From d1e384ef4c4732b2b73e243abd6c46f8c4c409e0 Mon Sep 17 00:00:00 2001
From: Felix Moessbauer <felix.moessbauer@siemens.com>
Date: Mon, 24 Feb 2025 16:19:06 +0100
Subject: [PATCH] ci: add support to build image for multiple distro versions

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 .github/actions/docker-init/action.yml | 10 +++++++++-
 .github/workflows/master.yml           |  5 ++++-
 .github/workflows/next.yml             | 10 +++++++---
 .github/workflows/release.yml          |  1 +
 4 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index f174f0d1..dbef3ff9 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -7,6 +7,8 @@ inputs:
     required: true
   image-name:
     required: true
+  debian-release:
+    required: false
 
 runs:
   using: composite
@@ -43,11 +45,17 @@ runs:
     - name: Determine Debian tag
       run: |
         COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
-        DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+        DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+        if [ -n "${{ inputs.debian-release }}" ]; then
+          DEBIAN_RELEASE="${{ inputs.debian-release }}"
+        else
+          DEBIAN_RELEASE=$DEBIAN_LATEST_RELEASE
+        fi
         echo "DEBIAN_TAG=$(podman search --list-tags docker.io/debian --limit 1000000000 | \
                            grep "$DEBIAN_RELEASE-.*-slim" | sort -r | sed 's/.*[ ]\+//' | \
                            ./scripts/lower-bound.py $DEBIAN_RELEASE-$COMMIT_DATE-slim )" \
                            >> $GITHUB_ENV
+        echo "DEBIAN_LATEST_RELEASE=$DEBIAN_LATEST_RELEASE" >> $GITHUB_ENV
       shell: bash
 
     - name: Prepare repository for COPY-in
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index f950901d..22013ae7 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -17,6 +17,7 @@ jobs:
     strategy:
       matrix:
         image-name: ["kas", "kas-isar"]
+        debian-release: ["bullseye", "bookworm"]
     steps:
       - name: Check out repo
         uses: actions/checkout@v4
@@ -50,7 +51,9 @@ jobs:
             DEBIAN_TAG=${{ env.DEBIAN_TAG }}
           provenance: false
           outputs: type=registry,rewrite-timestamp=true
-          tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
+          tags: |
+            ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && format('{0}/{1}:latest', github.repository, matrix.image-name) || '' }}
+            ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-${{ matrix.debian-release }}
           annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
       - name: Attest ${{ matrix.image-name }} image
         uses: actions/attest-build-provenance@v1
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index 77c667ef..ea42fde4 100644
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -60,6 +60,7 @@ jobs:
     strategy:
       matrix:
         image-name: ["kas", "kas-isar"]
+        debian-release: ["bullseye", "bookworm"]
     steps:
       - name: Check out repo
         uses: actions/checkout@v4
@@ -69,6 +70,7 @@ jobs:
           deploy-user: ${{ github.actor }}
           deploy-token: ${{ secrets.GITHUB_TOKEN }}
           image-name: ${{ matrix.image-name }}
+          debian-release: ${{ matrix.debian-release }}
 
       - name: Build ${{ matrix.image-name }} image
         uses: docker/build-push-action@v6
@@ -80,10 +82,10 @@ jobs:
             SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }}
             DEBIAN_TAG=${{ env.DEBIAN_TAG }}
           outputs: type=docker,rewrite-timestamp=true
-          tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+          tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.debian-release }}
       - name: Test ${{ matrix.image-name }} image
         env:
-          KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+          KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.debian-release }}
           KAS_CLONE_DEPTH: 1
         run: |
           cd image-tests/${{ matrix.image-name }}
@@ -110,7 +112,9 @@ jobs:
             DEBIAN_TAG=${{ env.DEBIAN_TAG }}
           provenance: false
           outputs: type=registry,rewrite-timestamp=true
-          tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+          tags: |
+            ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && format('{0}/{1}:next', github.repository, matrix.image-name) || '' }}
+            ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.debian-release }}
           annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
       - name: Attest ${{ matrix.image-name }} image
         if: github.ref == 'refs/heads/next'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f4b5f323..3ed0b1a8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,6 +17,7 @@ jobs:
     strategy:
       matrix:
         image-name: ["kas", "kas-isar"]
+        debian-release: ["bullseye", "bookworm"]
     steps:
       - name: Check out repo
         uses: actions/checkout@v4