plano/.github/workflows/docker-push-release.yml

name: Publish docker image (release)

env:
  DOCKER_IMAGE: katanemo/plano
  GHCR_IMAGE: ghcr.io/${{ github.repository_owner }}/plano

on:
  release:
    types: [published]

permissions:
  contents: read
  packages: write

jobs:
  # Build ARM64 image on native ARM64 runner — push to both registries
  build-arm64:
    runs-on: [linux-arm64]
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Log in to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.DOCKER_IMAGE }}
          tags: |
            type=raw,value={{tag}}

      - name: Build and Push ARM64 Image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/arm64
          push: true
          tags: |
            ${{ steps.meta.outputs.tags }}-arm64
            ${{ env.GHCR_IMAGE }}:${{ github.event.release.tag_name }}-arm64

  # Build AMD64 image on GitHub's AMD64 runner — push to both registries
  build-amd64:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Log in to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.DOCKER_IMAGE }}
          tags: |
            type=raw,value={{tag}}

      - name: Build and Push AMD64 Image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/amd64
          push: true
          tags: |
            ${{ steps.meta.outputs.tags }}-amd64
            ${{ env.GHCR_IMAGE }}:${{ github.event.release.tag_name }}-amd64

  # Combine ARM64 and AMD64 images into multi-arch manifests for both registries
  create-manifest:
    runs-on: ubuntu-latest
    needs: [build-arm64, build-amd64]
    steps:
      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Log in to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.DOCKER_IMAGE }}
          tags: |
            type=raw,value={{tag}}

      - name: Create Docker Hub Multi-Arch Manifest
        run: |
          docker buildx imagetools create \
            -t ${{ steps.meta.outputs.tags }} \
            ${{ steps.meta.outputs.tags }}-arm64 \
            ${{ steps.meta.outputs.tags }}-amd64

      - name: Create GHCR Multi-Arch Manifest
        run: |
          TAG=${{ github.event.release.tag_name }}
          docker buildx imagetools create \
            -t ${{ env.GHCR_IMAGE }}:${TAG} \
            ${{ env.GHCR_IMAGE }}:${TAG}-arm64 \
            ${{ env.GHCR_IMAGE }}:${TAG}-amd64