From dbdb21c15dbb6f18f9f6066773ea5127417cc92a Mon Sep 17 00:00:00 2001 From: NN708 Date: Tue, 10 Feb 2026 02:49:03 +0000 Subject: [PATCH 1/2] feat/ci: native arm64 build --- .github/workflows/vib-build.yml | 101 ++++++++++++++++++++++++++------ 1 file changed, 84 insertions(+), 17 deletions(-) diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml index 8324ca0..50c3c04 100644 --- a/.github/workflows/vib-build.yml +++ b/.github/workflows/vib-build.yml @@ -90,7 +90,15 @@ jobs: fi build: - runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - runner: ubuntu-latest + arch: amd64 + - runner: ubuntu-24.04-arm + arch: arm64 + runs-on: ${{ matrix.runner }} needs: check_update if: ${{ needs.check_update.outputs.has_updates == 'true' }} @@ -111,6 +119,7 @@ jobs: with: name: Containerfile path: Containerfile + overwrite: true - name: Generate image name run: | @@ -124,17 +133,10 @@ jobs: echo -n "${{ env.REPO_OWNER_LOWERCASE }}/${{ env.CUSTOM_IMAGE_NAME }}" > ./includes.container/image-info/image-name - name: Docker meta - id: docker_meta + id: meta uses: docker/metadata-action@v5 with: - images: | - ${{ env. IMAGE_URL }} - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{raw}} - type=semver,pattern=v{{major}} - type=ref,event=branch + images: ${{ env.IMAGE_URL }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -147,19 +149,19 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and Push the Docker image - id: push + - name: Build and push by digest + id: build uses: docker/build-push-action@v6 with: context: . file: Containerfile - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} + tags: ${{ env.IMAGE_URL }} + labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - platforms: linux/amd64 + platforms: linux/${{ matrix.arch }} provenance: false + outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} - name: Attest pushed image uses: actions/attest-build-provenance@v3 @@ -167,5 +169,70 @@ jobs: if: ${{ github.event_name != 'pull_request' }} with: subject-name: ${{ env.IMAGE_URL }} - subject-digest: ${{ steps.push.outputs.digest }} + subject-digest: ${{ steps.build.outputs.digest }} push-to-registry: false + + - name: Export digest + if: ${{ github.event_name != 'pull_request' }} + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v6 + if: ${{ github.event_name != 'pull_request' }} + with: + name: digests-${{ matrix.arch }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + if: ${{ github.event_name != 'pull_request' }} + needs: build + permissions: + packages: write # Allow pushing images to GHCR + + steps: + - name: Generate image name + run: | + REPO_OWNER_LOWERCASE="$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" + echo "REPO_OWNER_LOWERCASE=$REPO_OWNER_LOWERCASE">> "$GITHUB_ENV" + echo "IMAGE_URL=ghcr.io/$REPO_OWNER_LOWERCASE/${{ env.CUSTOM_IMAGE_NAME }}">> "$GITHUB_ENV" + + - name: Download digests + uses: actions/download-artifact@v7 + with: + path: ${{ runner.temp }}/digests + pattern: digests-* + merge-multiple: true + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.IMAGE_URL }} + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{raw}} + type=semver,pattern=v{{major}} + type=ref,event=branch + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Package Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.IMAGE_URL }}@sha256:%s ' *) From 9e8ca8cd957212ea3e48bf2964c1c4e1cc65f18e Mon Sep 17 00:00:00 2001 From: NN708 Date: Tue, 10 Feb 2026 02:49:30 +0000 Subject: [PATCH 2/2] build: bump vib-fsguard to 1.6.1 --- .github/workflows/release.yml | 2 +- .github/workflows/vib-build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c766102..42e4cbe 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: - uses: vanilla-os/vib-gh-action@v1.0.7 with: recipe: 'recipe.yml' - plugins: 'Vanilla-OS/vib-fsguard:v1.5.3' + plugins: 'Vanilla-OS/vib-fsguard:v1.6.1' - uses: actions/upload-artifact@v6 with: diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml index 50c3c04..0b10e14 100644 --- a/.github/workflows/vib-build.yml +++ b/.github/workflows/vib-build.yml @@ -113,7 +113,7 @@ jobs: - uses: vanilla-os/vib-gh-action@v1.0.7 with: recipe: 'recipe.yml' - plugins: 'Vanilla-OS/vib-fsguard:v1.5.3' + plugins: 'Vanilla-OS/vib-fsguard:v1.6.1' - uses: actions/upload-artifact@v6 with: