adding recommendations

ricky-undeadcoders · ricky-undeadcoders · commit 839537168e1d · 2025-10-08T13:46:23.000-05:00
diff --git a/actions/docker-build-push-image/README.md b/actions/docker-build-push-image/README.md
@@ -36,7 +36,7 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: grafana/shared-workflows/actions/docker-build-push-image@main # TODO: Fix version once released
+      - uses: grafana/shared-workflows/actions/docker-build-push-image@docker-build-push-image/v0.0.0
         with:
           platforms: linux/arm64,linux/amd64
           tags: |
@@ -109,8 +109,6 @@ The full DockerHub image is constructed as follows:
 
 ## Adding New Registries
 
-This is currently configured to push to:
-
 Each registry is setup as follows:
 
 - All inputs for a registry share the same prefix (ex: `gar-image`, `gar-repository`).
diff --git a/actions/docker-build-push-image/action.yaml b/actions/docker-build-push-image/action.yaml
@@ -218,7 +218,7 @@ runs:
         PUSH: ${{ inputs.push }}
       run: |
         #############################################################
-        # This constructs as CSV list of images from the previous
+        # This constructs a CSV list of images from the previous
         # setup steps, and outputs that list
         #
         # If there are no images then we set images="dry-run-image"
@@ -276,13 +276,6 @@ runs:
         DEFAULT_BUILDKITD_CONFIG: /etc/buildkitd.toml
         RUNNER_ENVIRONMENT: ${{ runner.environment }}
       run: |
-        #############################################################
-        # This step does the following:
-        # if buildkitd-config-inline != "", use that
-        # elif buildkitd-config != "", use that
-        # else, use buildkitd-config default config if on self hosted runners
-        #############################################################
-
         buildkitd_config=""
         buildkitd_config_inline=""
 
@@ -361,7 +354,7 @@ runs:
         rm -rf _shared-workflows-docker-build-push-image
 
     - name: Delete Google Application Credentials file
-      if: ${{ inputs.gar-delete-credentials-file == 'true' && env.GOOGLE_APPLICATION_CREDENTIALS != '' }}
+      if: ${{ always() && inputs.gar-delete-credentials-file == 'true' && env.GOOGLE_APPLICATION_CREDENTIALS != '' }}
       shell: sh
       run: |
         if [ -f "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then
diff --git a/actions/docker-export-digest/README.md b/actions/docker-export-digest/README.md
@@ -1,9 +1,9 @@
 # docker-export-digest
 
-This is a composite GitHub Action used to export a docker digest as a workflow artifact, so it can be merged and pushed
-as part of a manifest.
+This is a composite GitHub Action used to export a docker digest as a workflow artifact.
 
-This is meant to work in conjunction with [docker-build-push-image] and [docker-import-digests-push-manifest].
+This can be used in conjunction with [docker-build-push-image] and [docker-import-digests-push-manifest] to build
+native multi-arch Docker images.
 
 [docker/build-push-action]: https://github.com/docker/build-push-action
 [docker-build-push-image]: ../docker-build-push-image/README.md
@@ -21,45 +21,16 @@ on:
       - main
 
 jobs:
-  build-push-image:
-    outputs:
-      images: ${{ steps.build.outputs.images }}
+  upload-digest-as-artifact:
     permissions:
       contents: read
       id-token: write
     steps:
-      - name: Build Docker Image
-        id: build
-        uses: grafana/shared-workflows/actions/docker-build-push-image@main # TODO: Fix version once released
-        with:
-          platforms: linux/arm64
-          tags: |
-            ${{ github.sha }}
-            main
-          push: true
-          registries: "gar,dockerhub"
-          include-tags-in-push: false
-          outputs: "type=image,push-by-digest=true,name-canonical=true,push=true"
       - name: Export and upload digest
-        uses: grafana/shared-workflows/actions/docker-export-digest@rwhitaker/multi-arch-builds # TODO: Fix version once released
+        uses: grafana/shared-workflows/actions/docker-export-digest@docker-export-digest/v0.0.0
         with:
-          digest: ${{ steps.build.outputs.digest }}
+          digest: ${{ steps.docker-build-push-image.outputs.digest }}
           platform: linux/arm64
-  merge-digest:
-    if: ${{ inputs.push == 'true' }}
-    runs-on: ubuntu-arm64-small
-    needs: build-and-push
-    permissions:
-      contents: read
-      id-token: write
-    steps:
-      - name: Download Multi-Arch Digests, Construct and Upload Manifest
-        uses: grafana/shared-workflows/actions/docker-import-digests-push-manifest@main # TODO: Pin sha
-        with:
-          images: ${{ needs.build-push-image.outputs.images }}
-          gar-environment: "dev"
-          registries: "gar,dockerhub"
-          docker-metadata-json: ${{ needs.build-and-push.outputs.metadatajson }}
 ```
 
 <!-- x-release-please-end-version -->
diff --git a/actions/docker-import-digests-push-manifest/README.md b/actions/docker-import-digests-push-manifest/README.md
@@ -3,7 +3,8 @@
 This is a composite GitHub Action used to import Docker digests from a shared workflow artifact and merge them into a
 tagged manifest.
 
-This is meant to work in conjunction with [docker-build-push-image] and [docker-export-digest].
+This can be used in conjunction with [docker-build-push-image] and [docker-export-digest] to build
+native multi-arch Docker images.
 
 [docker/build-push-action]: https://github.com/docker/build-push-action
 [docker-build-push-image]: ../docker-build-push-image/README.md
@@ -21,45 +22,18 @@ on:
       - main
 
 jobs:
-  build-push-image:
-    outputs:
-      images: ${{ steps.build.outputs.images }}
-    permissions:
-      contents: read
-      id-token: write
-    steps:
-      - name: Build Docker Image
-        id: build
-        uses: grafana/shared-workflows/actions/docker-build-push-image@main # TODO: Fix version once released
-        with:
-          platforms: linux/arm64
-          tags: |
-            ${{ github.sha }}
-            main
-          push: true
-          registries: "gar,dockerhub"
-          include-tags-in-push: false
-          outputs: "type=image,push-by-digest=true,name-canonical=true,push=true"
-      - name: Export and upload digest
-        uses: grafana/shared-workflows/actions/docker-export-digest@rwhitaker/multi-arch-builds # TODO: Fix version once released
-        with:
-          digest: ${{ steps.build.outputs.digest }}
-          platform: linux/arm64
-  merge-digest:
-    if: ${{ inputs.push == 'true' }}
-    runs-on: ubuntu-arm64-small
-    needs: build-and-push
+  import-and-merge-digest:
     permissions:
       contents: read
       id-token: write
     steps:
       - name: Download Multi-Arch Digests, Construct and Upload Manifest
-        uses: grafana/shared-workflows/actions/docker-import-digests-push-manifest@main # TODO: Pin sha
+        uses: grafana/shared-workflows/actions/docker-import-digests-push-manifest@docker-import-digests-push-manifest/v0.0.0
         with:
-          images: ${{ needs.build-push-image.outputs.images }}
+          docker-metadata-json: ${{ needs.docker-build-push-image.outputs.metadatajson }}
           gar-environment: "dev"
-          registries: "gar,dockerhub"
-          docker-metadata-json: ${{ needs.build-and-push.outputs.metadatajson }}
+          images: ${{ needs.docker-build-push-image.outputs.images }}
+          push: true
 ```
 
 <!-- x-release-please-end-version -->
diff --git a/actions/docker-import-digests-push-manifest/action.yaml b/actions/docker-import-digests-push-manifest/action.yaml
@@ -48,12 +48,54 @@ runs:
         driver: docker-container
         version: latest # see https://github.com/docker/build-push-action/issues/1345#issuecomment-2770572479
 
-    - name: Login to GAR
+    - name: Prepare vars
+      id: prepare-vars
       if: ${{ inputs.push == 'true' }}
+      env:
+        IMAGES: ${{ inputs.images }}
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        DOCKERHUB_IMAGE=false
+        GAR_IMAGE=false
+
+        IFS=',' read -ra IMAGE_LIST <<< "${IMAGES}"
+
+        for image in "${IMAGE_LIST[@]}"; do
+          image="$(echo "$image" | xargs)"  # trim spaces
+          registry="${image%%/*}"  # everything before first slash
+          echo "Verifying image: $image"
+          echo "Verifying registry: $registry"
+
+          # Default if there's no dot or colon (Docker Hub shorthand)
+          if [[ "$registry" != *.* && "$registry" != *:* ]]; then
+            DOCKERHUB_IMAGE=true
+          fi
+
+          if [[ "$registry" == *".pkg.dev" ]] || [[ "$registry" == *"gcr.io" ]]; then
+            echo "$image → Google Artifact Registry"
+            GAR_IMAGE=true
+          elif [[ "$registry" == "docker.io" ]] || [[ "$registry" == "index.docker.io" ]]; then
+            echo "$image → DockerHub"
+            DOCKERHUB_IMAGE=true
+          else
+            echo "$image → Other registry ($registry)"
+          fi
+        done
+
+        if [[ "$DOCKERHUB_IMAGE" == "true" ]]; then
+          echo "include-dockerhub=true" | tee -a "${GITHUB_OUTPUT}"
+        elif [[ "$GAR_IMAGE" == "true" ]]; then
+          echo "include-gar=true" | tee -a "${GITHUB_OUTPUT}"
+        fi
+
+    - name: Login to GAR
+      if: ${{ steps.prepare-vars.outputs.include-gar == 'true' }}
       uses: ./_shared-workflows-docker-import-digests-push-manifest/actions/login-to-gar
 
     - name: Login to DockerHub
-      if: ${{ inputs.push == 'true' }}
+      if: ${{ steps.prepare-vars.outputs.include-dockerhub == 'true' }}
       uses: ./_shared-workflows-docker-import-digests-push-manifest/actions/dockerhub-login
 
     - name: Create manifest list and push
