Merge pull request #511 from didx-xyz/multi-arch-docker

peacekeeper · web-flow · commit d7e5ae02a3a5 · 2025-09-18T12:40:49.000+02:00
Add multi-arch builds and upgrade to Java 21
diff --git a/.github/workflows/docker-multi-arch.yml b/.github/workflows/docker-multi-arch.yml
@@ -0,0 +1,155 @@
+name: Docker Multi-Arch
+
+on:
+  workflow_call:
+    inputs:
+      GLOBAL_FRAMEWORK:
+        required: false
+        type: string
+        default: maven
+        description: Framework used for the build (e.g., maven, node, nodejs, etc.)
+      GLOBAL_IMAGE_NAME:
+        required: true
+        type: string
+      GLOBAL_REPO_NAME:
+        type: string
+        default: docker.io
+      IMAGE_TAG:
+        required: false
+        type: string
+      IS_RELEASE:
+        required: false
+        type: boolean
+        default: false
+      PATH_TO_DOCKERFILE:
+        required: true
+        type: string
+      RELEASE_TYPE:
+        required: false
+        type: string
+        default: minor
+        description: Type of release - Major, Minor, or Patch
+    secrets:
+      CI_SECRET_READER_PERIODIC_TOKEN:
+        required: true
+      VAULT_ADDR:
+        required: true
+      VAULTCA:
+        required: true
+
+jobs:
+  docker-build:
+    name: Docker Build
+    runs-on: ${{ matrix.runs-on }}
+
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+        include:
+          - arch: amd64
+            runs-on: ubuntu-24.04
+          - arch: arm64
+            runs-on: ubuntu-24.04-arm
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Import Secrets
+        uses: hashicorp/vault-action@v3
+        with:
+          url: ${{ secrets.VAULT_ADDR }}
+          token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
+          caCertificate: ${{ secrets.VAULTCA }}
+          secrets: |
+            ci/data/gh-workflows/maven-danubetech-nexus username | MAVEN_USERNAME ;
+            ci/data/gh-workflows/maven-danubetech-nexus password | MAVEN_PASSWORD
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+          version: latest
+
+      - name: Docker Build and Cache
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ inputs.PATH_TO_DOCKERFILE }}
+          push: false
+          build-args: |
+            DANUBETECH_MAVEN_INTERNAL_USERNAME=${{ env.MAVEN_USERNAME }}
+            DANUBETECH_MAVEN_INTERNAL_PASSWORD=${{ env.MAVEN_PASSWORD }}
+          cache-from: type=gha,scope=docker-build-${{ matrix.arch }}
+          cache-to: type=gha,scope=docker-build-${{ matrix.arch }},mode=max
+          platforms: linux/${{ matrix.arch }}
+
+  docker-publish:
+    name: Docker Publish
+    runs-on: ubuntu-24.04
+    needs: docker-build
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Import Secrets
+        uses: hashicorp/vault-action@v3
+        with:
+          url: ${{ secrets.VAULT_ADDR }}
+          token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
+          caCertificate: ${{ secrets.VAULTCA }}
+          secrets: |
+            ci/data/gh-workflows/${{ inputs.GLOBAL_REPO_NAME }} username | DOCKER_USERNAME ;
+            ci/data/gh-workflows/${{ inputs.GLOBAL_REPO_NAME }} password | DOCKER_PASSWORD ;
+            ci/data/gh-workflows/maven-danubetech-nexus username | MAVEN_USERNAME ;
+            ci/data/gh-workflows/maven-danubetech-nexus password | MAVEN_PASSWORD
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+          version: latest
+
+      - name: Get version
+        if: inputs.IS_RELEASE
+        id: get_version
+        uses: danubetech/github-action-read-version@main
+        with:
+          framework: ${{ inputs.GLOBAL_FRAMEWORK }}
+          version-core: ${{ inputs.RELEASE_TYPE }}
+
+      - name: Docker Metadata
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ inputs.GLOBAL_REPO_NAME }}/${{ inputs.GLOBAL_IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ inputs.IMAGE_TAG }},enable=${{ inputs.IMAGE_TAG != '' }}
+            type=sha,prefix=${{ steps.get_version.outputs.version }},enable=${{ inputs.IS_RELEASE }}
+
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.GLOBAL_REPO_NAME }}
+          username: ${{ env.DOCKER_USERNAME }}
+          password: ${{ env.DOCKER_PASSWORD }}
+
+      - name: Docker Push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ inputs.PATH_TO_DOCKERFILE }}
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          build-args: |
+            DANUBETECH_MAVEN_INTERNAL_USERNAME=${{ env.MAVEN_USERNAME }}
+            DANUBETECH_MAVEN_INTERNAL_PASSWORD=${{ env.MAVEN_PASSWORD }}
+          cache-from: |
+            type=gha,scope=docker-build-arm64
+            type=gha,scope=docker-build-amd64
+          platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/latest.yml b/.github/workflows/latest.yml
@@ -34,6 +34,19 @@ jobs:
       VAULTCA: ${{ secrets.VAULTCA }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
+  docker-latest-multi-arch:
+    needs: docker-latest
+    uses: ./.github/workflows/docker-multi-arch.yml
+    with:
+      GLOBAL_IMAGE_NAME: universalresolver/uni-resolver-web
+      GLOBAL_REPO_NAME: docker.io
+      IMAGE_TAG: latest
+      PATH_TO_DOCKERFILE: uni-resolver-web/docker/Dockerfile
+    secrets:
+      CI_SECRET_READER_PERIODIC_TOKEN: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
+      VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+      VAULTCA: ${{ secrets.VAULTCA }}
+
   trigger-deployment:
     needs: [ docker-latest ]
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -38,3 +38,18 @@ jobs:
       CI_SECRET_READER_PERIODIC_TOKEN: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
       VAULTCA: ${{ secrets.VAULTCA }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+  docker-release-multi-arch:
+    needs: docker-release
+    uses: ./.github/workflows/docker-multi-arch.yml
+    with:
+      GLOBAL_FRAMEWORK: maven
+      GLOBAL_IMAGE_NAME: universalresolver/uni-resolver-web
+      GLOBAL_REPO_NAME: docker.io
+      IS_RELEASE: true
+      PATH_TO_DOCKERFILE: uni-resolver-web/docker/Dockerfile
+      RELEASE_TYPE: ${{ github.event.inputs.release_type }}
+    secrets:
+      CI_SECRET_READER_PERIODIC_TOKEN: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
+      VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+      VAULTCA: ${{ secrets.VAULTCA }}
diff --git a/uni-resolver-web/docker/Dockerfile b/uni-resolver-web/docker/Dockerfile
@@ -1,6 +1,6 @@
 # Dockerfile for universalresolver/uni-resolver-web
 
-FROM maven:3-eclipse-temurin-17-focal AS build
+FROM maven:3-eclipse-temurin-21 AS build
 MAINTAINER Markus Sabadello <markus@danubetech.com>
 
 # build uni-resolver-web
@@ -15,7 +15,7 @@ RUN cd /opt/universal-resolver/uni-resolver-web && mvn clean package -N
 
 # build image
 
-FROM eclipse-temurin:17-jre-alpine
+FROM eclipse-temurin:21-jre-alpine
 # For amd64 architecture use amd64/eclipse-temurin:17-jre-alpine
 
 MAINTAINER Markus Sabadello <markus@danubetech.com>
