From 364068eaa6e95463e48ebed718c17977d4ccf2b2 Mon Sep 17 00:00:00 2001
From: Ruoyu Zhong <zhongruoyu@outlook.com>
Date: Sun, 9 Feb 2025 20:24:02 +0800
Subject: [PATCH 1/5] workflows/docker: build and publish ARM64 Docker images

This modifies the Docker workflow to first build the images natively on
x86_64 and ARM64 runners, push them by digest to the registry, and then
merge the manifest lists to form a tagged multi-platform image. This
allows e.g. `docker run homebrew/brew` to work on both platforms.

Ref: https://docs.docker.com/build/ci/github-actions/multi-platform/
---
 .github/workflows/docker.yml | 94 ++++++++++++++++++++++++++++++------
 1 file changed, 80 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index d86215f7ca..eee84d22f1 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -18,14 +18,18 @@ defaults:
     shell: bash -xeuo pipefail {0}
 
 jobs:
-  ubuntu:
+  build:
     if: github.repository_owner == 'Homebrew'
-    name: docker (Ubuntu ${{ matrix.version }})
-    runs-on: ubuntu-latest
+    name: docker (${{ matrix.arch }} Ubuntu ${{ matrix.version }})
+    runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
     strategy:
       fail-fast: false
       matrix:
         version: ["18.04", "20.04", "22.04", "24.04"]
+        arch: ["x86_64", "arm64"]
+    outputs:
+      tags: ${{ steps.attributes.outputs.tags }}
+      push: ${{ steps.attributes.outputs.push }}
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -122,6 +126,8 @@ jobs:
           labels: ${{ steps.attributes.outputs.labels }}
 
       - name: Run brew test-bot --only-setup
+        # TODO: Remove this conditional when `brew doctor` no longer throws an error on ARM64 Linux.
+        if: matrix.arch == 'x86_64'
         run: docker run --rm brew brew test-bot --only-setup
 
       - name: Log in to GitHub Packages (BrewTestBot)
@@ -132,21 +138,81 @@ jobs:
           username: BrewTestBot
           password: ${{ secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN }}
 
-      - name: Log in to Docker Hub
+      - name: Deploy the Docker image by digest
+        id: digest
         if: steps.attributes.outputs.push == 'true'
+        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+        with:
+          context: .
+          cache-from: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache
+          cache-to: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache,mode=max
+          build-args: version=${{ matrix.version }}
+          labels: ${{ steps.attributes.outputs.labels }}
+          outputs: type=image,name=ghcr.io/homebrew/ubuntu${{ matrix.version }},name-canonical=true,push=true,push-by-digest=true
+
+      - name: Export the Docker image digest
+        if: steps.attributes.outputs.push == 'true'
+        run: |
+          mkdir -p "${RUNNER_TEMP}"/digests
+          echo "${DIGEST#sha256:}" >"${RUNNER_TEMP}/digests/${VERSION}-${ARCH}"
+        env:
+          DIGEST: ${{ steps.digest.outputs.digest }}
+          VERSION: ${{ matrix.version }}
+          ARCH: ${{ matrix.arch }}
+
+      - name: Upload the Docker image digest
+        if: steps.attributes.outputs.push == 'true'
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: digest-${{ matrix.version }}-${{ matrix.arch }}
+          path: ${{ runner.temp }}/digests/*
+
+  merge:
+    needs: build
+    if: github.repository_owner == 'Homebrew' && needs.build.outputs.push == 'true'
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        version: ["18.04", "20.04", "22.04", "24.04"]
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+        with:
+          cache-binary: false
+
+      - name: Download Docker image digests
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digest-${{ matrix.version }}-*
+          merge-multiple: true
+
+      - name: Log in to Docker Hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           username: brewtestbot
           password: ${{ secrets.HOMEBREW_BREW_DOCKER_TOKEN }}
 
-      - name: Deploy the tagged Docker image
-        if: steps.attributes.outputs.push == 'true'
-        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+      - name: Log in to GitHub Packages (BrewTestBot)
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
-          context: .
-          push: true
-          tags: ${{ steps.attributes.outputs.tags }}
-          cache-from: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache
-          cache-to: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache,mode=max
-          build-args: version=${{ matrix.version }}
-          labels: ${{ steps.attributes.outputs.labels }}
+          registry: ghcr.io
+          username: BrewTestBot
+          password: ${{ secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN }}
+
+      - name: Merge and push Docker image
+        run: |
+          tag_args=()
+          while IFS=$'\n' read -r tag; do
+            [[ -n "${tag}" ]] || continue
+            tag_args+=("--tag=${tag}")
+          done <<<"${TAGS}"
+
+          docker buildx imagetools create \
+            "${tag_args[@]}" \
+            "ghcr.io/homebrew/ubuntu${VERSION}@sha256:$(cat "${RUNNER_TEMP}/digests/${VERSION}-x86_64")" \
+            "ghcr.io/homebrew/ubuntu${VERSION}@sha256:$(cat "${RUNNER_TEMP}/digests/${VERSION}-arm64")"
+        env:
+          TAGS: ${{ needs.build.outputs.tags }}
+          VERSION: ${{ matrix.version }}

From 1c4dfe066e3ca55d69bd7949bba1d6bcd58d8524 Mon Sep 17 00:00:00 2001
From: Mike McQuaid <mike@mikemcquaid.com>
Date: Tue, 11 Mar 2025 17:16:56 +0000
Subject: [PATCH 2/5] Update .github/workflows/docker.yml

Co-authored-by: Bo Anderson <mail@boanderson.me>
---
 .github/workflows/docker.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index eee84d22f1..55a568ab20 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -27,6 +27,10 @@ jobs:
       matrix:
         version: ["18.04", "20.04", "22.04", "24.04"]
         arch: ["x86_64", "arm64"]
+        exclude:
+          - version: "18.04"
+             architecture: "arm64"
+          - architecture: ${{ github.event_name == 'release' && 'arm64' }}
     outputs:
       tags: ${{ steps.attributes.outputs.tags }}
       push: ${{ steps.attributes.outputs.push }}

From add2ebff6b3efa19d5aa5b1adcd1adc397448d25 Mon Sep 17 00:00:00 2001
From: Carlo Cabrera <github@carlo.cab>
Date: Wed, 12 Mar 2025 12:19:57 +0800
Subject: [PATCH 3/5] Update docker.yml

Co-authored-by: Bo Anderson <mail@boanderson.me>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 55a568ab20..f40ccd661b 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -29,7 +29,7 @@ jobs:
         arch: ["x86_64", "arm64"]
         exclude:
           - version: "18.04"
-             architecture: "arm64"
+            architecture: "arm64"
           - architecture: ${{ github.event_name == 'release' && 'arm64' }}
     outputs:
       tags: ${{ steps.attributes.outputs.tags }}

From be7a97e240a13d327004047c8a9a7a94fe9952be Mon Sep 17 00:00:00 2001
From: Carlo Cabrera <github@carlo.cab>
Date: Wed, 12 Mar 2025 12:21:26 +0800
Subject: [PATCH 4/5] Update docker.yml

---
 .github/workflows/docker.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index f40ccd661b..c20c6353e5 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -29,8 +29,8 @@ jobs:
         arch: ["x86_64", "arm64"]
         exclude:
           - version: "18.04"
-            architecture: "arm64"
-          - architecture: ${{ github.event_name == 'release' && 'arm64' }}
+            arch: "arm64"
+          - arch: ${{ github.event_name == 'release' && 'arm64' }}
     outputs:
       tags: ${{ steps.attributes.outputs.tags }}
       push: ${{ steps.attributes.outputs.push }}

From 344704db7fbb5c7600107fdb4f55cf32f6ea7f6b Mon Sep 17 00:00:00 2001
From: Carlo Cabrera <github@carlo.cab>
Date: Thu, 13 Mar 2025 17:28:35 +0800
Subject: [PATCH 5/5] Update `docker/build-push-action`

---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 561f7089d6..f8855674fd 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -145,7 +145,7 @@ jobs:
       - name: Deploy the Docker image by digest
         id: digest
         if: steps.attributes.outputs.push == 'true'
-        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
           cache-from: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache