From 30c6cc20a870192526700248127858d1cabc7a0b Mon Sep 17 00:00:00 2001
From: Ray Johnson <ray.johnson@moov.io>
Date: Sun, 8 Feb 2026 11:19:02 -0800
Subject: [PATCH] Add multi-architecture build support to workflow

Refactor push workflow to build and push multi-arch images (amd64, arm64, armv7) using Docker Buildx instead of loading pre-built artifacts. This modernizes the workflow to use official GitHub Actions (docker/setup-buildx-action, docker/login-action, docker/build-push-action) and adds proper OCI image labels.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 .github/workflows/build-image.yml | 51 ++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index 12d050af..5932014d 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -116,28 +116,37 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Download image
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.tag }}
-
-      - name: Load image
-        run: docker load -i "${{ inputs.tag }}.tar"
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-      - name: Push image to GitHub registry
-        run: |
-          echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com \
-            -u ${{ github.actor }} --password-stdin
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-          github_tag=docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}
-          docker tag "${{ inputs.image }}:${{ inputs.tag }}" $github_tag
-          docker push "$github_tag"
-          docker logout docker.pkg.github.com
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: docker.pkg.github.com
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Push images to Docker Hub registry
-        run: |
-          echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login \
-            -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
 
-          docker push "${{ inputs.image }}:${{ inputs.tag }}"
-          docker logout
+      - name: Build and push multi-arch images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ${{ inputs.containerfile }}
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          pull: true
+          push: true
+          tags: |
+            docker.pkg.github.com/${{ inputs.image }}/${{ inputs.tag }}
+            ${{ inputs.image }}:${{ inputs.tag }}
+          labels: |
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.created=${{ github.event.repository.updated_at }}