Speed up building the LibreSSL 4.2.0 builder

.github/workflows/pr.yml

@@ -119,7 +119,7 @@ jobs:
         # v3.10.0
         uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
       - name: Test build
-        run: "docker buildx build --platform linux/arm64,linux/amd64 --pull --file=standard-builder-with-libressl-4.2.0/Dockerfile ."
+        run: "docker buildx build --pull --file=standard-builder-with-libressl-4.2.0/Dockerfile ."
 
   validate-standard-builder-with-openssl-3_6_0-builds:
     name: Validate standard builder with openssl 3.6.0 image builds

.github/workflows/rebuild-ponyc-based-images.yml

@@ -47,15 +47,15 @@ jobs:
           topic: ${{ github.repository }} scheduled job failure
           content: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} failed.
 
-  standard-builder-with-libressl_4_2_0:
+  standard-builder-with-libressl_4_2_0-amd64:
     needs:
       - standard-builder
 
-    name: Update standard-builder-with-libressl-4.2.0
+    name: Update standard-builder-with-libressl-4.2.0 on amd64
     runs-on: ubuntu-latest
 
     concurrency:
-      group: standard-builder-with-libressl_4_2_0
+      group: standard-builder-with-libressl_4_2_0-amd64
       cancel-in-progress: true
 
     steps:
@@ -81,6 +81,74 @@ jobs:
           topic: ${{ github.repository }} scheduled job failure
           content: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} failed.
 
+  standard-builder-with-libressl_4_2_0-arm64:
+    needs:
+      - standard-builder
+
+    name: Update standard-builder-with-libressl-4.2.0 on arm64
+    runs-on: ubuntu-24.04-arm
+
+    concurrency:
+      group: standard-builder-with-libressl_4_2_0-arm
+      cancel-in-progress: true
+
+    steps:
+      - uses: actions/checkout@v4.1.1
+      - name: Login to GitHub Container Registry
+        # v2.2.0
+        uses: docker/login-action@5139682d94efc37792e6b54386b5b470a68a4737
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        run: bash standard-builder-with-libressl-4.2.0/build-and-push.bash
+      - name: Send alert on failure
+        if: ${{ failure() }}
+        uses: zulip/github-actions-zulip/send-message@e4c8f27c732ba9bd98ac6be0583096dea82feea5
+        with:
+          api-key: ${{ secrets.ZULIP_SCHEDULED_JOB_FAILURE_API_KEY }}
+          email: ${{ secrets.ZULIP_SCHEDULED_JOB_FAILURE_EMAIL }}
+          organization-url: 'https://ponylang.zulipchat.com/'
+          to: notifications
+          type: stream
+          topic: ${{ github.repository }} scheduled job failure
+          content: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} failed.
+
+  merge-standard-builder-with-libressl_4_2_0:
+    needs:
+      - standard-builder-with-libressl_4_2_0-amd64
+      - standard-builder-with-libressl_4_2_0-arm64
+
+    name: Create merged standard-builder-with-libressl_4_2_0
+    runs-on: ubuntu-latest
+
+    concurrency:
+      group: merge-standard-builder-with-libressl_4_2_0
+      cancel-in-progress: true
+
+    steps:
+      - name: Login to GitHub Container Registry
+        # v2.2.0
+        uses: docker/login-action@5139682d94efc37792e6b54386b5b470a68a4737
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Merge
+        run: bash standard-builder-with-libressl-4.2.0/combine-images.bash
+      - name: Send alert on failure
+        if: ${{ failure() }}
+        uses: zulip/github-actions-zulip/send-message@e4c8f27c732ba9bd98ac6be0583096dea82feea5
+        with:
+          api-key: ${{ secrets.ZULIP_SCHEDULED_JOB_FAILURE_API_KEY }}
+          email: ${{ secrets.ZULIP_SCHEDULED_JOB_FAILURE_EMAIL }}
+          organization-url: 'https://ponylang.zulipchat.com/'
+          to: notifications
+          type: stream
+          topic: ${{ github.repository }} scheduled job failure
+          content: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} failed.
+
   standard-builder-with-openssl_3_6_0:
     needs:
       - standard-builder
@@ -288,7 +356,7 @@ jobs:
   send-builders-updated-event:
     needs:
       - standard-builder
-      - standard-builder-with-libressl_4_2_0
+      - merge-standard-builder-with-libressl_4_2_0
       - standard-builder-with-openssl_3_6_0
       - x86-64-unknown-linux-builder-with-libressl_3_9_2
       - x86-64-unknown-linux-builder-with-openssl_1_1_1w

standard-builder-with-libressl-4.2.0/build-and-push.bash

@@ -8,20 +8,27 @@ set -o nounset
 #     this ***
 #
 
+ARCH=$(uname -m)
+case "${ARCH}" in
+    x86_64) ARCH_TAG="amd64" ;;
+    aarch64|arm64) ARCH_TAG="arm64" ;;
+    *) ARCH_TAG="unknown" ;;
+esac
+
 DOCKERFILE_DIR="$(dirname "$0")"
 BUILDER="standard-builder-with-libressl-4.2.0-$(date +%s)"
 NAME="ghcr.io/ponylang/shared-docker-ci-standard-builder-with-libressl-4.2.0"
 
 echo "Building nightly image from standard-builder nightly tag"
 docker buildx create --use --name "${BUILDER}"
 docker buildx build --provenance false --sbom false \
-  --platform linux/arm64,linux/amd64 --pull --push --build-arg \
-  FROM_TAG="nightly" -t "${NAME}:nightly" "${DOCKERFILE_DIR}"
+  --pull --push --build-arg \
+  FROM_TAG="nightly" -t "${NAME}:nightly-${ARCH_TAG}" "${DOCKERFILE_DIR}"
 docker buildx rm "${BUILDER}"
 
 echo "Building release image from standard-builder release tag"
 docker buildx create --use --name "${BUILDER}"
 docker buildx build --provenance false --sbom false \
-  --platform linux/arm64,linux/amd64 --pull --push --build-arg \
-  FROM_TAG="release" -t "${NAME}:release" "${DOCKERFILE_DIR}"
+  --pull --push --build-arg \
+  FROM_TAG="release" -t "${NAME}:release-${ARCH_TAG}" "${DOCKERFILE_DIR}"
 docker buildx rm "${BUILDER}"

standard-builder-with-libressl-4.2.0/combine-images.bash

@@ -0,0 +1,39 @@
+#!/bin/bash
+set -euo pipefail
+
+NAME="ghcr.io/ponylang/shared-docker-ci-standard-builder-with-libressl-4.2.0"
+
+sources=()
+
+# function to check if an image exists
+check_image() {
+  local image="$1"
+  if docker manifest inspect "$image" > /dev/null 2>&1; then
+    echo "Image exists: $image"
+    sources+=("$image")
+  else
+    echo "Image not found: $image"
+  fi
+}
+
+merge_images() {
+  local TAG="$1"
+  echo "Checking available architecture images for ${NAME}:$TAG"
+
+  check_image "${NAME}:${TAG}-amd64"
+  check_image "${NAME}:${TAG}-arm64"
+
+  if [ ${#sources[@]} -eq 0 ]; then
+    echo "No images found for merging, skipping."
+    return 0
+  fi
+
+  echo "Combining images into manifest tag: ${NAME}:${TAG}"
+  docker manifest create "${NAME}:${TAG}" "${sources[@]}"
+  docker manifest push "${NAME}:${TAG}"
+
+  echo "Manifest created successfully."
+}
+
+merge_images "nightly"
+merge_images "release"