refactor: parallelize Docker multi-arch builds (arm64/amd64) (#1774)

* Initial plan * refactor: parallelize Docker image builds for arm64 and amd64 Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com> * security: add explicit GITHUB_TOKEN permissions to workflow jobs Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com> * refactor: use build cache instead of intermediate tags Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com> * ci: perf trigger --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com> Co-authored-by: Junyan Qin <rockchinq@gmail.com>
2025-11-25 03:15:06 +08:00 · 2025-11-11 18:19:35 +08:00
parent 02892e57bb
commit 7a10dfdac1
1 changed files with 83 additions and 13 deletions
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -1,15 +1,17 @@
 name: Build Docker Image
 on:
-  #防止fork乱用action设置只能手动触发构建
-  workflow_dispatch:
  ## 发布release的时候会自动构建
  release:
    types: [published]
 jobs:
-  publish-docker-image:
+  prepare:
    runs-on: ubuntu-latest
-    name: Build image
-    
+    name: Prepare build metadata
+    permissions:
+      contents: read
+    outputs:
+      version: ${{ steps.check_version.outputs.version }}
+      is_prerelease: ${{ github.event.release.prerelease }}
    steps:
      - name: Checkout
        uses: actions/checkout@v2
@@ -37,13 +39,81 @@ jobs:
            echo $GITHUB_REF
            echo ::set-output name=version::${GITHUB_REF}
          fi
+
+  build-images:
+    runs-on: ubuntu-latest
+    needs: prepare
+    name: Build ${{ matrix.platform }} image
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        platform: [linux/amd64, linux/arm64]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - name: Set platform tag
+        id: platform_tag
+        run: |
+          # Convert platform to tag suffix (e.g., linux/amd64 -> amd64)
+          PLATFORM_TAG=$(echo ${{ matrix.platform }} | sed 's/linux\///g')
+          echo ::set-output name=tag::${PLATFORM_TAG}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
      - name: Login to Registry
        run: docker login --username=${{ secrets.DOCKER_USERNAME }} --password ${{ secrets.DOCKER_PASSWORD }}
-      - name: Create Buildx
-        run: docker buildx create --name mybuilder --use
-      - name: Build for Release # only relase, exlude pre-release
-        if: ${{ github.event.release.prerelease == false }}
-        run: docker buildx build --platform linux/arm64,linux/amd64 -t rockchin/langbot:${{ steps.check_version.outputs.version }} -t rockchin/langbot:latest . --push
-      - name: Build for Pre-release # no update for latest tag
-        if: ${{ github.event.release.prerelease == true }}
-        run: docker buildx build --platform linux/arm64,linux/amd64 -t rockchin/langbot:${{ steps.check_version.outputs.version }} . --push
+
+      - name: Build and cache
+        run: |
+          docker buildx build \
+            --platform ${{ matrix.platform }} \
+            --cache-to type=registry,ref=rockchin/langbot:cache-${{ steps.platform_tag.outputs.tag }},mode=max \
+            --cache-from type=registry,ref=rockchin/langbot:cache-${{ steps.platform_tag.outputs.tag }} \
+            -t rockchin/langbot:${{ needs.prepare.outputs.version }} \
+            .
+
+  push-multiarch:
+    runs-on: ubuntu-latest
+    needs: [prepare, build-images]
+    name: Build and push multi-arch images
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Registry
+        run: docker login --username=${{ secrets.DOCKER_USERNAME }} --password ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push for Release
+        if: ${{ needs.prepare.outputs.is_prerelease == 'false' }}
+        run: |
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --cache-from type=registry,ref=rockchin/langbot:cache-amd64 \
+            --cache-from type=registry,ref=rockchin/langbot:cache-arm64 \
+            -t rockchin/langbot:${{ needs.prepare.outputs.version }} \
+            -t rockchin/langbot:latest \
+            --push \
+            .
+
+      - name: Build and push for Pre-release
+        if: ${{ needs.prepare.outputs.is_prerelease == 'true' }}
+        run: |
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --cache-from type=registry,ref=rockchin/langbot:cache-amd64 \
+            --cache-from type=registry,ref=rockchin/langbot:cache-arm64 \
+            -t rockchin/langbot:${{ needs.prepare.outputs.version }} \
+            --push \
+            .