build images on native arch, then merge later

henderkes · henderkes · commit 2c0cf0abe084 · 2026-05-07T12:09:03.000+07:00
diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml
@@ -14,57 +14,119 @@ permissions:
     contents: read
     packages: write
 
+env:
+    REGISTRY: ghcr.io
+    OWNER: static-php
+
 jobs:
     build:
-        runs-on: ubuntu-24.04
+        name: Build (${{ matrix.image.name }} ${{ matrix.platform.arch }})
         strategy:
             fail-fast: false
             matrix:
-                include:
+                image:
                     -   dockerfile: Dockerfile.debian
-                        image: packages-builder-debian
+                        name: packages-builder-debian
                         build-args: ""
                     -   dockerfile: Dockerfile.alpine
-                        image: packages-builder-alpine
+                        name: packages-builder-alpine
                         build-args: ""
                     -   dockerfile: Dockerfile.rhel
-                        image: packages-builder-rhel-8
+                        name: packages-builder-rhel-8
                         build-args: "ALMA_VERSION=8"
                     -   dockerfile: Dockerfile.rhel
-                        image: packages-builder-rhel-9
+                        name: packages-builder-rhel-9
                         build-args: "ALMA_VERSION=9"
                     -   dockerfile: Dockerfile.rhel
-                        image: packages-builder-rhel-10
+                        name: packages-builder-rhel-10
                         build-args: "ALMA_VERSION=10"
+                platform:
+                    -   arch: amd64
+                        runs-on: ubuntu-24.04
+                    -   arch: arm64
+                        runs-on: ubuntu-24.04-arm
+        runs-on: ${{ matrix.platform.runs-on }}
         steps:
             -   name: Checkout
                 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
                 with:
                     persist-credentials: false
 
-            -   name: Set up QEMU
-                uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
-
             -   name: Set up Docker Buildx
                 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
 
             -   name: Log in to GHCR
                 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
                 with:
-                    registry: ghcr.io
+                    registry: ${{ env.REGISTRY }}
                     username: ${{ github.actor }}
                     password: ${{ secrets.GITHUB_TOKEN }}
 
-            -   name: Build and push ${{ matrix.image }}
+            -   name: Build and push by digest
+                id: build
                 uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6
                 with:
                     context: .
-                    file: ${{ matrix.dockerfile }}
-                    platforms: linux/amd64,linux/arm64
-                    push: true
-                    tags: |
-                        ghcr.io/static-php/${{ matrix.image }}:latest
-                        ghcr.io/static-php/${{ matrix.image }}:${{ github.sha }}
-                    build-args: ${{ matrix.build-args }}
-                    cache-from: type=gha,scope=${{ matrix.image }}
-                    cache-to: type=gha,scope=${{ matrix.image }},mode=max
+                    file: ${{ matrix.image.dockerfile }}
+                    platforms: linux/${{ matrix.platform.arch }}
+                    build-args: ${{ matrix.image.build-args }}
+                    cache-from: type=gha,scope=${{ matrix.image.name }}-${{ matrix.platform.arch }}
+                    cache-to: type=gha,scope=${{ matrix.image.name }}-${{ matrix.platform.arch }},mode=max
+                    outputs: type=image,name=${{ env.REGISTRY }}/${{ env.OWNER }}/${{ matrix.image.name }},push-by-digest=true,name-canonical=true,push=true
+
+            -   name: Export digest
+                run: |
+                    mkdir -p /tmp/digests
+                    digest="${{ steps.build.outputs.digest }}"
+                    touch "/tmp/digests/${digest#sha256:}"
+
+            -   name: Upload digest
+                uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+                with:
+                    name: digests-${{ matrix.image.name }}-${{ matrix.platform.arch }}
+                    path: /tmp/digests/*
+                    if-no-files-found: error
+                    retention-days: 1
+
+    merge:
+        name: Merge manifest (${{ matrix.image }})
+        runs-on: ubuntu-24.04
+        needs: build
+        strategy:
+            fail-fast: false
+            matrix:
+                image:
+                    - packages-builder-debian
+                    - packages-builder-alpine
+                    - packages-builder-rhel-8
+                    - packages-builder-rhel-9
+                    - packages-builder-rhel-10
+        steps:
+            -   name: Download digests
+                uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+                with:
+                    pattern: digests-${{ matrix.image }}-*
+                    path: /tmp/digests
+                    merge-multiple: true
+
+            -   name: Set up Docker Buildx
+                uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
+
+            -   name: Log in to GHCR
+                uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+                with:
+                    registry: ${{ env.REGISTRY }}
+                    username: ${{ github.actor }}
+                    password: ${{ secrets.GITHUB_TOKEN }}
+
+            -   name: Create manifest list
+                working-directory: /tmp/digests
+                run: |
+                    docker buildx imagetools create \
+                        -t ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ matrix.image }}:latest \
+                        -t ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ matrix.image }}:${{ github.sha }} \
+                        $(printf '${{ env.REGISTRY }}/${{ env.OWNER }}/${{ matrix.image }}@sha256:%s ' *)
+
+            -   name: Inspect manifest
+                run: |
+                    docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ matrix.image }}:${{ github.sha }}
diff --git a/Dockerfile.alpine b/Dockerfile.alpine
@@ -2,6 +2,8 @@ FROM ubuntu:24.04
 
 ARG TARGETARCH
 ARG RPM_ARCH
+ARG UID=1000
+ARG GID=1000
 
 ENV DEBIAN_FRONTEND=noninteractive
 
@@ -47,6 +49,7 @@ RUN cd /tmp/spc-bootstrap && \
     php vendor/bin/spc install-pkg go-xcaddy && \
     php vendor/bin/spc install-pkg zig && \
     SPC_TARGET=native-native-musl php vendor/bin/spc doctor --auto-fix --debug && \
-    rm -rf /tmp/spc-bootstrap /root/.composer /root/.cache
+    rm -rf /tmp/spc-bootstrap /root/.composer /root/.cache && \
+    chown -R ${UID}:${GID} "$PKG_ROOT_PATH"
 
 WORKDIR /build
diff --git a/Dockerfile.debian b/Dockerfile.debian
@@ -2,6 +2,8 @@ FROM debian:11
 
 ARG TARGETARCH
 ARG RPM_ARCH
+ARG UID=1000
+ARG GID=1000
 
 RUN if [ -z "${RPM_ARCH}" ]; then \
         case "${TARGETARCH:-$(dpkg --print-architecture 2>/dev/null || uname -m)}" in \
@@ -44,6 +46,7 @@ RUN cd /tmp/spc-bootstrap && \
     php vendor/bin/spc install-pkg go-xcaddy && \
     php vendor/bin/spc install-pkg zig && \
     SPC_TARGET=native-native-musl php vendor/bin/spc doctor --auto-fix --debug && \
-    rm -rf /tmp/spc-bootstrap /root/.composer /root/.cache
+    rm -rf /tmp/spc-bootstrap /root/.composer /root/.cache && \
+    chown -R ${UID}:${GID} "$PKG_ROOT_PATH"
 
 WORKDIR /build
diff --git a/Dockerfile.rhel b/Dockerfile.rhel
@@ -4,6 +4,8 @@ FROM almalinux:${ALMA_VERSION}
 ARG ALMA_VERSION=10
 ARG TARGETARCH
 ARG RPM_ARCH
+ARG UID=1000
+ARG GID=1000
 
 SHELL ["/bin/bash", "-c"]
 
@@ -78,6 +80,7 @@ RUN cd /tmp/spc-bootstrap && \
     php vendor/bin/spc install-pkg go-xcaddy && \
     php vendor/bin/spc install-pkg zig && \
     SPC_TARGET=native-native-musl php vendor/bin/spc doctor --auto-fix --debug && \
-    rm -rf /tmp/spc-bootstrap /root/.composer /root/.cache
+    rm -rf /tmp/spc-bootstrap /root/.composer /root/.cache && \
+    chown -R ${UID}:${GID} "$PKG_ROOT_PATH"
 
 WORKDIR /build
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -13,13 +13,19 @@ services:
     build:
       context: .
       dockerfile: Dockerfile.debian
+      args:
+        UID: "${UID:-1000}"
+        GID: "${GID:-1000}"
     container_name: packages-debian
 
   alpine:
     <<: *build-defaults
     build:
       context: .
       dockerfile: Dockerfile.alpine
+      args:
+        UID: "${UID:-1000}"
+        GID: "${GID:-1000}"
     container_name: packages-alpine
 
   rhel-8:
@@ -29,6 +35,8 @@ services:
       dockerfile: Dockerfile.rhel
       args:
         ALMA_VERSION: "8"
+        UID: "${UID:-1000}"
+        GID: "${GID:-1000}"
     container_name: packages-rhel-8
 
   rhel-9:
@@ -38,6 +46,8 @@ services:
       dockerfile: Dockerfile.rhel
       args:
         ALMA_VERSION: "9"
+        UID: "${UID:-1000}"
+        GID: "${GID:-1000}"
     container_name: packages-rhel-9
 
   rhel-10:
@@ -47,4 +57,6 @@ services:
       dockerfile: Dockerfile.rhel
       args:
         ALMA_VERSION: "10"
+        UID: "${UID:-1000}"
+        GID: "${GID:-1000}"
     container_name: packages-rhel-10
