🔧 Stick with save/load mechanism and also add ecr publish

Author: giom-l

.github/workflows/main.yml

@@ -43,6 +43,7 @@ jobs:
         uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
+        id: buildx
         uses: docker/setup-buildx-action@v3
 
       - name: Cache Docker layers
@@ -53,34 +54,178 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-buildx-
 
+     # Build multi platform images and loading them at the same time is not possible with default container runtime : https://github.com/docker/buildx/issues/59   
+      # So let's use containerd instead as it supports this option
+      # Also containerd is one of the option to allow preserving provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
+      - name: Setup docker with containerd
+        uses: crazy-max/ghaction-setup-docker@v3
+        with:
+          daemon-config: |
+            {
+              "features": {
+                "containerd-snapshotter": true
+              }
+            }         
+
+      - name: Build docker image
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: api
+          platforms: linux/amd64,linux/arm64
+          provenance: mode=min
+          sbom: true
+          push: false
+          load: true
+          tags: |
+            kafka-ui:temp
+          build-args: |
+            JAR_FILE=api-${{ steps.build.outputs.version }}.jar
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+
+      - name: Dump docker image
+        run: |
+          docker image save kafka-ui:temp > /tmp/image.tar
+  
+      - name: Upload docker image
+        uses: actions/upload-artifact@v4
+        with:
+          name: image
+          path: /tmp/image.tar
+          retention-days: 1
+
+  deploy-ghcr:
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      packages: write
+
+    steps: 
+      - name: Download docker image
+        uses: actions/download-artifact@v4
+        with:
+          name: image
+          path: /tmp
+
+      # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
+      - name: Setup docker with containerd
+        uses: crazy-max/ghaction-setup-docker@v3
+        with:
+          daemon-config: |
+            {
+              "features": {
+                "containerd-snapshotter": true
+              }
+            }     
+                      
+      - name: Load docker image into daemon
+        run: |
+          docker load --input /tmp/image.tar
+      
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ github.actor }}
+          username: "${{ github.actor }}"
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Push images to GHCR
+        run: |
+          docker tag kafka-ui:temp ghcr.io/kafbat/kafka-ui:main
+          docker tag kafka-ui:temp ghcr.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
+          docker push ghcr.io/kafbat/kafka-ui:main
+          docker push ghcr.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
+
+  deploy-dockerhub:
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps: 
+      - name: Download docker image
+        uses: actions/download-artifact@v4
+        with:
+          name: image
+          path: /tmp
+
+      # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
+      - name: Setup docker with containerd
+        uses: crazy-max/ghaction-setup-docker@v3
+        with:
+          daemon-config: |
+            {
+              "features": {
+                "containerd-snapshotter": true
+              }
+            }     
+
+      - name: Load docker image into daemon
+        run: |
+          docker load --input /tmp/image.tar
+
       - name: Login to Dockerhub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+        
+      - name: Push images to dockerhub
+        run: |
+          docker tag kafka-ui:temp docker.io/kafbat/kafka-ui:main
+          docker tag kafka-ui:temp docker.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
+          docker push docker.io/kafbat/kafka-ui:main
+          docker push docker.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
 
-      - name: Build & push docker image
-        id: docker_build_and_push
-        uses: docker/build-push-action@v5
+
+  deploy-ecr:
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: read # To read secrets
+      id-token: write # This is required for requesting the JWT
+
+    steps: 
+      - name: Download docker image
+        uses: actions/download-artifact@v4
         with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: api
-          platforms: linux/amd64,linux/arm64
-          provenance: false
-          push: true
-          tags: |
-            ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }}
-            ghcr.io/kafbat/kafka-ui:main
-            kafbat/kafka-ui:${{ steps.build.outputs.version }}
-            kafbat/kafka-ui:main            
-          build-args: |
-            JAR_FILE=api-${{ steps.build.outputs.version }}.jar
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          name: image
+          path: /tmp
+
+      # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
+      - name: Setup docker with containerd
+        uses: crazy-max/ghaction-setup-docker@v3
+        with:
+          daemon-config: |
+            {
+              "features": {
+                "containerd-snapshotter": true
+              }
+            }     
+
+      - name: Load docker image into daemon
+        run: |
+          docker load --input /tmp/image.tar
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-east-1 # This region only for public ECR
+          role-to-assume: ${{ secrets.AWS_ROLE }}
+
+      - name: Login to public ECR
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registry-type: public
+
+      - name: Push to ECR
+        env:
+          REGISTRY: ${{steps.login-ecr-public.outputs.registry }}
+          REGISTRY_ALIAS: j4u0y1h1
+          REPOSITORY: kafka-ui
+        run: |
+          docker tag kafka-ui:temp $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:main
+          docker tag kafka-ui:temp $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:${{ needs.build.outputs.version }}
+          docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:main
+          docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:${{ needs.build.outputs.version }}