CI: improve docker CI

Sync changes with other repo
Separate repository dispatch into another job
Add ARM build

Author: uyjulian

.github/workflows/docker.yml

@@ -4,38 +4,119 @@ on:
   push:
     branches:
       - master
+      - main
     tags:
       - v*
+    paths-ignore:
+      - '**.md'
+      - '**.rst'
+  workflow_dispatch: {}
   repository_dispatch:
-    types: [run_build]
+    types:
+      - run_build
 
 jobs:
   build:
+    strategy:
+      matrix:
+        platform:
+          - runs-on: ubuntu-latest
+            container-platform: linux/amd64
+          - runs-on: ubuntu-24.04-arm
+            container-platform: linux/arm64
+    runs-on: ${{ matrix.platform.runs-on }}
+    timeout-minutes: 180
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Prepare
+      run: |
+        platform=${{ matrix.platform.container-platform }}
+        printf 'PLATFORM_PAIR=%s\n' "${platform//\//-}" >> $GITHUB_ENV
+
+    - name: Login to Github Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Prepare additional environment variables from repo
+      run: if test -f ./config/ci-docker-env.ini; then cat ./config/ci-docker-env.ini | sed -e 's/$REPOSITORY_OWNER/'"${{ github.repository_owner }}"'/g;s/$DOCKER_TAG/'"${{ env.DOCKER_TAG }}"'/g' >> $GITHUB_ENV; fi
+
+    - name: Extract DOCKER_TAG using tag name
+      if: env.BUILD_ARGS_LIST != null
+      run: |
+        printf 'BUILD_ARGS_LIST_NEWLINES<<EOF\n%s\nEOF\n' "${{ env.BUILD_ARGS_LIST }}" | tr ' ' $'\n' >> $GITHUB_ENV
+    
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ghcr.io/${{ github.repository }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Build and Push to container registry
+      id: build
+      uses: docker/build-push-action@v6
+      with:
+        platforms: ${{ matrix.platform.container-platform }}
+        labels: ${{ steps.meta.outputs.labels }}
+        tags: ghcr.io/${{ github.repository }}
+        outputs: type=image,push-by-digest=true,name-canonical=true,push=true
+        build-args: ${{ env.BUILD_ARGS_LIST_NEWLINES }}
+
+    - name: Export digest
+      run: |
+        mkdir -p ${{ runner.temp }}/digests
+        digest="${{ steps.build.outputs.digest }}"
+        touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+    - name: Upload digest
+      uses: actions/upload-artifact@v4
+      with:
+        name: digests-${{ env.PLATFORM_PAIR }}
+        path: ${{ runner.temp }}/digests/*
+        if-no-files-found: error
+        retention-days: 1
+
+  merge:
+    needs:
+      - build
     runs-on: ubuntu-latest
+    timeout-minutes: 20
     env:
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-      DISPATCH_TOKEN: ${{ secrets.DISPATCH_TOKEN }}
+    outputs:
+      dest-repo: ${{ steps.dest-repo.outputs.DEST_REPO }}
 
     steps:
-    - uses: actions/checkout@v4
+    - name: Checkout repository
+      uses: actions/checkout@v4
 
-    - name: Extract DOCKER_TAG using tag name
-      if: startsWith(github.ref, 'refs/tags/')
+    - name: Install Ubuntu packages
       run: |
-        printf '%s\n' "DOCKER_TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
+        sudo apt-get -y update
+        sudo apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install jq
 
-    - name: Use default DOCKER_TAG
-      if: startsWith(github.ref, 'refs/tags/') != true
-      run: |
-        printf '%s\n' "DOCKER_TAG=latest" >> $GITHUB_ENV
+    - name: Download digests
+      uses: actions/download-artifact@v4
+      with:
+        path: ${{ runner.temp }}/digests
+        pattern: digests-*
+        merge-multiple: true
 
     - name: Login to DockerHub
       uses: docker/login-action@v3
       if: env.DOCKER_USERNAME != null
       with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
 
     - name: Login to Github Container Registry
       uses: docker/login-action@v3
@@ -44,43 +125,96 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
+    - name: Extract DOCKER_TAG using tag name
+      if: startsWith(github.ref, 'refs/tags/')
+      run: |
+        printf 'DOCKER_TAG=%s\n' "${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
+    
+    - name: Use default DOCKER_TAG
+      if: startsWith(github.ref, 'refs/tags/') != true
+      run: |
+        printf 'DOCKER_TAG=%s\n' "latest" >> $GITHUB_ENV
+
     - name: Set docker tag list to include DockerHub if credentials available
       if: env.DOCKER_USERNAME != null
       run: |
-        printf '%s\n' "DOCKER_TAG_LIST=ghcr.io/${{ github.repository }}:${{ env.DOCKER_TAG }},${{ github.repository }}:${{ env.DOCKER_TAG }}" >> $GITHUB_ENV
+        printf 'DOCKER_CONTAINER_LIST<<EOF\n%s\nEOF\n' "ghcr.io/${{ github.repository }}"$'\n'"${{ github.repository }}" >> $GITHUB_ENV
 
     - name: Set docker tag list to not include DockerHub if credentials not available
       if: env.DOCKER_USERNAME == null
       run: |
-        printf '%s\n' "DOCKER_TAG_LIST=ghcr.io/${{ github.repository }}:${{ env.DOCKER_TAG }}" >> $GITHUB_ENV
+        printf 'DOCKER_CONTAINER_LIST<<EOF\n%s\nEOF\n' "ghcr.io/${{ github.repository }}" >> $GITHUB_ENV
 
-    - name: Build and Push to container registry
-      uses: docker/build-push-action@v5
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v5
       with:
-        push: true
-        tags: ${{ env.DOCKER_TAG_LIST }}
-        build-args: |
-          BASE_DOCKER_IMAGE=ghcr.io/${{ github.repository_owner }}/ps2toolchain:${{ env.DOCKER_TAG }}
+        images: ${{ env.DOCKER_CONTAINER_LIST }}
+        tags: |
+          type=raw,value=${{ env.DOCKER_TAG }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Create manifest list and push
+      working-directory: ${{ runner.temp }}/digests
+      run: |
+        docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/${{ github.repository }}@sha256:%s ' *)
+
+    - name: Inspect image
+      run: |
+        docker buildx imagetools inspect ghcr.io/${{ github.repository }}:${{ steps.meta.outputs.version }}
+
+    - name: Gather information for repository dispatch
+      id: dest-repo
+      run: if test -f ./config/repository-dispatch.ini; then cat ./config/repository-dispatch.ini >> $GITHUB_OUTPUT; fi
+
+  perform-repository-dispatch:
+    needs:
+      - merge
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:20.04
+      options: "--user 0"
+    timeout-minutes: 20
+    env:
+      DISPATCH_TOKEN: ${{ secrets.DISPATCH_TOKEN }}
+    strategy:
+      matrix:
+        dest-repo: ${{ fromJson(needs.merge.outputs.dest-repo) }}
+
+    steps:
+    - name: Gather environment variables (normal)
+      if: github.event_name != 'repository_dispatch'
+      run: |
+        printf 'PAYLOAD_REPO_PARENT_NAME=%s\n' "${{ github.repository }}" >> $GITHUB_ENV
+        printf 'PAYLOAD_REPO_PARENT_SHA=%s\n' "${{ github.sha }}" >> $GITHUB_ENV
+
+    - name: Gather environment variables (dispatch)
+      if: github.event_name == 'repository_dispatch'
+      run: |
+        printf 'PAYLOAD_REPO_PARENT_NAME=%s\n' "${{ github.event.client_payload.parent_name }}" >> $GITHUB_ENV
+        printf 'PAYLOAD_REPO_PARENT_SHA=%s\n' "${{ github.event.client_payload.parent_sha }}" >> $GITHUB_ENV
 
     - name: Send Compile action
       run: |
-        export DISPATCH_ACTION="$(printf '%s\n' run_build)"
-        printf '%s\n' "NEW_DISPATCH_ACTION=$DISPATCH_ACTION" >> $GITHUB_ENV
+        export DISPATCH_ACTION="$(printf 'run_build\n')"
+        printf 'NEW_DISPATCH_ACTION=%s\n' "$DISPATCH_ACTION" >> $GITHUB_ENV
 
-    - name: Repository Dispatch to ps2sdk-ports
+    - name: Repository Dispatch to ${{ matrix.dest-repo }}
       uses: peter-evans/repository-dispatch@v3
-      if: env.DISPATCH_TOKEN != null
+      if: env.DISPATCH_TOKEN != null && !contains(matrix.dest-repo, '/')
       with:
-        repository: ${{ github.repository_owner }}/ps2sdk-ports
+        repository: ${{ github.repository_owner }}/${{ matrix.dest-repo }}
         token: ${{ secrets.DISPATCH_TOKEN }}
         event-type: ${{ env.NEW_DISPATCH_ACTION }}
-        client-payload: '{"ref": "${{ github.ref }}"}'
+        client-payload: '{"ref": "${{ github.ref }}", "parent_name": "${{ env.PAYLOAD_REPO_PARENT_NAME }}", "parent_sha": "${{ env.PAYLOAD_REPO_PARENT_SHA }}"}'
 
-    - name: Repository Dispatch to ps2-packer
+    - name: Repository Dispatch to specific ${{ matrix.dest-repo }}
       uses: peter-evans/repository-dispatch@v3
-      if: env.DISPATCH_TOKEN != null
+      if: env.DISPATCH_TOKEN != null && contains(matrix.dest-repo, '/')
       with:
-        repository: ${{ github.repository_owner }}/ps2-packer
+        repository: ${{ matrix.dest-repo }}
         token: ${{ secrets.DISPATCH_TOKEN }}
         event-type: ${{ env.NEW_DISPATCH_ACTION }}
-        client-payload: '{"ref": "${{ github.ref }}"}'
+        client-payload: '{"ref": "${{ github.ref }}", "parent_name": "${{ env.PAYLOAD_REPO_PARENT_NAME }}", "parent_sha": "${{ env.PAYLOAD_REPO_PARENT_SHA }}"}'

config/ci-docker-env.ini

@@ -0,0 +1,3 @@
+
+BASE_DOCKER_IMAGE=ghcr.io/$REPOSITORY_OWNER/ps2toolchain:$DOCKER_TAG
+BUILD_ARGS_LIST=BASE_DOCKER_IMAGE

config/repository-dispatch.ini

@@ -0,0 +1 @@
+DEST_REPO=["ps2sdk-ports", "ps2-packer"]