wip

.github/actions/buildx-bake/build/action.yml

@@ -0,0 +1,90 @@
+name: "Build & Push Images"
+description: "Download metadata, build multi‑arch images, push by digest, and upload per‑platform digests."
+inputs:
+  bake-target:
+    description: 'Target name for `docker buildx bake`'
+    required: false
+    type: string
+    default: 'build'
+  registry:
+    description: 'The container registry'
+    required: false
+    default: 'ghcr.io'
+  registry-username:
+    description: 'The container registry username'
+    required: true
+    default: ${{ github.actor }}
+  registry-password:
+    description: 'The container registry password'
+    required: true
+  registry-image:
+    description: 'Container registry + image prefix'
+    required: false
+    type: string
+  free-disk-space:
+    description: 'Free disk space before build'
+    required: false
+    default: false
+    type: boolean
+runs:
+  using: "composite"
+  steps:
+    - name: Prepare env
+      shell: bash
+      run: |
+        platform=${{ matrix.platform }}
+        echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+    - name: Download meta bake file
+      uses: actions/download-artifact@v4
+      with:
+        name: bake-meta
+        path: ${{ runner.temp }}
+
+    - name: Login to registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.registry-username }}
+        password: ${{ inputs.registry-password }}
+
+    - name: Setup QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Setup Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Free Disk Space (Ubuntu)
+      uses: jlumbroso/free-disk-space@v1.3.1
+      if: ${{ inputs.free-disk-space == true }}
+      with:
+        tool-cache: true
+
+    - name: Build & push images
+      id: bake
+      uses: docker/bake-action@v6
+      env:
+        NO_TAG: true
+      with:
+        files: |
+          ./docker-bake.hcl
+          cwd://${{ runner.temp }}/bake-meta.json
+        targets: ${{ inputs.bake-target }}
+        set: |
+          ${{ inputs.registry-image != '' && format('*.tags={0}', inputs.registry-image) || '' }}
+          *.platform=${{ matrix.platform }}
+          *.output=type=image,push-by-digest=true,name-canonical=true,push=true
+
+    - name: Export container digests
+      shell: bash
+      run: |
+        mkdir -p ${{ runner.temp }}/digests
+        echo '${{ steps.bake.outputs.metadata }}' | jq 'with_entries(select(.value["containerimage.digest"]?) | .value |= {name: .["image.name"], digests:[.["containerimage.digest"]]})' > ${{ runner.temp }}/digests/${{ env.PLATFORM_PAIR }}.json
+
+    - name: Upload digest
+      uses: actions/upload-artifact@v4
+      with:
+        name: digests-${{ env.PLATFORM_PAIR }}
+        path: ${{ runner.temp }}/digests/*
+        if-no-files-found: error
+        retention-days: 1

.github/actions/buildx-bake/merge/action.yml

@@ -0,0 +1,71 @@
+name: "Merge & Publish Manifests"
+description: "Download digests, create manifest lists, push them, and inspect the published images."
+inputs:
+  registry:
+    description: 'The container registry'
+    required: false
+    default: 'ghcr.io'
+  registry-username:
+    description: 'The container registry username'
+    required: true
+    default: ${{ github.actor }}
+  registry-password:
+    description: 'The container registry password'
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Download meta bake file
+      uses: actions/download-artifact@v4
+      with:
+        name: bake-meta
+        path: ${{ runner.temp }}
+
+    - name: Download all digests
+      uses: actions/download-artifact@v4
+      with:
+        path: ${{ runner.temp }}/digests
+        pattern: digests-*
+        merge-multiple: true
+
+    - name: Login to registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.registry-username }}
+        password: ${{ inputs.registry-password }}
+
+    - name: Setup Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Create manifest lists & push
+      shell: bash
+      run: |
+        JSON_FILE=${{ runner.temp }}/digests/all.json
+        jq -s '
+          reduce .[] as $doc ({};
+            reduce ($doc|to_entries[]) as $kv (
+              .;
+              .[$kv.key].name    = $kv.value.name
+              | .[$kv.key].digests = ((.[$kv.key].digests // []) + $kv.value.digests)
+            )
+          )
+        ' ${{ runner.temp }}/digests/*.json > $JSON_FILE
+        for key in $(jq -r 'keys[]' "$JSON_FILE"); do
+          image_name=$(jq -r ".\"$key\".name" "$JSON_FILE")
+          image_digests=$(jq -r ".\"$key\".digests[]" "$JSON_FILE" | while read -r digest; do echo "${image_name}@${digest} "; done)
+          image_tags=$(jq -cr '(.target."docker-metadata-action".tags // [] ) | map("-t '${image_name}':" + sub(".*:"; "")) | join(" ")' ${{ runner.temp }}/bake-meta.json)
+          docker buildx imagetools create \
+            ${image_tags} \
+            ${image_digests}
+        done
+
+    - name: Inspect published images
+      shell: bash
+      run: |
+        JSON_FILE=${{ runner.temp }}/digests/all.json
+        version=$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' ${{ runner.temp }}/bake-meta.json)
+        for key in $(jq -r 'keys[]' "$JSON_FILE"); do
+          image_name=$(jq -r ".\"$key\".name" "$JSON_FILE")
+          docker buildx imagetools inspect ${image_name}:${version}
+        done

.github/actions/buildx-bake/prepare/action.yml

@@ -0,0 +1,57 @@
+name: "Prepare Build Matrix & Metadata"
+description: "Generate platform matrix and bake metadata file for later steps."
+inputs:
+  bake-target:
+    description: 'Target name for `docker buildx bake`'
+    required: false
+    type: string
+    default: 'build'
+  meta-tags:
+    description: 'The tags to add to the image'
+    required: false
+  meta-labels:
+    description: 'The labels to add to the image'
+    required: false
+  registry-image:
+    description: 'Container registry + image prefix (e.g. ghcr.io/org/repo)'
+    required: false
+    type: string
+outputs:
+  matrix:
+    description: 'JSON array of platforms'
+    value: ${{ steps.platforms.outputs.matrix }}
+runs:
+  using: "composite"
+  steps:
+    - name: Create matrix
+      id: platforms
+      shell: bash
+      run: |
+        MATRIX=$(docker buildx bake ${{ inputs.bake-target }} \
+          --print | jq -c '.target | to_entries | map(.value.platforms[]) | unique')
+        echo "matrix=$MATRIX" >>${GITHUB_OUTPUT}
+
+    - name: Show matrix
+      shell: bash
+      run: echo ${{ steps.platforms.outputs.matrix }}
+
+    - name: Docker metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ inputs.registry-image }}
+        tags: ${{ inputs.meta-tags }}
+        labels: ${{ inputs.meta-labels }}
+
+    - name: Rename meta file
+      shell: bash
+      run: |
+        mv "${{ steps.meta.outputs.bake-file }}" "${{ runner.temp }}/bake-meta.json"
+
+    - name: Upload meta bake file
+      uses: actions/upload-artifact@v4
+      with:
+        name: bake-meta
+        path: ${{ runner.temp }}/bake-meta.json
+        if-no-files-found: error
+        retention-days: 1

.github/actions/command/action.yml

@@ -0,0 +1,48 @@
+name: "Run Command & Upload Artifact"
+description: "Composite action to run a command and upload its output as an artifact."
+inputs:
+  command:
+    description: 'Command to run'
+    required: true
+    type: string
+  artifact-name:
+    description: 'Name of the composite action'
+    required: false
+    type: string
+  artifact-path:
+    description: 'Path to the artifact to upload'
+    required: false
+    type: string
+  artifact-overwrite:
+    description: 'Whether to overwrite the artifact if it already exists'
+    required: false
+    type: boolean
+    default: false
+  artifact-if-no-files-found:
+    description: 'Action to take if no files are found to upload'
+    required: false
+    type: string
+    default: 'warn'
+  artifact-retention-days:
+    description: 'Number of days to retain the artifact'
+    required: false
+    type: number
+    default: 30
+
+runs:
+  using: "composite"
+  steps:
+    - name: Run command
+      id: run-command
+      shell: bash
+      run: "${{ inputs.command }}"
+
+    - name: Upload command output as artifact
+      uses: eviden-actions/upload-artifact@v2
+      if: inputs.artifact-name != '' && inputs.artifact-path != ''
+      with:
+        name: ${{ inputs.artifact-name }}
+        path: ${{ inputs.artifact-path }}
+        overwrite: ${{ inputs.artifact-overwrite }}
+        if-no-files-found: ${{ inputs.artifact-if-no-files-found }}
+        retention-days: ${{ inputs.artifact-retention-days }}