From a141d41af75cfa92019476069c8e320f8b066948 Mon Sep 17 00:00:00 2001
From: Greg Korba <greg@codito.dev>
Date: Thu, 21 Nov 2024 11:23:24 +0100
Subject: [PATCH] Prepare CI job for building Docker binary-only images

---
 .github/workflows/release.yml | 54 +++++++++++++++++++++++++++++++++++
 Dockerfile                    |  4 +++
 2 files changed, 58 insertions(+)
 create mode 100644 Dockerfile

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e2df36b..c4032e9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,6 +7,7 @@ on:
 
 permissions:
   contents: read
+  packages: write
 
 jobs:
   build-phar:
@@ -38,3 +39,56 @@ jobs:
         if: ${{startsWith(github.ref, 'refs/tags/') }}
         with:
           files: pie.phar
+
+  docker-binary-only-image:
+    needs: build-phar
+    name: Docker binary-only image
+    runs-on: ubuntu-latest
+    if: ${{ startsWith(github.ref, 'refs/tags/') }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Restore built PHAR
+        uses: actions/download-artifact@v4
+        with:
+          name: pie-${{ github.sha }}.phar
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          flavor: |
+            latest=false
+            suffix=-bin
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=latest
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          file: Dockerfile
+          target: standalone-binary
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..58fea80
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,4 @@
+FROM scratch AS standalone-binary
+
+# @TODO change to --chmod=+x when https://github.com/moby/buildkit/pull/5380 is released
+COPY --chmod=0755 pie.phar /pie