Files
ci-templates/.gitea/workflows/build-push.yaml
Martin Maslyankov 79b5491e28 build-push: default to multi-arch on the amd64 runner
Flips two defaults and adds setup-qemu-action so every caller that
doesn't override now produces a linux/amd64,linux/arm64 manifest list
out of the box, running on the new k8s-runner-amd64 in the primary
cluster (with QEMU emulating arm64 in the same dind sidecar).

Why now: the wectrl k8s cluster gained an x86 builder node, and the
warm-standby cluster in hel1 is already x86. With multi-arch images,
both clusters can pull the same manifest — no more per-arch divergence,
no more rebuilds when migrating workloads between clusters.

Callers can still pin to a single arch (`platforms: linux/arm64`) or
keep the existing arm runner (`runner: ubuntu-latest`) when an ERPNext-
sized build would be unacceptable under QEMU. Most JS/Astro/static
images aren't bottlenecked by the emulated leg.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 16:11:17 +03:00

139 lines
4.9 KiB
YAML

# Reusable workflow: Build Docker image and push to Gitea registry
# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/build-push.yaml@main
name: Build & Push Docker Image
on:
workflow_call:
inputs:
image-name:
description: "Full image name (e.g. git.wectrl.net/wectrl-net/my-service)"
required: true
type: string
context:
description: "Docker build context path"
required: false
type: string
default: "."
dockerfile:
description: "Path to Dockerfile (relative to context)"
required: false
type: string
default: "Dockerfile"
platforms:
description: "Target platforms (e.g. linux/amd64,linux/arm64). Default builds multi-arch — both clusters can pull the same manifest."
required: false
type: string
default: "linux/amd64,linux/arm64"
build-args:
description: "Docker build args (newline-separated KEY=VALUE)"
required: false
type: string
default: ""
version:
description: "Optional version for pinned dev tags (e.g. '123' produces 'dev-v123'). Only applies on dev branch."
required: false
type: string
default: ""
runner:
description: "Runner label to use. Default is `amd64` (the k8s-runner-amd64 on the x86 builder node); arm64 leg is built via QEMU on the same host. Set to `ubuntu-latest` to fall back to the ARM runner — useful for Rust/heavy builds that benefit from native arm64."
required: false
type: string
default: "amd64"
secrets:
REGISTRY_USER:
required: true
REGISTRY_TOKEN:
required: true
outputs:
image-tag:
description: "The sha-based image tag that was pushed"
value: ${{ jobs.build.outputs.image-tag }}
env-tag:
description: "The environment tag that was pushed (prod, staging, dev, or dev-v{N})"
value: ${{ jobs.build.outputs.env-tag }}
jobs:
build:
name: Build & Push
runs-on: ${{ inputs.runner }}
container:
image: catthehacker/ubuntu:act-22.04@sha256:52581951350bf4f1137d44883626850bdfa35a8e5318b95dcb22226caece3bc9
options: --privileged
outputs:
image-tag: ${{ steps.tag.outputs.tag }}
env-tag: ${{ steps.tag.outputs.env-tag }}
steps:
- uses: actions/checkout@v4
- name: Compute image tag
id: tag
shell: bash
run: |
SHORT_SHA="${{ gitea.sha }}"
SHORT_SHA="${SHORT_SHA:0:7}"
echo "tag=sha-${SHORT_SHA}" >> "$GITEA_OUTPUT"
# Determine environment tag from branch
REF="${{ gitea.ref }}"
VERSION="${{ inputs.version }}"
case "$REF" in
refs/heads/main|refs/heads/master)
echo "env-tag=prod" >> "$GITEA_OUTPUT"
;;
refs/heads/staging)
echo "env-tag=staging" >> "$GITEA_OUTPUT"
;;
refs/heads/dev)
if [ -n "$VERSION" ]; then
echo "env-tag=dev-v${VERSION}" >> "$GITEA_OUTPUT"
else
echo "env-tag=dev" >> "$GITEA_OUTPUT"
fi
;;
*)
echo "env-tag=" >> "$GITEA_OUTPUT"
;;
esac
- name: Log in to Gitea registry
uses: docker/login-action@v3
with:
registry: git.wectrl.net
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ inputs.image-name }}
tags: |
type=sha,prefix=sha-
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=${{ steps.tag.outputs.env-tag }},enable=${{ steps.tag.outputs.env-tag != '' }}
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
# Install QEMU binfmt_misc handlers inside the dind sidecar so
# buildx can emulate the non-native target arch. On the amd64
# runner this enables linux/arm64 builds; on the arm runner it
# enables linux/amd64. No-op when only one platform is targeted.
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v6
with:
context: ${{ inputs.context }}
file: ${{ inputs.context }}/${{ inputs.dockerfile }}
platforms: ${{ inputs.platforms }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: ${{ inputs.build-args }}
cache-from: type=registry,ref=${{ inputs.image-name }}:buildcache
cache-to: type=registry,ref=${{ inputs.image-name }}:buildcache,mode=max