm64-image }}
+      - name: Push
+        run: docker manifest push ${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:${{ github.sha }}
\ No newline at end of file