From 7a10dfdac1b534bf784329692db0a3538966f389 Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Tue, 11 Nov 2025 18:19:35 +0800
Subject: [PATCH] refactor: parallelize Docker multi-arch builds (arm64/amd64)
 (#1774)

* Initial plan

* refactor: parallelize Docker image builds for arm64 and amd64

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* security: add explicit GITHUB_TOKEN permissions to workflow jobs

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* refactor: use build cache instead of intermediate tags

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* ci: perf trigger

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>
Co-authored-by: Junyan Qin <rockchinq@gmail.com>
---
 .github/workflows/build-docker-image.yml | 96 ++++++++++++++++++++----
 1 file changed, 83 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index 7df1aeae..986a06ee 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -1,15 +1,17 @@
 name: Build Docker Image
 on:
-  #防止fork乱用action设置只能手动触发构建
-  workflow_dispatch:
   ## 发布release的时候会自动构建
   release:
     types: [published]
 jobs:
-  publish-docker-image:
+  prepare:
     runs-on: ubuntu-latest
-    name: Build image
-    
+    name: Prepare build metadata
+    permissions:
+      contents: read
+    outputs:
+      version: ${{ steps.check_version.outputs.version }}
+      is_prerelease: ${{ github.event.release.prerelease }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -37,13 +39,81 @@ jobs:
             echo $GITHUB_REF
             echo ::set-output name=version::${GITHUB_REF}
           fi
+
+  build-images:
+    runs-on: ubuntu-latest
+    needs: prepare
+    name: Build ${{ matrix.platform }} image
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        platform: [linux/amd64, linux/arm64]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - name: Set platform tag
+        id: platform_tag
+        run: |
+          # Convert platform to tag suffix (e.g., linux/amd64 -> amd64)
+          PLATFORM_TAG=$(echo ${{ matrix.platform }} | sed 's/linux\///g')
+          echo ::set-output name=tag::${PLATFORM_TAG}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
       - name: Login to Registry
         run: docker login --username=${{ secrets.DOCKER_USERNAME }} --password ${{ secrets.DOCKER_PASSWORD }}
-      - name: Create Buildx
-        run: docker buildx create --name mybuilder --use
-      - name: Build for Release # only relase, exlude pre-release
-        if: ${{ github.event.release.prerelease == false }}
-        run: docker buildx build --platform linux/arm64,linux/amd64 -t rockchin/langbot:${{ steps.check_version.outputs.version }} -t rockchin/langbot:latest . --push
-      - name: Build for Pre-release # no update for latest tag
-        if: ${{ github.event.release.prerelease == true }}
-        run: docker buildx build --platform linux/arm64,linux/amd64 -t rockchin/langbot:${{ steps.check_version.outputs.version }} . --push
\ No newline at end of file
+
+      - name: Build and cache
+        run: |
+          docker buildx build \
+            --platform ${{ matrix.platform }} \
+            --cache-to type=registry,ref=rockchin/langbot:cache-${{ steps.platform_tag.outputs.tag }},mode=max \
+            --cache-from type=registry,ref=rockchin/langbot:cache-${{ steps.platform_tag.outputs.tag }} \
+            -t rockchin/langbot:${{ needs.prepare.outputs.version }} \
+            .
+
+  push-multiarch:
+    runs-on: ubuntu-latest
+    needs: [prepare, build-images]
+    name: Build and push multi-arch images
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Registry
+        run: docker login --username=${{ secrets.DOCKER_USERNAME }} --password ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push for Release
+        if: ${{ needs.prepare.outputs.is_prerelease == 'false' }}
+        run: |
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --cache-from type=registry,ref=rockchin/langbot:cache-amd64 \
+            --cache-from type=registry,ref=rockchin/langbot:cache-arm64 \
+            -t rockchin/langbot:${{ needs.prepare.outputs.version }} \
+            -t rockchin/langbot:latest \
+            --push \
+            .
+
+      - name: Build and push for Pre-release
+        if: ${{ needs.prepare.outputs.is_prerelease == 'true' }}
+        run: |
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --cache-from type=registry,ref=rockchin/langbot:cache-amd64 \
+            --cache-from type=registry,ref=rockchin/langbot:cache-arm64 \
+            -t rockchin/langbot:${{ needs.prepare.outputs.version }} \
+            --push \
+            .