From fb6beeabe4ec6cbaf78c845657a05a14e6d47f27 Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Tue, 4 Jun 2024 16:10:36 +0100
Subject: [PATCH 1/2] Multi-arch builds with provenance for docker-minimal
 images

---
 .github/workflows/docker-minimal.yml | 60 ++++++++++++++++++++++++----
 1 file changed, 53 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/docker-minimal.yml b/.github/workflows/docker-minimal.yml
index 44325890..ade6c29e 100644
--- a/.github/workflows/docker-minimal.yml
+++ b/.github/workflows/docker-minimal.yml
@@ -8,14 +8,60 @@ on:
 jobs:
   docker_test:
     name: docker_test
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
+    env:
+      # Github.refname is wrong for pull requests - have to use head ref for them
+      MYREF: ${{ github.event.pull_request && github.head_ref || github.ref_name }}
+      PLATFORMS: linux/arm64,linux/amd64
+      DOCKERFILE: Dockerfile.minimal
+      BUILD_CONTEXT: docker/wforce_image
+      BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+      IMAGE_NAME: wforce-minimal
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           submodules: recursive
-      - run: cd docker/wforce_image && docker buildx build -f Dockerfile.minimal weakforced -t powerdns/wforce-minimal:`git describe --tags` --load
-      - run: cd docker && bash docker_push.sh "powerdns/wforce-minimal"
-        env:
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/arm64
+      - name: Set up Docker Buildx for multi-platform builds
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: ${{ env.PLATFORMS }}
+      - name: Login to Docker
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Check for release tag
+        id: release_check
+        run: |
+          if [[ ${{ github.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "release=YES" >> $GITHUB_OUTPUT
+          fi
+      - name: Build and push to docker hub for releases with tag
+        id: release_build
+        if: ${{ steps.release_check.outputs.release == 'YES' }}
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ env.BUILD_CONTEXT }}
+          file: ${{ env.DOCKERFILE }}
+          platforms: ${{ env.PLATFORMS }}
+          push: true
+          sbom: true
+          tags: |
+            ${{ env.DOCKER_ORGANIZATION_NAME }}/${{ env.IMAGE_NAME }}:${{ env.MYREF }}
+      - name: Build and push to docker hub for master branch
+        id: master_build
+        if: ${{ env.BRANCH_NAME == 'master' }}
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ env.BUILD_CONTEXT }}
+          file: ${{ env.DOCKERFILE }}
+          platforms: ${{ env.PLATFORMS }}
+          push: true
+          sbom: true
+          tags: |
+            ${{ env.DOCKER_ORGANIZATION_NAME }}/${{ env.IMAGE_NAME }}:unstable
\ No newline at end of file

From 736b401bcd205ff28770a92abcaaed7af4212f37 Mon Sep 17 00:00:00 2001
From: Neil Cook <neil.cook@noware.co.uk>
Date: Tue, 4 Jun 2024 21:19:48 +0100
Subject: [PATCH 2/2]  Change build context to repo root for docker minimal GH
 actions workflow

---
 .github/workflows/docker-minimal.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-minimal.yml b/.github/workflows/docker-minimal.yml
index ade6c29e..6b73499e 100644
--- a/.github/workflows/docker-minimal.yml
+++ b/.github/workflows/docker-minimal.yml
@@ -13,8 +13,7 @@ jobs:
       # Github.refname is wrong for pull requests - have to use head ref for them
       MYREF: ${{ github.event.pull_request && github.head_ref || github.ref_name }}
       PLATFORMS: linux/arm64,linux/amd64
-      DOCKERFILE: Dockerfile.minimal
-      BUILD_CONTEXT: docker/wforce_image
+      DOCKERFILE: docker/wforce_image/Dockerfile.minimal
       BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
       IMAGE_NAME: wforce-minimal
     steps:
@@ -46,7 +45,7 @@ jobs:
         if: ${{ steps.release_check.outputs.release == 'YES' }}
         uses: docker/build-push-action@v5
         with:
-          context: ${{ env.BUILD_CONTEXT }}
+          context: .
           file: ${{ env.DOCKERFILE }}
           platforms: ${{ env.PLATFORMS }}
           push: true
@@ -58,7 +57,7 @@ jobs:
         if: ${{ env.BRANCH_NAME == 'master' }}
         uses: docker/build-push-action@v5
         with:
-          context: ${{ env.BUILD_CONTEXT }}
+          context: .
           file: ${{ env.DOCKERFILE }}
           platforms: ${{ env.PLATFORMS }}
           push: true