Update Docker builds to publish to ghcr.io & update README (#1067)

.github/workflows/pr-release.yml

@@ -0,0 +1,78 @@
+name: Release snapshot of PR
+on:
+  workflow_run:
+    workflows: ["Build snapshot of PR"]
+    types:
+      - completed
+
+jobs:
+  release-and-comment:
+    name: Release snapshot and comment in PR
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    steps:
+      - name: Download images
+        uses: actions/download-artifact@v4
+        with:
+          path: /tmp/images
+          pattern: image-*
+          merge-multiple: true
+          run-id: ${{ github.event.workflow_run.id }}
+          github-token: ${{ secrets.WORKFLOW_PAT }}
+
+      - name: Load image
+        run: |
+          docker load --input /tmp/images/image-amd64.tar
+          docker load --input /tmp/images/image-arm64.tar
+
+      - name: Download PR number
+        uses: actions/download-artifact@v4
+        with:
+          path: /tmp/pull_request_number
+          pattern: pull_request_number
+          run-id: ${{ github.event.workflow_run.id }}
+          github-token: ${{ secrets.WORKFLOW_PAT }}
+
+      - name: Read the pull_request_number.txt file
+        id: pull_request_number_reader
+        uses: juliangruber/[email protected]
+        with:
+          path: ./pull_request_number/pull_request_number.txt
+
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push
+        working-directory: /tmp/digests
+        run: docker buildx imagetools create -t 'ghcr.io/museofficial/muse:pr-${{ github.event.number }}' -t 'ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}' 'ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}-arm64' 'ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}-amd64'
+
+      - name: Create comment
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: "pr-release"
+          number: ${{ steps.pull_request_number_reader.outputs.content }}
+          message: |
+            #### :package: A new release has been made for this pull request.
+
+            To play around with this PR, pull `ghcr.io/museofficial/muse:pr-${{ github.event.number }}` or `ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}`.
+
+            Images are available for x86_64 and ARM64.
+
+            > Latest commit: ${{ github.event.pull_request.head.sha }}

.github/workflows/pr-snapshot.yml

@@ -0,0 +1,86 @@
+name: Build snapshot of PR
+
+on: pull_request
+
+env:
+  REGISTRY_IMAGE: ghcr.io/museofficial/muse
+
+jobs:
+  build:
+    name: Build snapshot
+    strategy:
+      matrix:
+        runner-platform:
+          - ubuntu-latest
+          - namespace-profile-default-arm64
+        include:
+          - runner-platform: ubuntu-latest
+            build-arch: linux/amd64
+            tagged-platform: amd64
+          - runner-platform: namespace-profile-default-arm64
+            build-arch: linux/arm64
+            tagged-platform: arm64
+    runs-on: ${{ matrix.runner-platform }}
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.build-arch }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+          tags: type=ref,event=pr
+
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get current time
+        uses: josStorer/get-current-time@v2
+        id: current-time
+
+      - name: Build
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          outputs: type=docker,dest=/tmp/image.tar
+          tags: ${{ steps.meta.outputs.tags }}
+          platforms: ${{ matrix.build-arch }}
+          build-args: |
+            COMMIT_HASH=${{ github.sha }}
+            BUILD_DATE=${{ steps.current-time.outputs.time }}
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload image
+        uses: actions/upload-artifact@v4
+        with:
+          name: image-${{ env.PLATFORM_PAIR }}
+          path: /tmp/image.tar
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: Save PR number in artifact
+        shell: bash
+        env:
+          PR_NUMBER: ${{ github.event.number }}
+        run: echo $PR_NUMBER > /tmp/pull_request_number.txt
+      - name: Upload PR number
+        uses: actions/upload-artifact@v4
+        with:
+          name: pull_request_number
+          path: /tmp/pull_request_number.txt
+          overwrite: true

.github/workflows/publish.yml

@@ -11,48 +11,50 @@ jobs:
       matrix:
         runner-platform:
           - ubuntu-latest
-          - buildjet-4vcpu-ubuntu-2204-arm
+          - namespace-profile-default-arm64
         include:
           - runner-platform: ubuntu-latest
             build-arch: linux/amd64
             tagged-platform: amd64
-          - runner-platform: buildjet-4vcpu-ubuntu-2204-arm
+          - runner-platform: namespace-profile-default-arm64
             build-arch: linux/arm64
             tagged-platform: arm64
     runs-on: ${{ matrix.runner-platform }}
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
     steps:
       - name: Set up Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Cache Docker layers
-        # AWS data transfer is pricy
-        if: ${{ matrix.runner-platform != 'buildjet-4vcpu-ubuntu-2204-arm' }}
-        uses: actions/cache@v2
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-prs-${{ matrix.build-arch }}-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-prs-${{ matrix.build-arch }}
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Get current time
         uses: josStorer/get-current-time@v2
         id: current-time
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           push: true
-          tags: codetheweb/muse:${{ github.sha }}-${{ matrix.tagged-platform }}
+          tags: |
+            codetheweb/muse:${{ github.sha }}-${{ matrix.tagged-platform }}
+            ghcr.io/museofficial/muse:${{ github.sha }}-${{ matrix.tagged-platform }}
           platforms: ${{ matrix.build-arch }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache,mode=min
           build-args: |
             COMMIT_HASH=${{ github.sha }}
             BUILD_DATE=${{ steps.current-time.outputs.time }}
@@ -73,21 +75,37 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Get tags
-        id: get-tags
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get tags (Docker Hub)
+        id: get-tags-dockerhub
         uses: Surgo/docker-smart-tag-action@v1
         with:
           docker_image: codetheweb/muse
 
-      - name: Combine tags
-        run: docker buildx imagetools create $(echo '${{ steps.get-tags.outputs.tag }}' | tr "," "\0" | xargs -0 printf -- '-t %s ') 'codetheweb/muse:${{ github.sha }}-arm64' 'codetheweb/muse:${{ github.sha }}-amd64'
+      - name: Get tags (ghcr.io)
+        id: get-tags-ghcr
+        uses: Surgo/docker-smart-tag-action@v1
+        with:
+          docker_image: codetheweb/muse
+
+      - name: Combine tags (Docker Hub)
+        run: docker buildx imagetools create $(echo '${{ steps.get-tags-dockerhub.outputs.tag }}' | tr "," "\0" | xargs -0 printf -- '-t %s ') 'codetheweb/muse:${{ github.sha }}-arm64' 'codetheweb/muse:${{ github.sha }}-amd64'
+
+      - name: Combine tags (GitHub Container Registry)
+        run: docker buildx imagetools create $(echo '${{ steps.get-tags-ghcr.outputs.tag }}' | tr "," "\0" | xargs -0 printf -- '-t %s ') 'ghcr.io/museofficial/muse:${{ github.sha }}-arm64' 'ghcr.io/museofficial/muse:${{ github.sha }}-amd64'
 
       - name: Update Docker Hub description
         uses: peter-evans/[email protected]
-        env:
-          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
-          DOCKERHUB_REPOSITORY: codetheweb/muse
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: codetheweb/muse
 
   release:
     name: Create GitHub release