From f56aa391d265ff14da9b6f84e7b5b2f67bcbd4c2 Mon Sep 17 00:00:00 2001 From: Daniel Xifra Date: Wed, 28 Jan 2026 15:06:59 -0300 Subject: [PATCH 1/4] testing --- .github/workflows/release.yaml | 136 +++++++++++++++++++++++-- docker/Dockerfile.rbuilder-from-binary | 8 ++ 2 files changed, 136 insertions(+), 8 deletions(-) create mode 100644 docker/Dockerfile.rbuilder-from-binary diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f438129e3..3116a47b9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -263,9 +263,9 @@ jobs: echo "### Release Draft: ${{ env.VERSION }}" >> $GITHUB_STEP_SUMMARY echo "${{ steps.create-release-draft.outputs.url }}" >> $GITHUB_STEP_SUMMARY - build-docker: + build-docker-linux-amd64: if: ${{ github.event.inputs.build-docker == 'true' }} - name: Build and publish Docker image + name: Build and publish Docker image (linux/amd64) needs: extract-version runs-on: warp-ubuntu-2404-x64-16x env: @@ -278,8 +278,13 @@ jobs: - name: checkout sources uses: actions/checkout@v4 - - name: docker qemu - uses: docker/setup-qemu-action@v3 + - name: Download linux rbuilder binary + id: download-binary + continue-on-error: true + uses: actions/download-artifact@v4 + with: + name: rbuilder-${{ env.VERSION }}-x86_64-unknown-linux-gnu${{ github.event.inputs.features && format('-{0}', github.event.inputs.features) || '' }} + path: . - name: docker buildx uses: docker/setup-buildx-action@v3 @@ -295,8 +300,6 @@ jobs: type=semver,pattern={{version}},value=${{ env.VERSION }} type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }} type=semver,pattern={{major}},value=${{ env.VERSION }} - - # Push latest tag for full version only, not for prerelease versions (i.e. not for v1.2.3-rc1) type=raw,value=latest,enable=${{ !contains(env.VERSION, '-') }} - name: docker login @@ -306,7 +309,21 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: docker build and push + - name: docker build and push (from binary) + if: steps.download-binary.outcome == 'success' + uses: docker/build-push-action@v5 + with: + cache-from: type=gha + cache-to: type=gha,mode=max + file: docker/Dockerfile.rbuilder-from-binary + context: . + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64 + push: true + tags: ${{ steps.meta.outputs.tags }} + + - name: docker build and push (from source) + if: steps.download-binary.outcome != 'success' uses: docker/build-push-action@v5 with: cache-from: type=gha @@ -318,9 +335,112 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} + build-docker-linux-arm64: + if: ${{ github.event.inputs.build-docker == 'true' }} + name: Build and publish Docker image (linux/arm64) + needs: extract-version + runs-on: warp-ubuntu-2404-arm64-16x + env: + VERSION: ${{ needs.extract-version.outputs.VERSION }} + permissions: + contents: read + packages: write + + steps: + - name: checkout sources + uses: actions/checkout@v4 + + - name: docker buildx + uses: docker/setup-buildx-action@v3 + + - name: docker metadata + uses: docker/metadata-action@v5 + id: meta + with: + images: ghcr.io/${{ github.repository }} + labels: org.opencontainers.image.source=${{ github.repositoryUrl }} + tags: | + type=sha,suffix=-linux-arm64 + type=semver,pattern={{version}},value=${{ env.VERSION }},suffix=-linux-arm64 + type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }},suffix=-linux-arm64 + type=semver,pattern={{major}},value=${{ env.VERSION }},suffix=-linux-arm64 + type=raw,value=latest,enable=${{ !contains(env.VERSION, '-') }},suffix=-linux-arm64 + + - name: docker login + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: docker build and push (from source, native arm64) + uses: docker/build-push-action@v5 + with: + cache-from: type=gha + cache-to: type=gha,mode=max + file: docker/Dockerfile.rbuilder + context: . + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + + build-docker-manifest: + if: ${{ github.event.inputs.build-docker == 'true' }} + name: Create multi-arch Docker manifest + needs: [extract-version, build-docker-linux-amd64, build-docker-linux-arm64] + runs-on: warp-ubuntu-2404-x64-16x + env: + VERSION: ${{ needs.extract-version.outputs.VERSION }} + permissions: + contents: read + packages: write + + steps: + - name: docker buildx + uses: docker/setup-buildx-action@v3 + + - name: docker login + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create and push multi-arch manifest + run: | + IMAGE="ghcr.io/${{ github.repository }}" + + # Build list of tags + TAGS=( + "sha-${GITHUB_SHA:0:7}" + "${{ env.VERSION }}" + ) + + # Add version tags (major.minor, major) if not a prerelease + if [[ "${{ env.VERSION }}" != *"-"* ]]; then + TAGS+=("latest") + # Extract major.minor if version format is vX.Y.Z + if [[ "${{ env.VERSION }}" =~ ^v([0-9]+)\.([0-9]+)\. ]]; then + MAJOR="${BASH_REMATCH[1]}" + MINOR="${BASH_REMATCH[2]}" + TAGS+=("${MAJOR}.${MINOR}" "${MAJOR}") + fi + fi + + # Create multi-arch manifest for each tag combining both architectures + for TAG in "${TAGS[@]}"; do + docker buildx imagetools create \ + --tag "${IMAGE}:${TAG}" \ + "${IMAGE}:${TAG}-linux-amd64" \ + "${IMAGE}:${TAG}-linux-arm64" + done + + echo "✅ Multi-arch manifests created for all tags" + - name: Write Docker Summary run: | - echo "### 🐳 Docker Images Published" >> $GITHUB_STEP_SUMMARY + echo "### 🐳 Multi-Arch Docker Images Published" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**Package URL:** https://github.com/${{ github.repository }}/pkgs/container/rbuilder" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY diff --git a/docker/Dockerfile.rbuilder-from-binary b/docker/Dockerfile.rbuilder-from-binary new file mode 100644 index 000000000..2e0244a10 --- /dev/null +++ b/docker/Dockerfile.rbuilder-from-binary @@ -0,0 +1,8 @@ +# Minimal runtime image that reuses a pre-built rbuilder binary. +# The CI job downloads the linux/amd64 rbuilder binary into the build context as ./rbuilder + +FROM gcr.io/distroless/cc-debian12 +WORKDIR /app +COPY rbuilder /app/rbuilder +ENTRYPOINT ["/app/rbuilder"] + From 8546eed6bdec0d024dd445bf0982a6da3f8f39c7 Mon Sep 17 00:00:00 2001 From: Daniel Xifra Date: Wed, 28 Jan 2026 15:56:40 -0300 Subject: [PATCH 2/4] bugs --- .github/workflows/release.yaml | 86 +++++++++++++++++++++++++--------- 1 file changed, 64 insertions(+), 22 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3116a47b9..6d20406de 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -266,7 +266,7 @@ jobs: build-docker-linux-amd64: if: ${{ github.event.inputs.build-docker == 'true' }} name: Build and publish Docker image (linux/amd64) - needs: extract-version + needs: [extract-version, build-binary] runs-on: warp-ubuntu-2404-x64-16x env: VERSION: ${{ needs.extract-version.outputs.VERSION }} @@ -286,6 +286,25 @@ jobs: name: rbuilder-${{ env.VERSION }}-x86_64-unknown-linux-gnu${{ github.event.inputs.features && format('-{0}', github.event.inputs.features) || '' }} path: . + - name: Check if binary was downloaded + if: steps.download-binary.outcome != 'success' + run: | + echo "⚠️ Binary artifact not found. Will build from source." + echo "Artifact name attempted: rbuilder-${{ env.VERSION }}-x86_64-unknown-linux-gnu${{ github.event.inputs.features && format('-{0}', github.event.inputs.features) || '' }}" + echo "This is expected if build-binary job didn't run or Linux build was skipped." + + - name: Verify binary exists + if: steps.download-binary.outcome == 'success' + run: | + if [ -f "./rbuilder" ]; then + echo "✅ Binary downloaded successfully" + ls -lh ./rbuilder + else + echo "❌ Binary file not found after download" + find . -name "rbuilder" -type f || echo "No rbuilder file found" + exit 1 + fi + - name: docker buildx uses: docker/setup-buildx-action@v3 @@ -296,11 +315,11 @@ jobs: images: ghcr.io/${{ github.repository }} labels: org.opencontainers.image.source=${{ github.repositoryUrl }} tags: | - type=sha - type=semver,pattern={{version}},value=${{ env.VERSION }} - type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }} - type=semver,pattern={{major}},value=${{ env.VERSION }} - type=raw,value=latest,enable=${{ !contains(env.VERSION, '-') }} + type=sha,suffix=-linux-amd64 + type=semver,pattern={{version}},value=${{ env.VERSION }},suffix=-linux-amd64,enable=${{ startsWith(env.VERSION, 'v') }} + type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }},suffix=-linux-amd64,enable=${{ startsWith(env.VERSION, 'v') }} + type=semver,pattern={{major}},value=${{ env.VERSION }},suffix=-linux-amd64,enable=${{ startsWith(env.VERSION, 'v') }} + type=raw,value=latest,enable=${{ startsWith(env.VERSION, 'v') && !contains(env.VERSION, '-') }},suffix=-linux-amd64 - name: docker login uses: docker/login-action@v3 @@ -338,7 +357,7 @@ jobs: build-docker-linux-arm64: if: ${{ github.event.inputs.build-docker == 'true' }} name: Build and publish Docker image (linux/arm64) - needs: extract-version + needs: [extract-version, build-binary] runs-on: warp-ubuntu-2404-arm64-16x env: VERSION: ${{ needs.extract-version.outputs.VERSION }} @@ -361,10 +380,10 @@ jobs: labels: org.opencontainers.image.source=${{ github.repositoryUrl }} tags: | type=sha,suffix=-linux-arm64 - type=semver,pattern={{version}},value=${{ env.VERSION }},suffix=-linux-arm64 - type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }},suffix=-linux-arm64 - type=semver,pattern={{major}},value=${{ env.VERSION }},suffix=-linux-arm64 - type=raw,value=latest,enable=${{ !contains(env.VERSION, '-') }},suffix=-linux-arm64 + type=semver,pattern={{version}},value=${{ env.VERSION }},suffix=-linux-arm64,enable=${{ startsWith(env.VERSION, 'v') }} + type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }},suffix=-linux-arm64,enable=${{ startsWith(env.VERSION, 'v') }} + type=semver,pattern={{major}},value=${{ env.VERSION }},suffix=-linux-arm64,enable=${{ startsWith(env.VERSION, 'v') }} + type=raw,value=latest,enable=${{ startsWith(env.VERSION, 'v') && !contains(env.VERSION, '-') }},suffix=-linux-arm64 - name: docker login uses: docker/login-action@v3 @@ -411,29 +430,52 @@ jobs: run: | IMAGE="ghcr.io/${{ github.repository }}" - # Build list of tags + # Build list of tags - only create semver tags if version starts with 'v' TAGS=( "sha-${GITHUB_SHA:0:7}" - "${{ env.VERSION }}" ) - # Add version tags (major.minor, major) if not a prerelease - if [[ "${{ env.VERSION }}" != *"-"* ]]; then - TAGS+=("latest") - # Extract major.minor if version format is vX.Y.Z - if [[ "${{ env.VERSION }}" =~ ^v([0-9]+)\.([0-9]+)\. ]]; then - MAJOR="${BASH_REMATCH[1]}" - MINOR="${BASH_REMATCH[2]}" - TAGS+=("${MAJOR}.${MINOR}" "${MAJOR}") + # Only add version tags if it's a proper semver (starts with 'v') + if [[ "${{ env.VERSION }}" =~ ^v ]]; then + TAGS+=("${{ env.VERSION }}") + + # Add version tags (major.minor, major) if not a prerelease + if [[ "${{ env.VERSION }}" != *"-"* ]]; then + TAGS+=("latest") + # Extract major.minor if version format is vX.Y.Z + if [[ "${{ env.VERSION }}" =~ ^v([0-9]+)\.([0-9]+)\. ]]; then + MAJOR="${BASH_REMATCH[1]}" + MINOR="${BASH_REMATCH[2]}" + TAGS+=("${MAJOR}.${MINOR}" "${MAJOR}") + fi fi fi # Create multi-arch manifest for each tag combining both architectures for TAG in "${TAGS[@]}"; do + echo "Creating multi-arch manifest for tag: ${TAG}" + + # Verify both platform-specific images exist before creating manifest + if ! docker buildx imagetools inspect "${IMAGE}:${TAG}-linux-amd64" >/dev/null 2>&1; then + echo "⚠️ Warning: ${IMAGE}:${TAG}-linux-amd64 not found, skipping this tag" + continue + fi + + if ! docker buildx imagetools inspect "${IMAGE}:${TAG}-linux-arm64" >/dev/null 2>&1; then + echo "⚠️ Warning: ${IMAGE}:${TAG}-linux-arm64 not found, skipping this tag" + continue + fi + + # Create the multi-arch manifest docker buildx imagetools create \ --tag "${IMAGE}:${TAG}" \ "${IMAGE}:${TAG}-linux-amd64" \ - "${IMAGE}:${TAG}-linux-arm64" + "${IMAGE}:${TAG}-linux-arm64" || { + echo "❌ Failed to create manifest for ${TAG}" + exit 1 + } + + echo "✅ Created manifest for ${TAG}" done echo "✅ Multi-arch manifests created for all tags" From 51e6940756163efa141ab1b2c70ec8bb537ae05c Mon Sep 17 00:00:00 2001 From: Daniel Xifra Date: Wed, 28 Jan 2026 18:09:15 -0300 Subject: [PATCH 3/4] removed one check --- .github/workflows/release.yaml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6d20406de..ff55cc2a4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -16,11 +16,6 @@ on: description: "Build Docker" required: false type: boolean - build-binary: - default: true - description: "Build Binary" - required: false - type: boolean build-linux: default: true description: "Build Linux" @@ -73,8 +68,7 @@ jobs: build-binary: name: Build binary (${{ matrix.target }}) needs: extract-version - # Run if build-binary enabled OR tag push - if: github.event.inputs.build-binary == 'true' || github.event_name == 'push' + # Always run - build-linux and build-mac control what actually gets built runs-on: ${{ matrix.runner }} permissions: contents: write From 7efdc0bb2a0f147628bb1205fec90e6cb5da6358 Mon Sep 17 00:00:00 2001 From: Daniel Xifra Date: Mon, 2 Feb 2026 12:06:03 -0300 Subject: [PATCH 4/4] fixed perms and base --- docker/Dockerfile.rbuilder-from-binary | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile.rbuilder-from-binary b/docker/Dockerfile.rbuilder-from-binary index 2e0244a10..dd0566709 100644 --- a/docker/Dockerfile.rbuilder-from-binary +++ b/docker/Dockerfile.rbuilder-from-binary @@ -1,8 +1,9 @@ # Minimal runtime image that reuses a pre-built rbuilder binary. # The CI job downloads the linux/amd64 rbuilder binary into the build context as ./rbuilder +# Artifact download does not preserve execute bit; --chmod sets it on copy. -FROM gcr.io/distroless/cc-debian12 +FROM gcr.io/distroless/cc-debian13 WORKDIR /app -COPY rbuilder /app/rbuilder +COPY --chmod=755 rbuilder /app/rbuilder ENTRYPOINT ["/app/rbuilder"]