From 559fd9c86ec51aa527f472433d261e42aa6c58cc Mon Sep 17 00:00:00 2001 From: jack Date: Mon, 1 Jun 2026 23:49:53 +0800 Subject: [PATCH 1/2] ci: parallel native multi-arch Docker build with separate build/merge jobs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Split single matrix job into 4 parallel build jobs (image × platform) - Use native runners: ubuntu-latest for amd64, ubuntu-24.04-arm for arm64 - Remove QEMU emulation, eliminating 5-10x slowdown on arm64 builds - Add merge job to combine digests into multi-arch manifest via imagetools - Separate GHA cache scopes per platform for better cache stability - Push by digest in build stage, tag in merge stage --- .github/workflows/publish.yml | 124 +++++++++++++++++++++++++++------- 1 file changed, 101 insertions(+), 23 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 29f9bf8..6b91105 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -11,9 +11,9 @@ env: REGISTRY: ghcr.io jobs: - publish: - name: Build & Push — ${{ matrix.name }} - runs-on: ubuntu-latest + build: + name: Build — ${{ matrix.image }} (${{ matrix.platform }}) + runs-on: ${{ matrix.runner }} permissions: contents: read packages: write @@ -22,26 +22,101 @@ jobs: fail-fast: false matrix: include: - - name: control + - image: jbrowser-control + file: docker/Dockerfile.control + platform: linux/amd64 + runner: ubuntu-latest + artifact: digest-control-amd64 + cache-scope: control-amd64 + - image: jbrowser-control file: docker/Dockerfile.control - image: jbrowser-control - scope: control - - name: agent-chromium + platform: linux/arm64 + runner: ubuntu-24.04-arm + artifact: digest-control-arm64 + cache-scope: control-arm64 + - image: jbrowser-agent-chromium + file: docker/Dockerfile.agent-chromium + platform: linux/amd64 + runner: ubuntu-latest + artifact: digest-agent-amd64 + cache-scope: agent-amd64 + - image: jbrowser-agent-chromium file: docker/Dockerfile.agent-chromium - image: jbrowser-agent-chromium - scope: agent-chromium + platform: linux/arm64 + runner: ubuntu-24.04-arm + artifact: digest-agent-arm64 + cache-scope: agent-arm64 steps: - name: Checkout uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build & Push by digest + id: build + uses: docker/build-push-action@v6 + with: + context: . + file: ${{ matrix.file }} + platforms: ${{ matrix.platform }} + outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/${{ matrix.image }},push-by-digest=true + cache-from: type=gha,scope=${{ matrix.cache-scope }} + cache-to: type=gha,scope=${{ matrix.cache-scope }},mode=max + provenance: false + sbom: false + + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.artifact }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + name: Merge — ${{ matrix.image }} + runs-on: ubuntu-latest + needs: build + permissions: + contents: read + packages: write + + strategy: + fail-fast: false + matrix: + include: + - image: jbrowser-control + artifact-prefix: digest-control + - image: jbrowser-agent-chromium + artifact-prefix: digest-agent + + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: ${{ matrix.artifact-prefix }}-* + merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log in to GitHub Container Registry + - name: Log in to GHCR uses: docker/login-action@v3 with: registry: ghcr.io @@ -59,14 +134,17 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} - - name: Build & Push - uses: docker/build-push-action@v6 - with: - context: . - file: ${{ matrix.file }} - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha,scope=${{ matrix.scope }} - cache-to: type=gha,scope=${{ matrix.scope }},mode=max + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + TAG_ARGS=$(echo '${{ steps.meta.outputs.json }}' | jq -r '.tags | map("-t " + .) | join(" ")') + SOURCE_IMAGES="" + for digest_file in *; do + SOURCE_IMAGES="${SOURCE_IMAGES} ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}@sha256:${digest_file}" + done + docker buildx imagetools create ${TAG_ARGS} ${SOURCE_IMAGES} + + - name: Inspect image + run: | + TAG=$(echo '${{ steps.meta.outputs.json }}' | jq -r '.tags[0]') + docker buildx imagetools inspect "${TAG}" From abc82c09e487e2e92812a78a3c25abf84e44eb34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jun 2026 15:51:13 +0000 Subject: [PATCH 2/2] chore(deps-dev): bump vitest from 3.2.4 to 4.1.0 in /frontend Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 4.1.0. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- frontend/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/package.json b/frontend/package.json index 33540b3..148d994 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -24,6 +24,6 @@ "@vitejs/plugin-react": "^4.5.2", "typescript": "^5.8.3", "vite": "^6.3.5", - "vitest": "^3.2.3" + "vitest": "^4.1.0" } }