INFRAPRJ-7379: Add arm64 host builder for 'ledgerhq/speculos' image

Author: vbaskov-ledger

.github/workflows/continuous-integration-workflow.yml

@@ -151,9 +151,30 @@ jobs:
 
   deploy_docker:
     name: Build and Upload the Speculos docker
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: speculos-builder-2c-arm64-ubuntu_2404
+    runs-on: ${{ matrix.runner }}
     needs: [build]
     steps:
+
+    - name: Prepare
+      run: |
+        platform=${{ matrix.platform }}
+        echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+        if [[ "${{ github.event_name }}" == 'push' && ( "${{ github.ref }}" == 'refs/heads/master' || "${{ github.ref }}" =~ '^refs/tags/.*' ) ]]; then
+           PUSH_FLAG='true'
+        else
+           PUSH_FLAG='false'
+        fi
+        echo "PUSH_FLAG=${PUSH_FLAG}" >> $GITHUB_ENV
+
+
     - name: Clone
       uses: actions/checkout@v4
       with:
@@ -182,8 +203,57 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build and publish to GitHub Packages
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v6
+      id: buildPush
       with:
-        push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) }}
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
+        platforms: ${{ matrix.platform }}
+        outputs: type=image,name=ghcr.io/ledgerhq/speculos,push-by-digest=true,name-canonical=true,push=${{ env.PUSH_FLAG }}
+
+    - name: Export digest
+      run: |
+        mkdir -p /tmp/digests
+        digest="${{ steps.buildPush.outputs.digest }}"
+        touch "/tmp/digests/${digest#sha256:}"
+
+    - name: Upload digest
+      uses: actions/upload-artifact@v4
+      with:
+        name: digests-${{ env.PLATFORM_PAIR }}
+        path: /tmp/digests/*
+        if-no-files-found: error
+        retention-days: 1
+
+  final_tag_multiarch_merge_docker:
+    if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) }}
+    needs:
+      - deploy_docker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: /tmp/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Create manifest list and push
+        working-directory: /tmp/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf 'ghcr.io/ledgerhq/speculos@sha256:%s ' *)
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ghcr.io/ledgerhq/speculos:latest

.github/workflows/speculos-builder.yml

@@ -27,7 +27,6 @@ jobs:
             runner: ubuntu-latest
           - platform: linux/arm64
             runner: speculos-builder-2c-arm64-ubuntu_2404
-
     runs-on: ${{ matrix.runner }}
     permissions:
       packages: write