From 88f5e01f1b620b5402d37fdc4b38a20f001bab58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20G=C3=BCttler?= <thomas.guettler@syself.com>
Date: Fri, 8 May 2026 09:56:52 +0200
Subject: [PATCH] :seedling: Create container image in CI for syself-1.13.1

Port container image build/push jobs from syself-1.11.6 to syself-1.13.1.
Adds push_release_images and push_release_image_manifests jobs triggered on
version tags, and a docker-push-manifests Makefile target.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/release.yaml | 72 ++++++++++++++++++++++++++++++++++
 Makefile                       |  4 ++
 2 files changed, 76 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 1cc8354051b1..57fb773ff8b1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -4,14 +4,18 @@ on:
   push:
     branches:
       - main
+    tags:
+      - 'v*.*.*'
     paths:
       - 'CHANGELOG/*.md'
 
 permissions:
   contents: write # Allow to push a tag, create a release branch and publish a draft release.
+  packages: write
 
 jobs:
   push_release_tags:
+    if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     outputs:
       release_tag: ${{ steps.release-version.outputs.release_version }}
@@ -80,6 +84,7 @@ jobs:
           echo "Created tags $RELEASE_VERSION and test/${RELEASE_VERSION}"
   release:
     name: create draft release
+    if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     needs: push_release_tags
     steps:
@@ -112,3 +117,70 @@ jobs:
           files: out/*
           body_path: ${{ env.RELEASE_TAG }}.md
           tag_name: ${{ env.RELEASE_TAG }}
+  push_release_images:
+    name: build and push ${{ matrix.arch }} images
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [amd64, arm, arm64, ppc64le, s390x]
+    env:
+      REGISTRY: ghcr.io/syself
+      ALL_DOCKER_BUILD: core
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # tag=v6.0.2
+        with:
+          fetch-depth: 0
+      - name: Calculate go version
+        id: vars
+        run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
+      - name: Set up Go
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # tag=v6.4.0
+        with:
+          go-version: ${{ steps.vars.outputs.go_version }}
+      - name: Build images
+        run: |
+          make REGISTRY="${REGISTRY}" TAG="${GITHUB_REF_NAME}" ARCH="${{ matrix.arch }}" ALL_DOCKER_BUILD="${ALL_DOCKER_BUILD}" docker-build
+      - name: Log in to ghcr.io
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # tag=v4.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+      - name: Push images
+        run: |
+          make REGISTRY="${REGISTRY}" TAG="${GITHUB_REF_NAME}" ARCH="${{ matrix.arch }}" ALL_DOCKER_BUILD="${ALL_DOCKER_BUILD}" docker-push
+  push_release_image_manifests:
+    name: push multi-arch manifests
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    needs: push_release_images
+    env:
+      REGISTRY: ghcr.io/syself
+      ALL_DOCKER_BUILD: core
+      ALL_ARCH: amd64 arm arm64 ppc64le s390x
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # tag=v6.0.2
+        with:
+          fetch-depth: 0
+      - name: Calculate go version
+        id: vars
+        run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
+      - name: Set up Go
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # tag=v6.4.0
+        with:
+          go-version: ${{ steps.vars.outputs.go_version }}
+      - name: Log in to ghcr.io
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # tag=v4.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+      - name: Push multi-arch manifests
+        run: |
+          make REGISTRY="${REGISTRY}" TAG="${GITHUB_REF_NAME}" ALL_ARCH="${ALL_ARCH}" ALL_DOCKER_BUILD="${ALL_DOCKER_BUILD}" docker-push-manifests
diff --git a/Makefile b/Makefile
index 38d5a3957a08..9549f0276d5b 100644
--- a/Makefile
+++ b/Makefile
@@ -1233,6 +1233,10 @@ docker-image-verify: ## Verifies all built images to contain the correct binary
 
 .PHONY: docker-push-all
 docker-push-all: $(addprefix docker-push-,$(ALL_ARCH))  ## Push the docker images to be included in the release for all architectures + related multiarch manifests
+	$(MAKE) ALL_ARCH="$(ALL_ARCH)" docker-push-manifests
+
+.PHONY: docker-push-manifests
+docker-push-manifests: ## Push only the related multiarch manifests for all docker images
 	$(MAKE) ALL_ARCH="$(ALL_ARCH)" $(addprefix docker-push-manifest-,$(ALL_DOCKER_BUILD))
 
 docker-push-%: