Build and Push Multi-Architecture Docker Images

feat(build): update glibc and OpenSSL versions to 2.28 and 1.1.1k #9

Workflow file for this run

.github/workflows/build-and-push.yml at 84d9e4a

	name: Build and Push Multi-Architecture Docker Images

	on:
	push:
	branches:
	- main
	- master
	tags:
	- 'v*'
	pull_request:
	branches:
	- main
	- master
	workflow_dispatch:
	inputs:
	push_images:
	description: 'Push images to registry'
	required: false
	default: 'true'
	type: boolean

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: manticoresoftware/rust-min-libc
	RUST_VERSION: "1.86.0"
	AMD64_GLIBC_VERSION: "2.18"
	AMD64_OPENSSL_VERSION: "1.1.1k"
	ARM64_GLIBC_VERSION: "2.28"
	ARM64_OPENSSL_VERSION: "1.1.1k"

	jobs:
	build-amd64:
	runs-on: ubuntu-24.04
	permissions:
	contents: read
	packages: write
	id-token: write
	outputs:
	amd64-tag: ${{ steps.tags.outputs.amd64-tag }}

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log in to Container Registry
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ secrets.GHCR_USER \|\| github.actor }}
	password: ${{ secrets.GHCR_PASSWORD \|\| secrets.GITHUB_TOKEN }}

	- name: Verify authentication
	if: github.event_name != 'pull_request'
	run: \|
	# Show who we're authenticated as
	AUTH_USER=$(docker info \| grep Username \| awk '{print $2}' \|\| echo "unknown")
	echo "✅ Successfully authenticated to GitHub Container Registry as: $AUTH_USER"

	# Show which credentials were used
	if [ -n "${{ secrets.GHCR_USER }}" ]; then
	echo "🔑 Using custom GHCR credentials (GHCR_USER: ${{ secrets.GHCR_USER }})"
	else
	echo "🔑 Using GitHub token authentication (actor: ${{ github.actor }})"
	fi

	- name: Generate AMD64 tag
	id: tags
	run: \|
	AMD64_TAG="amd64-rust${{ env.RUST_VERSION }}-glibc${{ env.AMD64_GLIBC_VERSION }}-openssl${{ env.AMD64_OPENSSL_VERSION }}"
	echo "amd64-tag=${AMD64_TAG}" >> $GITHUB_OUTPUT
	echo "### AMD64 Build" >> $GITHUB_STEP_SUMMARY
	echo "Tag: \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${AMD64_TAG}\`" >> $GITHUB_STEP_SUMMARY
	echo "Platform: linux/amd64" >> $GITHUB_STEP_SUMMARY
	echo "Runner: ubuntu-24.04" >> $GITHUB_STEP_SUMMARY

	- name: Build and push AMD64 image
	id: build
	uses: docker/build-push-action@v5
	with:
	context: .
	platforms: linux/amd64
	push: ${{ github.event_name != 'pull_request' && (github.event.inputs.push_images != 'false') }}
	tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tags.outputs.amd64-tag }}
	cache-from: type=gha,scope=amd64
	cache-to: type=gha,mode=max,scope=amd64

	- name: Verify AMD64 push
	if: github.event_name != 'pull_request' && (github.event.inputs.push_images != 'false')
	run: \|
	AMD64_TAG="${{ steps.tags.outputs.amd64-tag }}"
	echo "🔍 Verifying AMD64 image was pushed..."

	# Give registry some time to propagate
	sleep 10

	# Try to pull the image to verify it exists
	if docker pull "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${AMD64_TAG}" >/dev/null 2>&1; then
	echo "✅ AMD64 image confirmed in registry (can pull)"
	docker rmi "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${AMD64_TAG}" >/dev/null 2>&1 \|\| true
	else
	echo "❌ AMD64 image NOT found in registry (cannot pull)"
	echo "This might be a temporary registry delay, checking with buildx inspect..."
	if docker buildx imagetools inspect "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${AMD64_TAG}" >/dev/null 2>&1; then
	echo "✅ AMD64 image found via buildx imagetools"
	else
	echo "❌ AMD64 image verification failed completely"
	exit 1
	fi
	fi

	build-arm64:
	runs-on: ubuntu-24.04-arm
	permissions:
	contents: read
	packages: write
	id-token: write
	outputs:
	arm64-tag: ${{ steps.tags.outputs.arm64-tag }}

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log in to Container Registry
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ secrets.GHCR_USER \|\| github.actor }}
	password: ${{ secrets.GHCR_PASSWORD \|\| secrets.GITHUB_TOKEN }}

	- name: Verify authentication
	if: github.event_name != 'pull_request'
	run: \|
	# Show who we're authenticated as
	AUTH_USER=$(docker info \| grep Username \| awk '{print $2}' \|\| echo "unknown")
	echo "✅ Successfully authenticated to GitHub Container Registry as: $AUTH_USER"

	# Show which credentials were used
	if [ -n "${{ secrets.GHCR_USER }}" ]; then
	echo "🔑 Using custom GHCR credentials (GHCR_USER: ${{ secrets.GHCR_USER }})"
	else
	echo "🔑 Using GitHub token authentication (actor: ${{ github.actor }})"
	fi

	- name: Generate ARM64 tag
	id: tags
	run: \|
	ARM64_TAG="aarch64-rust${{ env.RUST_VERSION }}-glibc${{ env.ARM64_GLIBC_VERSION }}-openssl${{ env.ARM64_OPENSSL_VERSION }}"
	echo "arm64-tag=${ARM64_TAG}" >> $GITHUB_OUTPUT
	echo "### ARM64 Build" >> $GITHUB_STEP_SUMMARY
	echo "Tag: \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${ARM64_TAG}\`" >> $GITHUB_STEP_SUMMARY
	echo "Platform: linux/arm64" >> $GITHUB_STEP_SUMMARY
	echo "Runner: ubuntu-24.04-arm" >> $GITHUB_STEP_SUMMARY

	- name: Build and push ARM64 image
	id: build
	uses: docker/build-push-action@v5
	with:
	context: .
	platforms: linux/arm64
	push: ${{ github.event_name != 'pull_request' && (github.event.inputs.push_images != 'false') }}
	tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tags.outputs.arm64-tag }}
	cache-from: type=gha,scope=arm64
	cache-to: type=gha,mode=max,scope=arm64

	- name: Verify ARM64 push
	if: github.event_name != 'pull_request' && (github.event.inputs.push_images != 'false')
	run: \|
	ARM64_TAG="${{ steps.tags.outputs.arm64-tag }}"
	echo "🔍 Verifying ARM64 image was pushed..."

	# Give registry some time to propagate
	sleep 10

	# Try to pull the image to verify it exists (ARM64 runner can pull ARM64)
	if docker pull "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${ARM64_TAG}" >/dev/null 2>&1; then
	echo "✅ ARM64 image confirmed in registry (can pull)"
	docker rmi "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${ARM64_TAG}" >/dev/null 2>&1 \|\| true
	else
	echo "❌ ARM64 image NOT found in registry (cannot pull)"
	echo "This might be a temporary registry delay, checking with buildx inspect..."
	if docker buildx imagetools inspect "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${ARM64_TAG}" >/dev/null 2>&1; then
	echo "✅ ARM64 image found via buildx imagetools"
	else
	echo "❌ ARM64 image verification failed completely"
	exit 1
	fi
	fi

	verify-build:
	runs-on: ubuntu-24.04
	needs: [build-amd64, build-arm64]
	if: github.event_name != 'pull_request'
	permissions:
	contents: read

	steps:
	- name: Verify and summarize
	run: \|
	echo "### 🎉 Build Complete" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "Both images have been built and pushed successfully using native runners:" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "Built Images:" >> $GITHUB_STEP_SUMMARY
	echo "- AMD64: Built on \`ubuntu-24.04\` (native x86_64)" >> $GITHUB_STEP_SUMMARY
	echo "- ARM64: Built on \`ubuntu-24.04-arm\` (native aarch64)" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "Available Tags:" >> $GITHUB_STEP_SUMMARY
	echo '```bash' >> $GITHUB_STEP_SUMMARY
	echo "# Pull AMD64 image" >> $GITHUB_STEP_SUMMARY
	echo "docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.build-amd64.outputs.amd64-tag }}" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "# Pull ARM64 image" >> $GITHUB_STEP_SUMMARY
	echo "docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.build-arm64.outputs.arm64-tag }}" >> $GITHUB_STEP_SUMMARY
	echo '```' >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "Usage Examples:" >> $GITHUB_STEP_SUMMARY
	echo '```bash' >> $GITHUB_STEP_SUMMARY
	echo "# Force specific architecture" >> $GITHUB_STEP_SUMMARY
	echo "docker run --platform linux/amd64 --rm -v \"\$(pwd)\":/src \\" >> $GITHUB_STEP_SUMMARY
	echo " ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.build-amd64.outputs.amd64-tag }} build --release" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "docker run --platform linux/arm64 --rm -v \"\$(pwd)\":/src \\" >> $GITHUB_STEP_SUMMARY
	echo " ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.build-arm64.outputs.arm64-tag }} build --release" >> $GITHUB_STEP_SUMMARY
	echo '```' >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "Inspect Images:" >> $GITHUB_STEP_SUMMARY
	echo '```bash' >> $GITHUB_STEP_SUMMARY
	echo "docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.build-amd64.outputs.amd64-tag }}" >> $GITHUB_STEP_SUMMARY
	echo "docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.build-arm64.outputs.arm64-tag }}" >> $GITHUB_STEP_SUMMARY
	echo '```' >> $GITHUB_STEP_SUMMARY

	- name: Package visibility reminder
	run: \|
	echo "ℹ️ Remember to make the package public in GitHub settings:"
	echo "https://github.com/manticoresoftware/manticore/pkgs/container/rust-min-libc/settings"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(build): update glibc and OpenSSL versions to 2.28 and 1.1.1k #9

Workflow file

feat(build): update glibc and OpenSSL versions to 2.28 and 1.1.1k #9

Uh oh!

Workflow file for this run