meshtastic · thebentern · Jan 22, 2025 · Jan 13, 2025
diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml
diff --git a/.github/workflows/daily_packaging.yml b/.github/workflows/daily_packaging.yml
@@ -20,6 +20,12 @@ permissions:
   packages: write
 
 jobs:
+  docker-multiarch:
+    uses: ./.github/workflows/docker_manifest.yml
+    with:
+      release_channel: daily
+    secrets: inherit
+
   package-ppa:
     strategy:
       fail-fast: false

diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml
@@ -0,0 +1,70 @@
+name: Build Docker
+
+# Build Docker image, push untagged (digest-only)
+
+on:
+  workflow_call:
+    inputs:
+      distro:
+        description: Distro to target
+        required: true
+        type: string
+        # choices: [debian, alpine]
+      platform:
+        description: Platform to target
+        required: true
+        type: string
+      runs-on:
+        description: Runner to use
+        required: true
+        type: string
+      push:
+        description: Push images to registry
+        required: false
+        type: boolean
+        default: false
+    outputs:
+      digest:
+        description: Digest of built image
+        value: ${{ jobs.docker-build.outputs.digest }}
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  docker-build:
+    outputs:
+      digest: ${{ steps.docker_variant.outputs.digest }}
+    runs-on: ${{ inputs.runs-on }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Docker login
+        if: ${{ inputs.push }}
+        uses: docker/login-action@v3
+        with:
+          username: meshtastic
+          password: ${{ secrets.DOCKER_FIRMWARE_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Docker setup
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker build and push
+        uses: docker/build-push-action@v6
+        id: docker_variant
+        with:
+          context: .
+          file: |
+            ${{ contains(inputs.distro, 'debian') && './Dockerfile' || contains(inputs.distro, 'alpine') && './alpine.Dockerfile' }}
+          push: ${{ inputs.push }}
+          tags: "" # Intentionally empty, push with digest only
+          platforms: ${{ inputs.platform }}
diff --git a/.github/workflows/docker_manifest.yml b/.github/workflows/docker_manifest.yml
@@ -0,0 +1,167 @@
+name: Build Docker Multi-Arch Manifest
+
+on:
+  workflow_call:
+    inputs:
+      release_channel:
+        description: Release channel to target
+        required: true
+        type: string
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  docker-debian-amd64:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: debian
+      platform: linux/amd64
+      runs-on: ubuntu-24.04
+      push: true
+
+  docker-debian-arm64:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: debian
+      platform: linux/arm64
+      runs-on: ubuntu-24.04-arm
+      push: true
+
+  docker-debian-armv7:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: debian
+      platform: linux/arm/v7
+      runs-on: ubuntu-24.04-arm
+      push: true
+
+  docker-alpine-amd64:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: alpine
+      platform: linux/amd64
+      runs-on: ubuntu-24.04
+      push: true
+
+  docker-alpine-arm64:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: alpine
+      platform: linux/arm64
+      runs-on: ubuntu-24.04-arm
+      push: true
+
+  docker-alpine-armv7:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: alpine
+      platform: linux/arm/v7
+      runs-on: ubuntu-24.04-arm
+      push: true
+
+  docker-manifest:
+    needs:
+      # Debian
+      - docker-debian-amd64
+      - docker-debian-arm64
+      - docker-debian-armv7
+      # Alpine
+      - docker-alpine-amd64
+      - docker-alpine-arm64
+      - docker-alpine-armv7
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Get release version string
+        run: |
+          echo "long=$(./bin/buildinfo.py long)" >> $GITHUB_OUTPUT
+          echo "short=$(./bin/buildinfo.py short)" >> $GITHUB_OUTPUT
+        id: version
+
+      - name: Enumerate tags
+        shell: python
+        run: |
+          import os
+
+          short = "${{ steps.version.outputs.short }}"
+          long = "${{ steps.version.outputs.long }}"
+          release_channel = "${{ inputs.release_channel }}"
+          tags = {
+            "beta": {
+              "debian": [
+                f"{short}", f"{long}", f"{short}-beta", f"{long}-beta", "beta", "latest",
+                f"{short}-debian", f"{long}-debian", f"{short}-beta-debian", f"{long}-beta-debian", "beta-debian"
+              ],
+              "alpine": [
+                f"{short}-alpine", f"{long}-alpine", f"{short}-beta-alpine", f"{long}-beta-alpine", "beta-alpine"
+              ]
+            },
+            "alpha": {
+              "debian": [
+                f"{short}-alpha", f"{long}-alpha", "alpha",
+                f"{short}-alpha-debian", f"{long}-alpha-debian", "alpha-debian"
+              ],
+              "alpine": [
+                f"{short}-alpha-alpine", f"{long}-alpha-alpine", "alpha-alpine"
+              ]
+            },
+            "daily": {
+              "debian": ["daily", "daily-debian"],
+              "alpine": ["daily-alpine"]
+            }
+          }
+
+          with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
+            fh.write(f"debian={','.join(tags[release_channel]['debian'])}\n")
+            fh.write(f"alpine={','.join(tags[release_channel]['alpine'])}\n")
+        id: tags
+
+      - name: Docker login
+        uses: docker/login-action@v3
+        with:
+          username: meshtastic
+          password: ${{ secrets.DOCKER_FIRMWARE_TOKEN }}
+
+      - name: Docker meta (Debian)
+        id: meta_debian
+        uses: docker/metadata-action@v5
+        with:
+          images: meshtastic/meshtasticd
+          tags: ${{ steps.tags.outputs.debian }}
+
+      - name: Create Docker manifest (Debian)
+        id: manifest_debian
+        uses: int128/docker-manifest-create-action@v2
+        with:
+          tags: ${{ steps.meta_debian.outputs.tags }}
+          push: true
+          sources: |
+            meshtastic/meshtasticd@${{ needs.docker-debian-amd64.outputs.digest }}
+            meshtastic/meshtasticd@${{ needs.docker-debian-arm64.outputs.digest }}
+            meshtastic/meshtasticd@${{ needs.docker-debian-armv7.outputs.digest }}
+
+      - name: Docker meta (Alpine)
+        id: meta_alpine
+        uses: docker/metadata-action@v5
+        with:
+          images: meshtastic/meshtasticd
+          tags: ${{ steps.tags.outputs.alpine }}
+
+      - name: Create Docker manifest (Alpine)
+        id: manifest_alpine
+        uses: int128/docker-manifest-create-action@v2
+        with:
+          tags: ${{ steps.meta_alpine.outputs.tags }}
+          push: true
+          sources: |
+            meshtastic/meshtasticd@${{ needs.docker-alpine-amd64.outputs.digest }}
+            meshtastic/meshtasticd@${{ needs.docker-alpine-arm64.outputs.digest }}
+            meshtastic/meshtasticd@${{ needs.docker-alpine-armv7.outputs.digest }}
diff --git a/.github/workflows/main_matrix.yml b/.github/workflows/main_matrix.yml
@@ -147,10 +147,37 @@ jobs:
   test-native:
     uses: ./.github/workflows/test_native.yml
 
-  build-docker:
-    if: ${{ github.event_name == 'workflow_dispatch' }}
-    uses: ./.github/workflows/build_docker.yml
-    secrets: inherit
+  docker-debian-amd64:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: debian
+      platform: linux/amd64
+      runs-on: ubuntu-24.04
+      push: false
+
+  docker-alpine-amd64:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: debian
+      platform: linux/amd64
+      runs-on: ubuntu-24.04
+      push: false
+
+  docker-debian-arm64:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: debian
+      platform: linux/arm64
+      runs-on: ubuntu-24.04-arm
+      push: false
+
+  docker-debian-armv7:
+    uses: ./.github/workflows/docker_build.yml
+    with:
+      distro: debian
+      platform: linux/arm/v7
+      runs-on: ubuntu-24.04-arm
+      push: false
 
   after-checks:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/release_channels.yml b/.github/workflows/release_channels.yml
@@ -9,6 +9,13 @@ permissions:
   packages: write
 
 jobs:
+  build-docker:
+    uses: ./.github/workflows/docker_manifest.yml
+    with:
+      release_channel: |-
+        ${{ contains(github.event.release.name, 'Beta') && 'beta' || contains(github.event.release.name, 'Alpha') && 'alpha' }}
+    secrets: inherit
+
   package-ppa:
     strategy:
       fail-fast: false