agent/.github/workflows/docker.yml

name: Create a new release
on:
  release:
    types: [created]
  workflow_dispatch:
    inputs:
      tag:
        description: "Tag for the Docker image"
        required: true
        default: "test"

env:
  REPO: kerberos/agent

jobs:
  build-amd64:
    runs-on: ubuntu-24.04
    permissions:
      contents: write
    strategy:
      matrix:
        architecture: [amd64]
    steps:
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Checkout
        uses: actions/checkout@v3
      - uses: benjlevesque/short-sha@v2.1
        id: short-sha
        with:
          length: 7
      - name: Run Build
        run: |
          docker build -t ${{matrix.architecture}} .
          CID=$(docker create ${{matrix.architecture}})
          docker cp ${CID}:/home/agent ./output-${{matrix.architecture}}
          docker rm ${CID}
      - name: Strip binary
        run: tar -cf agent-${{matrix.architecture}}.tar -C output-${{matrix.architecture}} . && rm -rf output-${{matrix.architecture}}
      - name: Build and push Docker image
        run: |
          docker tag ${{matrix.architecture}} $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}}
          docker push $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}}
      - name: Create new manifest
        run: docker manifest create $REPO:${{ github.event.inputs.tag || github.ref_name }} $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}}
      - name: Create latest manifest
        run: docker manifest create $REPO:latest $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}}
        if: github.event.inputs.tag == 'test'
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: agent-${{matrix.architecture}}.tar
          path: agent-${{matrix.architecture}}.tar
          
  build-arm64:
    runs-on: ubuntu-24.04-arm 
    permissions:
      contents: write
    strategy:
      matrix:
        architecture: [arm64]
    steps:
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Checkout
        uses: actions/checkout@v3
      - uses: benjlevesque/short-sha@v2.1
        id: short-sha
        with:
          length: 7
      - name: Run Build
        run: |
          docker build -t ${{matrix.architecture}} -f Dockerfile.arm64 .
          CID=$(docker create ${{matrix.architecture}})
          docker cp ${CID}:/home/agent ./output-${{matrix.architecture}}
          docker rm ${CID}
      - name: Strip binary
        run: tar -cf agent-${{matrix.architecture}}.tar -C output-${{matrix.architecture}} . && rm -rf output-${{matrix.architecture}}
      - name: Build and push Docker image
        run: |
          docker tag ${{matrix.architecture}} $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}}
          docker push $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}}
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: agent-${{matrix.architecture}}.tar
          path: agent-${{matrix.architecture}}.tar

  create-manifest:
    runs-on: ubuntu-24.04
    needs: [build-amd64, build-arm64]
    steps:
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Create and push multi-arch manifest
        run: |
          docker manifest create $REPO:${{ github.event.inputs.tag || github.ref_name }} \
            $REPO-arch:arch-amd64-${{github.event.inputs.tag || github.ref_name}} \
            $REPO-arch:arch-arm64-${{github.event.inputs.tag || github.ref_name}}
          docker manifest push $REPO:${{ github.event.inputs.tag || github.ref_name }}
      - name: Create and push latest manifest
        run: |
          docker manifest create $REPO:latest \
            $REPO-arch:arch-amd64-${{github.event.inputs.tag || github.ref_name}} \
            $REPO-arch:arch-arm64-${{github.event.inputs.tag || github.ref_name}}
          docker manifest push $REPO:latest
        if: github.event.inputs.tag == 'test'

  create-release:
    runs-on: ubuntu-24.04
    needs: [build-amd64, build-arm64]
    permissions:
      contents: write
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
      - name: Create a release
        uses: ncipollo/release-action@v1
        with:
          latest: true
          allowUpdates: true
          name: ${{ github.event.inputs.tag || github.ref_name }}
          tag: ${{ github.event.inputs.tag || github.ref_name }}
          generateReleaseNotes: false
          omitBodyDuringUpdate: true
          artifacts: "agent-*.tar/agent-*.tar"