[ANCHOR-1190] Fix Docker release to publish multi-arch images #1922
Merged
[ANCHOR-1190] Fix Docker release to publish multi-arch images #1922
Conversation
There was a problem hiding this comment.
Pull request overview
This PR fixes the Docker release workflow so it consistently publishes a multi-architecture image by avoiding tag overwrite races between amd64 and arm64 builds.
Changes:
- Push amd64 and arm64 builds to temporary architecture-specific tags (
-amd64,-arm64) instead of the shared release tag. - Add a
create_multi_arch_manifestjob to publish multi-arch manifests for both the version tag andlatest. - Update the
completejob to include the new manifest job in its dependency chain.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
JiahuiWho
force-pushed
the
fix-multi-arch-docker-release
branch
from
7d77ad5 to
5b4b463
Compare
marwen-abid
approved these changes
Apr 10, 2026
| @@ -51,7 +51,7 @@ jobs: | |||
| build-args: | | |||
Contributor
There was a problem hiding this comment.
The CodeQL alert on both files is correct. We should probably limit permissions by adding the following after on: and before jobs:
permissions:
contents: read
marwen-abid
approved these changes
Apr 10, 2026
JiahuiWho
added a commit
that referenced
this pull request
Apr 10, 2026
### Description - Switch to Docker's recommended pattern: - Build jobs push by digest only (no intermediate -amd64 -arm64 tags) - Then a `create_multi_arch_manifest` job uses `docker buildx imagetools create` to merge both digests into a single multi-arch manifest. - Apply the same fix to `on_push_to_develop` ### Context #1922 failed because `docker manifest create` (used to merge the amd64 and arm64 builds) expects each source image to be a plain image manifest. However, `build-push-action` v6 with buildx wraps each single-platform image into a manifest list (containing the image + provenance attestation), so the command rejects them with the error "is a manifest list" ### Testing - `./gradlew test` ### Documentation N/A ### Known limitations N/A
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Each release job now pushes to a temporary arch-specific tag (-amd64, -arm64), and a new
create_multi_arch_manifestjob combines them into a single multi-arch manifest.Same for
on_push_to_developContext
Since 4.1.1, the release workflow has been publishing only one architecture per release due to a race condition, the amd64 and arm64 jobs both push to the same Docker tag, so whichever finishes last overwrites the other.
Testing
./gradlew testDocumentation
N/A
Known limitations
N/A