cloudnativedaysjp · takaishi · Feb 9, 2025 · Feb 11, 2025 · Feb 11, 2025 · Feb 11, 2025
diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml
 branches: 
 labels: ${{ steps.meta.outputs.labels }} 
 branches: 
 labels: ${{ steps.meta.outputs.labels }} 
@@ -9,38 +9,22 @@ jobs:
     strategy:
       matrix:
         runs-on:
-          - "ubuntu-latest"
+          - "ubuntu-24.04"
+          - "ubuntu-24.04-arm"
     runs-on: ${{ matrix.runs-on }}
     timeout-minutes: 10
     if: github.event.pusher.name != 'dreamkast-cloudnativedays'
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
         id: buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-west-2
-
-      - name: Login to Amazon ECR
+      - uses: aws-actions/amazon-ecr-login@v2
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs
-          tags: |
-            type=sha,prefix=,format=long
-            type=ref,event=branch
-
       - name: Prepare-tag
         id: tags
         run: |
@@ -51,13 +35,13 @@ jobs:
             "ARM64" ) arch="arm64" ;;
           esac
           echo "tag=${{ github.sha }}-${arch}" >> $GITHUB_OUTPUT
-
       - name: Build
         id: docker_build
         uses: docker/build-push-action@v6
         with:
           context: ./
           file: ./Dockerfile
+          builder: ${{ steps.buildx.outputs.name }}
           push: true
           tags: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ steps.tags.outputs.tag }}
           provenance: false
@@ -66,10 +50,33 @@ jobs:
           cache-to: type=gha,mode=max
 
   merge-images:
-    runs-on: "ubuntu-latest"
+    strategy:
+      matrix:
+        runs-on:
+          - "ubuntu-24.04"
+          - "ubuntu-24.04-arm"
+    runs-on: ${{ matrix.runs-on }}
     timeout-minutes: 10
     needs: ["build"]
     steps:
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs
+          tags: |
+            type=sha,prefix=,format=long
+            type=ref,event=branch
+      - name: Prepare-tag
+        id: tags
+        run: |
+          arch=""
+          # https://docs.github.com/en/actions/learn-github-actions/contexts#runner-context
+          case "${{ runner.arch }}" in
+            "X64" ) arch="amd64" ;;
+            "ARM64" ) arch="arm64" ;;
+          esac
+          echo "tag=${arch}" >> $GITHUB_OUTPUT
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -87,9 +94,22 @@ jobs:
       - name: Create a New Image
         run: |
           image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}"
-          docker buildx imagetools create \
-            --tag ${image_tag_sha} \
-            ${image_tag_sha}-amd64
+
+          # Create array of image tags from meta output
+          image_tags=()
+          for tag in ${{ steps.meta.outputs.tags }}; do
+            image_tags+=("${tag}-${{ steps.tags.outputs.tag }}")
+          done
+
+          # Join all tags with comma for buildx imagetools create command
+          joined_tags=$(IFS=,; echo "${image_tags[*]}")
+
+          # Create manifest lists for each tag from meta output
+          for tag in ${{ steps.meta.outputs.tags }}; do
+            docker buildx imagetools create \
+              --tag ${tag} \
+              ${image_tag_sha}-${{ steps.tags.outputs.tag }}
+
 
 #      - name: Run Trivy vulnerability scanner
 #        uses: aquasecurity/trivy-action@master

diff --git a/.github/workflows/build-tag.yml b/.github/workflows/build-tag.yml
@@ -6,34 +6,34 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        runs-on:
+          - "ubuntu-24.04"
+          - "ubuntu-24.04-arm"
+    runs-on: ${{ matrix.runs-on }}
+    timeout-minutes: 10
     steps:
       - uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
+      - uses: docker/setup-buildx-action@v3
         id: buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ap-northeast-1
-
-      - name: Login to Amazon ECR
+      - uses: aws-actions/amazon-ecr-login@v2
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs
-          tags: |
-            type=sha,prefix=,format=long
-            type=ref,event=tag
-
+      - name: Prepare-tag
+        id: tags
+        run: |
+          arch=""
+          # https://docs.github.com/en/actions/learn-github-actions/contexts#runner-context
+          case "${{ runner.arch }}" in
+            "X64" ) arch="amd64" ;;
+            "ARM64" ) arch="arm64" ;;
+          esac
+          echo "tag=${{ github.sha }}-${arch}" >> $GITHUB_OUTPUT
       - name: Build
         id: docker_build
         uses: docker/build-push-action@v6
@@ -42,7 +42,69 @@ jobs:
           file: ./Dockerfile
           builder: ${{ steps.buildx.outputs.name }}
           push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          tags: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ steps.tags.outputs.tag }}
+          provenance: false
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+  merge-images:
+    strategy:
+      matrix:
+        runs-on:
+          - "ubuntu-24.04"
+          - "ubuntu-24.04-arm"
+    runs-on: ${{ matrix.runs-on }}
+    timeout-minutes: 10
+    needs: ["build"]
+    steps:
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs
+          tags: |
+            type=sha,prefix=,format=long
+            type=ref,event=tag
+      - name: Prepare-tag
+        id: tags
+        run: |
+          arch=""
+          # https://docs.github.com/en/actions/learn-github-actions/contexts#runner-context
+          case "${{ runner.arch }}" in
+            "X64" ) arch="amd64" ;;
+            "ARM64" ) arch="arm64" ;;
+          esac
+          echo "tag=${arch}" >> $GITHUB_OUTPUT
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Create a New Image
+        run: |
+          image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}"
+
+          # Create array of image tags from meta output
+          image_tags=()
+          for tag in ${{ steps.meta.outputs.tags }}; do
+            image_tags+=("${tag}-${{ steps.tags.outputs.tag }}")
+          done
+
+          # Join all tags with comma for buildx imagetools create command
+          joined_tags=$(IFS=,; echo "${image_tags[*]}")
+
+          # Create manifest lists for each tag from meta output
+          for tag in ${{ steps.meta.outputs.tags }}; do
+            docker buildx imagetools create \
+              --tag ${tag} \
+              ${image_tag_sha}-${{ steps.tags.outputs.tag }}
diff --git a/Dockerfile b/Dockerfile
@@ -31,7 +31,7 @@
 COPY --link --from=node /app/node_modules /app/node_modules
 COPY --link --from=fetch-lib /usr/local/bundle /usr/local/bundle
 RUN apt-get update && apt-get install -y libvips42
 ENV AWS_ACCESS_KEY_ID=''
 ARG RAILS_ENV='production'
 RUN --mount=type=cache,uid=1000,target=/app/tmp/cache SECRET_KEY_BASE=hoge RAILS_ENV=${RAILS_ENV} DB_ADAPTER=nulldb bin/rails assets:precompile

@@ -47,10 +47,10 @@
 WORKDIR /app
 COPY --link --from=node /app/node_modules /app/node_modules
 COPY --link --from=fetch-lib /usr/local/bundle /usr/local/bundle
-RUN apt-get update && apt-get -y install wget libmariadb3 libvips42 \
-    && wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb \
-    && apt install -y ./google-chrome-stable_current_amd64.deb \
-    && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get -y install wget libmariadb3 libvips42 chromium && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+ENV CHROME_BIN=/usr/bin/chromium
 COPY --link . .
 COPY --link --from=asset-compile /app/public /app/public
 EXPOSE 3000