From 8b3f20f440565a456c57f6bb22e8640478087461 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Wed, 28 Jan 2026 19:28:11 +0000 Subject: [PATCH 01/16] Add qemu for arm --- .github/workflows/ci.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 68f9d6c..30e3abe 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,8 +8,8 @@ on: - '*' pull_request: +# https://docs.docker.com/build/ci/github-actions/multi-platform/ jobs: - build_container: runs-on: ubuntu-latest @@ -20,9 +20,16 @@ jobs: # Need this to get version number from last tag fetch-depth: 0 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 + - name: Set up Docker + uses: docker/setup-docker-action@v4 + with: + daemon-config: | + { + "debug": true, + "features": { + "containerd-snapshotter": true + } + } - name: Log in to GitHub Docker Registry if: github.event_name != 'pull_request' @@ -32,6 +39,9 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Build and export to Docker local cache uses: docker/build-push-action@v6 env: @@ -40,6 +50,7 @@ jobs: context: . # Need load and tags so we can test it below load: true + platforms: linux/amd64,linux/arm64 tags: tag_for_testing - name: Test cli works in cached runtime image @@ -65,5 +76,6 @@ jobs: with: context: . push: true + platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From 813f88e794f06cd015a4ca6328abe512e6174074 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Wed, 11 Feb 2026 16:48:11 +0000 Subject: [PATCH 02/16] Try to split to multiple runners --- .github/workflows/ci.yml | 125 +++++++++++++++++++++++++-------------- 1 file changed, 80 insertions(+), 45 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 30e3abe..5a868ea 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,51 +10,85 @@ on: # https://docs.docker.com/build/ci/github-actions/multi-platform/ jobs: + build_container: - runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + include: + - arch: amd64 + runner: ubuntu-latest + - arch: arm64 + runner: ubuntu-24.04-arm + runs-on: ${{ matrix.runner }} steps: - - name: Checkout - uses: actions/checkout@v5 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and export to Docker local cache + uses: docker/build-push-action@v6 + with: + # Need load and tags so we can test it below + load: true + tags: tag_for_testing + + - name: Test cli works in cached runtime image + run: docker run --rm tag_for_testing uvx pycowsay 'hello ubuntu-devcontainer!' + + - name: Create tags for publishing image + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: linux/${{ matrix.platform }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + + - name: Export digest + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 with: - # Need this to get version number from last tag - fetch-depth: 0 + name: digests-linux-${{ matrix.platform }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 - - name: Set up Docker - uses: docker/setup-docker-action@v4 + merge: + runs-on: ubuntu-latest + needs: + - build + if: github.ref_type == 'tag' + + steps: + - name: Download digests + uses: actions/download-artifact@v4 with: - daemon-config: | - { - "debug": true, - "features": { - "containerd-snapshotter": true - } - } + path: ${{ runner.temp }}/digests + pattern: digests-* + merge-multiple: true - name: Log in to GitHub Docker Registry - if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Build and export to Docker local cache - uses: docker/build-push-action@v6 - env: - DOCKER_BUILD_RECORD_UPLOAD: false - with: - context: . - # Need load and tags so we can test it below - load: true - platforms: linux/amd64,linux/arm64 - tags: tag_for_testing - - - name: Test cli works in cached runtime image - run: docker run --rm tag_for_testing uvx pycowsay 'hello ubuntu-devcontainer!' + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Create tags for publishing image id: meta @@ -65,17 +99,18 @@ jobs: type=ref,event=tag type=raw,value=latest type=raw,value=noble - - - name: Push cached image to container registry - if: github.ref_type == 'tag' - uses: docker/build-push-action@v6 - env: - DOCKER_BUILD_RECORD_UPLOAD: false - # This does not build the image again, it will find the image in the - # Docker cache and publish it - with: - context: . - push: true - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + + # image names must be all lower case, meta does this for us to make tags + # but can't get the image name back out + - name: Generate image repo name + run: echo REGISTRY_IMAGE=ghcr.io/$(tr '[:upper:]' '[:lower:]' <<< "${{ github.repository }}") >> $GITHUB_ENV + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ No newline at end of file From 2bfa99186dd6e7cfbd7f94de600888c88f589eaa Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Wed, 11 Feb 2026 16:51:02 +0000 Subject: [PATCH 03/16] Fix name --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5a868ea..885f8ae 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ on: # https://docs.docker.com/build/ci/github-actions/multi-platform/ jobs: - build_container: + build: strategy: fail-fast: false From dc290e273d7fae29f7873ac51be69e09d8fd261a Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Wed, 11 Feb 2026 16:55:09 +0000 Subject: [PATCH 04/16] correct plaform --- .github/workflows/ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 885f8ae..640d78e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,6 +30,7 @@ jobs: - name: Build and export to Docker local cache uses: docker/build-push-action@v6 with: + platforms: linux/${{ matrix.arch }} # Need load and tags so we can test it below load: true tags: tag_for_testing @@ -47,7 +48,7 @@ jobs: id: build uses: docker/build-push-action@v6 with: - platforms: linux/${{ matrix.platform }} + platforms: linux/${{ matrix.arch }} labels: ${{ steps.meta.outputs.labels }} tags: ${{ steps.meta.outputs.tags }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true @@ -61,7 +62,7 @@ jobs: - name: Upload digest uses: actions/upload-artifact@v4 with: - name: digests-linux-${{ matrix.platform }} + name: digests-linux-${{ matrix.arch }} path: ${{ runner.temp }}/digests/* if-no-files-found: error retention-days: 1 From 760414874e4dc0b442fc8ac1179d9e78120710df Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Wed, 11 Feb 2026 17:06:40 +0000 Subject: [PATCH 05/16] Don't tag on push by digest --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 640d78e..dd65bc7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,6 @@ jobs: with: platforms: linux/${{ matrix.arch }} labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true - name: Export digest From 158238fa5870add4eaf453f495a69eec68d392fd Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Fri, 13 Feb 2026 16:28:22 +0000 Subject: [PATCH 06/16] Try login and push --- .github/workflows/ci.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dd65bc7..d700739 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,10 +27,23 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Log in to GitHub Docker Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata for publishing image + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + - name: Build and export to Docker local cache uses: docker/build-push-action@v6 with: - platforms: linux/${{ matrix.arch }} # Need load and tags so we can test it below load: true tags: tag_for_testing @@ -38,17 +51,11 @@ jobs: - name: Test cli works in cached runtime image run: docker run --rm tag_for_testing uvx pycowsay 'hello ubuntu-devcontainer!' - - name: Create tags for publishing image - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository }} - - name: Build and push by digest id: build + # if: github.ref_type == 'tag' uses: docker/build-push-action@v6 with: - platforms: linux/${{ matrix.arch }} labels: ${{ steps.meta.outputs.labels }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true From 976fd15c1b7fbafc119356d4f9f6652aeb944e8b Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Fri, 13 Feb 2026 16:37:48 +0000 Subject: [PATCH 07/16] Add tag --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d700739..e7acf32 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -57,6 +57,7 @@ jobs: uses: docker/build-push-action@v6 with: labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true - name: Export digest From 30e7d6b797a0f773a77754277d0644c61f55e920 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Fri, 13 Feb 2026 16:44:54 +0000 Subject: [PATCH 08/16] try tag with just repo name --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e7acf32..ce6b306 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -57,7 +57,7 @@ jobs: uses: docker/build-push-action@v6 with: labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags }} + tags: ghcr.io/${{ github.repository }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true - name: Export digest From 95c13b11e872ba6d7f012648b4658e5d475ce8c3 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Fri, 13 Feb 2026 17:01:06 +0000 Subject: [PATCH 09/16] Lowercase tag --- .github/workflows/ci.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ce6b306..620bf45 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -51,13 +51,18 @@ jobs: - name: Test cli works in cached runtime image run: docker run --rm tag_for_testing uvx pycowsay 'hello ubuntu-devcontainer!' + # image names must be all lower case, meta does this for us to make tags + # but can't get the image name back out + - name: Generate image repo name + run: echo REGISTRY_IMAGE=ghcr.io/$(tr '[:upper:]' '[:lower:]' <<< "${{ github.repository }}") >> $GITHUB_ENV + - name: Build and push by digest id: build # if: github.ref_type == 'tag' uses: docker/build-push-action@v6 with: labels: ${{ steps.meta.outputs.labels }} - tags: ghcr.io/${{ github.repository }} + tags: ${{ env.REGISTRY_IMAGE }} outputs: type=image,push-by-digest=true,name-canonical=true,push=true - name: Export digest From 22a4f32c6cef9275299fb915e003c6f48d471ea3 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Fri, 13 Feb 2026 17:04:08 +0000 Subject: [PATCH 10/16] login --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 620bf45..d4cd1fd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,7 +28,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Docker Registry - if: github.event_name != 'pull_request' + # if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: registry: ghcr.io From 4b9fb57c9014bc331023e9279405585a69a0cf05 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Fri, 13 Feb 2026 17:11:51 +0000 Subject: [PATCH 11/16] Add in the manifest --- .github/workflows/ci.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d4cd1fd..ceee1e5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -83,7 +83,7 @@ jobs: runs-on: ubuntu-latest needs: - build - if: github.ref_type == 'tag' + # if: github.ref_type == 'tag' steps: - name: Download digests @@ -109,9 +109,11 @@ jobs: with: images: ghcr.io/${{ github.repository }} tags: | - type=ref,event=tag - type=raw,value=latest - type=raw,value=noble + type=ref,event=pr + +# type=ref,event=tag +# type=raw,value=latest +# type=raw,value=noble # image names must be all lower case, meta does this for us to make tags # but can't get the image name back out From 6b130786b9f3a553541b796bfa5fa9aadff89041 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Mon, 16 Feb 2026 14:56:52 +0000 Subject: [PATCH 12/16] Try to simplify --- .github/workflows/ci.yml | 62 ++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ceee1e5..b50deca 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,3 +1,7 @@ +# Written using +# https://docs.docker.com/build/ci/github-actions/multi-platform/ +# and +# https://github.com/sredevopsorg/multi-arch-docker-github-workflow/blob/main/.github/workflows/multi-build.yaml name: CI on: @@ -8,7 +12,12 @@ on: - '*' pull_request: -# https://docs.docker.com/build/ci/github-actions/multi-platform/ +env: + # The name of the Docker image to be built and pushed to GHCR + # The image name is derived from the GitHub repository name and the GitHub Container Registry (GHCR) URL. + # The image name will be in the format: ghcr.io// + GHCR_IMAGE: ghcr.io/${{ github.repository }} + jobs: build: @@ -27,19 +36,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log in to GitHub Docker Registry - # if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata for publishing image id: meta uses: docker/metadata-action@v5 with: - images: ghcr.io/${{ github.repository }} + images: ${{ env.GHCR_IMAGE }} - name: Build and export to Docker local cache uses: docker/build-push-action@v6 @@ -51,10 +52,13 @@ jobs: - name: Test cli works in cached runtime image run: docker run --rm tag_for_testing uvx pycowsay 'hello ubuntu-devcontainer!' - # image names must be all lower case, meta does this for us to make tags - # but can't get the image name back out - - name: Generate image repo name - run: echo REGISTRY_IMAGE=ghcr.io/$(tr '[:upper:]' '[:lower:]' <<< "${{ github.repository }}") >> $GITHUB_ENV + - name: Log in to GitHub Docker Registry + # if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push by digest id: build @@ -62,8 +66,10 @@ jobs: uses: docker/build-push-action@v6 with: labels: ${{ steps.meta.outputs.labels }} - tags: ${{ env.REGISTRY_IMAGE }} - outputs: type=image,push-by-digest=true,name-canonical=true,push=true + annotations: ${{ steps.meta.outputs.annotations }} + outputs: type=image,name=${{ env.GHCR_IMAGE }},push-by-digest=true,name-canonical=true,push=true,oci-mediatypes=true + cache-from: type=gha,scope=${{ github.repository }}-${{ github.ref_name }}-${{ matrix.platform }} + cache-to: type=gha,scope=${{ github.repository }}-${{ github.ref_name }}-${{ matrix.platform }} - name: Export digest run: | @@ -77,7 +83,6 @@ jobs: name: digests-linux-${{ matrix.arch }} path: ${{ runner.temp }}/digests/* if-no-files-found: error - retention-days: 1 merge: runs-on: ubuntu-latest @@ -93,13 +98,6 @@ jobs: pattern: digests-* merge-multiple: true - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -107,7 +105,7 @@ jobs: id: meta uses: docker/metadata-action@v5 with: - images: ghcr.io/${{ github.repository }} + images: ${{ env.GHCR_IMAGE }} tags: | type=ref,event=pr @@ -115,17 +113,19 @@ jobs: # type=raw,value=latest # type=raw,value=noble - # image names must be all lower case, meta does this for us to make tags - # but can't get the image name back out - - name: Generate image repo name - run: echo REGISTRY_IMAGE=ghcr.io/$(tr '[:upper:]' '[:lower:]' <<< "${{ github.repository }}") >> $GITHUB_ENV + - name: Log in to GitHub Docker Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + $(printf '${{ env.GHCR_IMAGE }}@sha256:%s ' *) - name: Inspect image run: | - docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ No newline at end of file + docker buildx imagetools inspect ${{ env.GHCR_IMAGE }}:${{ steps.meta.outputs.version }} From f1a4768ce32a09cc4e46c47451580dd8a1532016 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Mon, 16 Feb 2026 15:07:16 +0000 Subject: [PATCH 13/16] Lowercase image name --- .github/workflows/ci.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b50deca..4372317 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,12 +12,6 @@ on: - '*' pull_request: -env: - # The name of the Docker image to be built and pushed to GHCR - # The image name is derived from the GitHub repository name and the GitHub Container Registry (GHCR) URL. - # The image name will be in the format: ghcr.io// - GHCR_IMAGE: ghcr.io/${{ github.repository }} - jobs: build: @@ -33,6 +27,9 @@ jobs: runs-on: ${{ matrix.runner }} steps: + - name: Set lowercase image name + run: echo "GHCR_IMAGE=${ghcr.io/${{ github.repository }},,}" >> $GITHUB_ENV + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -68,8 +65,6 @@ jobs: labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} outputs: type=image,name=${{ env.GHCR_IMAGE }},push-by-digest=true,name-canonical=true,push=true,oci-mediatypes=true - cache-from: type=gha,scope=${{ github.repository }}-${{ github.ref_name }}-${{ matrix.platform }} - cache-to: type=gha,scope=${{ github.repository }}-${{ github.ref_name }}-${{ matrix.platform }} - name: Export digest run: | @@ -91,6 +86,9 @@ jobs: # if: github.ref_type == 'tag' steps: + - name: Set lowercase image name + run: echo "GHCR_IMAGE=${ghcr.io/${{ github.repository }},,}" >> $GITHUB_ENV + - name: Download digests uses: actions/download-artifact@v4 with: From 584a7ca870d2c6f5844f331e62c4a5c28996fcc9 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Mon, 16 Feb 2026 15:13:12 +0000 Subject: [PATCH 14/16] Fix lowercase --- .github/workflows/ci.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4372317..ef338df 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,6 +12,12 @@ on: - '*' pull_request: +env: + # The name of the Docker image to be built and pushed to GHCR + # The image name is derived from the GitHub repository name and the GitHub Container Registry (GHCR) URL. + # The image name will be in the format: ghcr.io// + GHCR_IMAGE: ghcr.io/${{ github.repository }} + jobs: build: @@ -27,8 +33,8 @@ jobs: runs-on: ${{ matrix.runner }} steps: - - name: Set lowercase image name - run: echo "GHCR_IMAGE=${ghcr.io/${{ github.repository }},,}" >> $GITHUB_ENV + - name: Lowercase the image name + run: echo "GHCR_IMAGE=${GHCR_IMAGE,,}" >> $GITHUB_ENV - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -86,8 +92,8 @@ jobs: # if: github.ref_type == 'tag' steps: - - name: Set lowercase image name - run: echo "GHCR_IMAGE=${ghcr.io/${{ github.repository }},,}" >> $GITHUB_ENV + - name: Lowercase the image name + run: echo "GHCR_IMAGE=${GHCR_IMAGE,,}" >> $GITHUB_ENV - name: Download digests uses: actions/download-artifact@v4 From 7594f1e756ce346853eac76e44e5005e6fb5bab7 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Mon, 16 Feb 2026 16:54:39 +0000 Subject: [PATCH 15/16] Restore only running on tag --- .github/workflows/ci.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ef338df..4183206 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,7 +56,7 @@ jobs: run: docker run --rm tag_for_testing uvx pycowsay 'hello ubuntu-devcontainer!' - name: Log in to GitHub Docker Registry - # if: github.event_name != 'pull_request' + if: github.ref_type == 'tag' uses: docker/login-action@v3 with: registry: ghcr.io @@ -65,7 +65,7 @@ jobs: - name: Build and push by digest id: build - # if: github.ref_type == 'tag' + if: github.ref_type == 'tag' uses: docker/build-push-action@v6 with: labels: ${{ steps.meta.outputs.labels }} @@ -89,7 +89,7 @@ jobs: runs-on: ubuntu-latest needs: - build - # if: github.ref_type == 'tag' + if: github.ref_type == 'tag' steps: - name: Lowercase the image name @@ -111,11 +111,9 @@ jobs: with: images: ${{ env.GHCR_IMAGE }} tags: | - type=ref,event=pr - -# type=ref,event=tag -# type=raw,value=latest -# type=raw,value=noble + type=ref,event=tag + type=raw,value=latest + type=raw,value=noble - name: Log in to GitHub Docker Registry uses: docker/login-action@v3 From 43bdcf3cb484b7f11644698dd93fa371daf7a989 Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Mon, 16 Feb 2026 16:56:22 +0000 Subject: [PATCH 16/16] More tag checks --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4183206..c17f940 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -64,8 +64,8 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push by digest - id: build if: github.ref_type == 'tag' + id: build uses: docker/build-push-action@v6 with: labels: ${{ steps.meta.outputs.labels }} @@ -73,12 +73,14 @@ jobs: outputs: type=image,name=${{ env.GHCR_IMAGE }},push-by-digest=true,name-canonical=true,push=true,oci-mediatypes=true - name: Export digest + if: github.ref_type == 'tag' run: | mkdir -p ${{ runner.temp }}/digests digest="${{ steps.build.outputs.digest }}" touch "${{ runner.temp }}/digests/${digest#sha256:}" - name: Upload digest + if: github.ref_type == 'tag' uses: actions/upload-artifact@v4 with: name: digests-linux-${{ matrix.arch }}