Multiplatform Builds

.github/workflows/build.yaml

@@ -4,8 +4,6 @@ on:
   push:
     branches: ['main']
 
-# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and
-# a name for the Docker image that this workflow builds.
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
@@ -14,7 +12,7 @@ jobs:
   build-and-push-image:
     runs-on: ubuntu-latest
 
-    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    # Permissions granted to the `GITHUB_TOKEN` for the actions within this job.
     permissions:
       contents: read
       packages: write
@@ -25,45 +23,38 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and
-      # password that will publish the packages. Once published, the packages are scoped to the account defined here.
-      - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ secrets.USERNAME }}
-          password: ${{ secrets.TOKEN }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-      # This step uses https://github.com/docker/metadata-action#about to extract tags and labels that will be applied
-      # to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step.
-      # The `images` value provides the base name for the tags and labels.
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
-      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`.
-      # If the build succeeds, it pushes the image to GitHub Packages. It uses the `context` parameter to define the
-      # build's context as the set of files located in the specified path. For more information, see 
-      # https://github.com/docker/build-push-action#usage in the README of the `docker/build-push-action` repository.
-      # It uses the `tags` and `labels` parameters to tag and label the image with the output of the "meta" step.
       - name: Build and push Docker image
         id: push
-        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        uses: docker/build-push-action@v6
         with:
           context: .
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
       
-      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and
-      # how it was built. It increases supply chain security for people who consume the image. For more information,
-      # see: /actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds 
       - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@v2
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true
-