Support building for Arm64

.github/workflows/build-push-image.yml

@@ -3,17 +3,41 @@ name: Build & Push
 on:
   workflow_call:
     inputs:
+      arm64:
+        type: boolean
+        default: false
       subdirectory:
         type: string
         required: false
 
 jobs:
-  build-push:
-    runs-on: ubuntu-24.04
+  define-matrix:
+    runs-on: ubuntu-slim
+
+    permissions: {}
+
+    outputs:
+      platforms: ${{ steps.platforms.outputs.platforms }}
+
+    steps:
+      - id: platforms
+        run: |
+          echo platforms='${{
+            inputs.arm64
+            && '[{"key":"linux-amd64","os":"linux","architecture":"amd64","runner":"ubuntu-24.04"},{"key":"linux-arm64","os":"linux","architecture":"arm64","runner":"ubuntu-24.04-arm"}]'
+            || '[{"key":"linux-amd64","os":"linux","architecture":"amd64","runner":"ubuntu-24.04"}]'
+          }}' >> "$GITHUB_OUTPUT"
+
+  metadata:
+    runs-on: ubuntu-24.04-arm
+
+    outputs:
+      registry: ${{ steps.remote.outputs.registry }}
+      repository: ${{ steps.remote.outputs.repository }}
+      tags: ${{ steps.meta.outputs.tags }}
+
     permissions:
       contents: read
-      id-token: write
-      packages: write
 
     steps:
       - name: Setup Buildx
@@ -32,53 +56,136 @@ jobs:
           echo "registry=${{ steps.visibility.outputs.visibility == 'public' && 'ghcr.io' || '917951871879.dkr.ecr.eu-west-1.amazonaws.com' }}" >> $GITHUB_OUTPUT
           echo "repository=${{ steps.visibility.outputs.visibility == 'public' && github.repository || github.event.repository.name }}${{ inputs.subdirectory && format('/{0}', inputs.subdirectory) || '' }}" >> $GITHUB_OUTPUT
 
+      - name: Extract image metadata
+        id: meta
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
+        with:
+          images: ${{ steps.remote.outputs.registry }}/${{ steps.remote.outputs.repository }}
+          tags: |
+              type=sha,prefix=git-
+              type=raw,value=edge,enable={{is_default_branch}}
+
+  build:
+    needs:
+      - define-matrix
+      - metadata
+
+    strategy:
+      matrix:
+        platform: ${{ fromJSON(needs.define-matrix.outputs.platforms) }}
+
+    runs-on: ${{ matrix.platform.runner }}
+
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+
       - name: AWS Credentials
-        if: ${{ steps.remote.outputs.registry == '917951871879.dkr.ecr.eu-west-1.amazonaws.com'}}
+        if: ${{ needs.metadata.outputs.registry == '917951871879.dkr.ecr.eu-west-1.amazonaws.com'}}
         uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
         with:
           role-to-assume: arn:aws:iam::917951871879:role/GitHubActionsBgOrg
           aws-region: eu-west-1
 
       - name: ECR Login
-        if: ${{ steps.remote.outputs.registry == '917951871879.dkr.ecr.eu-west-1.amazonaws.com'}}
+        if: ${{ needs.metadata.outputs.registry == '917951871879.dkr.ecr.eu-west-1.amazonaws.com'}}
         uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a #v2.1.3
 
       - name: Docker Login
-        if: ${{ steps.remote.outputs.registry == 'ghcr.io' }}
+        if: ${{ needs.metadata.outputs.registry == 'ghcr.io' }}
         uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Extract image metadata
-        id: meta
-        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
-        with:
-          images: ${{ steps.remote.outputs.registry }}/${{ steps.remote.outputs.repository }}
-          tags: |
-              type=sha,prefix=git-
-              type=raw,value=edge,enable={{is_default_branch}}
-
       - name: Build image
         id: build
         uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
         with:
-          context: "{{defaultContext}}:${{ inputs.subdirectory }}"
-          labels: ${{ steps.meta.outputs.labels }}
-          tags: ${{ steps.meta.outputs.tags }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          push: true
-
-      - name: Save metadata
+          labels: ${{ needs.metadata.outputs.labels }}
+          tags: ${{ needs.metadata.outputs.registry }}/${{ needs.metadata.outputs.repository }}
+          platforms: ${{matrix.platform.os}}/${{matrix.platform.architecture}}
+          cache-from: type=gha,scope=${{matrix.platform.key}}
+          cache-to: type=gha,mode=max,scope=${{matrix.platform.key}}
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: digests-${{ matrix.platform.key }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    needs:
+      - metadata
+      - build
+
+    runs-on: ubuntu-24.04-arm
+
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Setup Buildx
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        with:
+          version: v0.32.1
+
+      - name: AWS Credentials
+        if: ${{ needs.metadata.outputs.registry == '917951871879.dkr.ecr.eu-west-1.amazonaws.com'}}
+        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
+        with:
+          role-to-assume: arn:aws:iam::917951871879:role/GitHubActionsBgOrg
+          aws-region: eu-west-1
+
+      - name: ECR Login
+        if: ${{ needs.metadata.outputs.registry == '917951871879.dkr.ecr.eu-west-1.amazonaws.com'}}
+        uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a #v2.1.3
+
+      - name: Docker Login
+        if: ${{ needs.metadata.outputs.registry == 'ghcr.io' }}
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
         run: |
-          cat << 'EOF' > build-push-metadata.json
-          ${{ steps.build.outputs.metadata }}
-          EOF
+          docker buildx imagetools create \
+            --metadata-file "$GITHUB_WORKSPACE/build-push-metadata.json" \
+            $(echo '${{ needs.metadata.outputs.tags }}' | sed 's/^/-t /' | tr '\n' ' ') \
+            $(printf '${{ needs.metadata.outputs.registry }}/${{ needs.metadata.outputs.repository }}@sha256:%s ' *)
 
       - name: Upload metadata
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: build-push-metadata.json
           path: build-push-metadata.json
+          if-no-files-found: error

.github/workflows/check-poetry-project.yml

@@ -3,16 +3,46 @@ name: Check Poetry Project
 on:
   workflow_call:
     inputs:
+      arm64:
+        type: boolean
+        default: false
       poetry-version:
         required: false
         default: "1.8.5"
         type: string
 
 jobs:
+  define-matrix:
+    runs-on: ubuntu-slim
+
+    permissions: {}
+
+    outputs:
+      platforms: ${{ steps.platforms.outputs.platforms }}
+
+    steps:
+      - id: platforms
+        run: |
+          echo platforms='${{
+            inputs.arm64
+            && '[{"key":"linux-amd64","os":"linux","architecture":"amd64","runner":"ubuntu-24.04"},{"key":"linux-arm64","os":"linux","architecture":"arm64","runner":"ubuntu-24.04-arm"}]'
+            || '[{"key":"linux-amd64","os":"linux","architecture":"amd64","runner":"ubuntu-24.04"}]'
+          }}' >> "$GITHUB_OUTPUT"
+
+
   test:
-    runs-on: ubuntu-24.04
+    needs:
+      - define-matrix
+
+    strategy:
+      matrix:
+        platform: ${{ fromJSON(needs.define-matrix.outputs.platforms) }}
+
     permissions:
       contents: read
+
+    runs-on: ${{ matrix.platform.runner }}
+
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Set up Python