GHA: Use shared workflow for multi-arch builds

awilfox · awilfox · commit 3ec0ba8848cb · 2026-06-24T13:54:00.000-05:00
Implements: AP-742
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -7,151 +7,36 @@ on:
   workflow_call:
   workflow_dispatch:
 
-env:
-  BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }}
-  DOCKER_METADATA_SET_OUTPUT_ENV: 'true'
-
 jobs:
-  build:
-    runs-on: ${{ matrix.runner }}
-    outputs:
-      build-image-arm: ${{ steps.gen-output.outputs.image-arm64 }}
-      build-image-x64: ${{ steps.gen-output.outputs.image-x64 }}
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - platform: linux/amd64
-            runner: ubuntu-24.04
-          - platform: linux/arm64
-            runner: ubuntu-24.04-arm
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - id: build-meta
-        name: Produce the build image tag
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/${{ github.repository }}
-          tags: type=sha,suffix=${{ env.BUILD_SUFFIX }}
-
-      # Build cache is shared among all builds of the same architecture
-      - id: cache-meta
-        name: Fetch build cache metadata
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/${{ github.repository }}
-          tags: type=raw,value=buildcache-${{ runner.arch }}
-
-      - id: get-registry
-        name: Get the sanitized registry name
-        run: |
-          echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT"
-
-      - id: set_build_url
-        name: Set BUILD_URL
-        run: |
-          echo "build_url=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" | tee -a "$GITHUB_OUTPUT"
-
-      - id: build
-        name: Build/push the arch-specific image
-        uses: docker/build-push-action@v6
-        with:
-          platforms: ${{ matrix.platform }}
-          build-args: |
-            BUILD_TIMESTAMP=${{ github.event.repository.updated_at }}
-            BUILD_URL=${{ steps.set_build_url.outputs.build_url }}
-            GIT_REF_NAME=${{ github.ref_name }}
-            GIT_SHA=${{ github.sha }}
-            GIT_REPOSITORY_URL=${{ github.repositoryUrl }}
-          cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }}
-          cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max
-          labels: ${{ steps.build-meta.outputs.labels }}
-          provenance: mode=max
-          sbom: true
-          tags: ${{ steps.get-registry.outputs.registry }}
-          outputs: type=image,push-by-digest=true,push=true
-
-      - id: gen-output
-        name: Write arch-specific image digest to outputs
-        run: |
-          echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT"
-
-  merge:
-    runs-on: ubuntu-latest
-    needs:
-      - build
-    env:
-      DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.build-image-arm }}
-      DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.build-image-x64 }}
-    outputs:
-      build-image: ${{ steps.meta.outputs.tags }}
-      build-image-arm: ${{ needs.build.outputs.build-image-arm }}
-      build-image-x64: ${{ needs.build.outputs.build-image-x64 }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/${{ github.repository }}
-          tags: |
-            type=sha,suffix=-build-${{ github.run_id }}_${{ github.run_attempt }}
-
-      - name: Push the multi-platform image
-        run: |
-          docker buildx imagetools create \
-            --tag "$DOCKER_METADATA_OUTPUT_TAGS" \
-            "$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64"
+  docker-build:
+    uses: BerkeleyLibrary/.github/.github/workflows/docker-build.yml@v2.0.0
+    with:
+      image: ghcr.io/${{ github.repository }}
+    secrets: inherit
 
   test:
     runs-on: ubuntu-24.04
     needs: 
-      - merge
+      - docker-build
     env:
       COMPOSE_FILE: docker-compose.yml:docker-compose.ci.yml
-      DOCKER_APP_IMAGE: ${{ needs.merge.outputs.build-image }}
+      DOCKER_APP_IMAGE: ${{ needs.docker-build.outputs.image }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Docker Compose
-        uses: docker/setup-compose-action@v1
+        uses: docker/setup-compose-action@v2
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup the stack
         run: |
-          docker compose build --quiet
-          docker compose pull --quiet
           docker compose up --wait
           docker compose exec -u root app chown -R alma:alma artifacts
 
@@ -174,46 +59,19 @@ jobs:
 
       - name: Upload the test report
         if: ${{ always() }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: alma-user-load Build Report (${{ github.run_id }}_${{ github.run_attempt }})
           path: artifacts/*
           if-no-files-found: error
 
   push:
-    runs-on: ubuntu-24.04
     needs:
-      - merge
+      - docker-build
       - test
-    env:
-      DOCKER_APP_IMAGE: ${{ needs.merge.outputs.build-image }}
-      DOCKER_APP_IMAGE_ARM64: ${{ needs.merge.outputs.build-image-arm }}
-      DOCKER_APP_IMAGE_X64: ${{ needs.merge.outputs.build-image-x64 }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Produce permanent image tags
-        id: branch-meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/${{ github.repository }}
-          tags: |
-            type=sha
-            type=ref,event=branch
-            type=raw,value=latest,enable={{is_default_branch}}
-
-      - name: Retag and push the image
-        run: |
-          docker buildx imagetools create \
-            $(jq -cr '.tags | map("--tag " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $DOCKER_APP_IMAGE_ARM64 $DOCKER_APP_IMAGE_X64
+    uses: BerkeleyLibrary/.github/.github/workflows/docker-push.yml@v2.0.0
+    with:
+      image: ghcr.io/${{ github.repository }}
+      build-image-arm64: ${{ needs.docker-build.outputs.image-arm64 }}
+      build-image-x64: ${{ needs.docker-build.outputs.image-x64 }}
+    secrets: inherit
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,55 +7,9 @@ on:
   workflow_call:
   workflow_dispatch:
 
-env:
-  DOCKER_METADATA_SET_OUTPUT_ENV: 'true'
-
 jobs:
-  retag:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Determine the sha-based image tag to retag
-        id: get-base-image
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/${{ github.repository }}
-          tags: type=sha
-
-      - name: Verify that the image was previously built
-        env:
-          BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }}
-        run: |
-          docker manifest inspect "$BASE_IMAGE"
-
-      - name: Produce release tags
-        id: tag-meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/${{ github.repository }}
-          flavor: latest=false
-          tags: |
-            type=ref,event=tag
-            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}}
-
-      - name: Retag the pulled image
-        env:
-          BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }}
-        run: |
-          docker buildx imagetools create \
-            $(jq -cr '.tags | map("--tag " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            "$(echo "$BASE_IMAGE" | cut -f1 -d:)"
+  release:
+    uses: BerkeleyLibrary/.github/.github/workflows/docker-release.yml@v2.0.0
+    with:
+      image: ghcr.io/${{ github.repository }}
+    secrets: inherit
