Create make targets and github workflow for both amd64 and arm64 builds

.github/workflows/build-push.yaml

@@ -0,0 +1,132 @@
+name: Build (amd64 and arm64) and push to quay registries
+
+on:
+  push:
+    branches: ["main"]
+    tags: ["v*.*.*"]
+  pull_request:
+    branches: ["main"]
+
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  REGISTRY: localhost
+  NAME: patternizer
+  TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || (github.ref_name == 'main' && 'latest' || github.ref_name) }}
+
+jobs:
+  build-container:
+    strategy:
+      matrix:
+        include:
+          - targetarch: amd64
+            runner: ubuntu-latest
+          - targetarch: arm64
+            runner: ubuntu-24.04-arm
+
+    runs-on: ${{ matrix.runner }}
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: Build container and save tarball
+        env:
+          CONTAINER: ${{ env.NAME }}:${{ env.TAG }}
+          TARGETARCH: ${{ matrix.targetarch }}
+        run: |
+          make "${TARGETARCH}"
+          buildah push "${CONTAINER}-${TARGETARCH}" "docker-archive:/tmp/image-${TARGETARCH}.tar:${CONTAINER}-${TARGETARCH}"
+
+      - name: Upload image artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: image-${{ matrix.targetarch }}-${{ github.run_id }}
+          path: /tmp/image-${{ matrix.targetarch }}.tar
+          retention-days: 1
+
+  push-multiarch-manifest:
+    needs: [build-container]
+    if: github.event_name != 'pull_request'
+    strategy:
+      matrix:
+        include:
+          - upload_registry: quay.io/validatedpatterns
+            legacy: false
+          - upload_registry: quay.io/hybridcloudpatterns
+            legacy: true
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: Download AMD64 image
+        uses: actions/download-artifact@v5
+        with:
+          name: image-amd64-${{ github.run_id }}
+          path: /tmp
+
+      - name: Download ARM64 image
+        uses: actions/download-artifact@v5
+        with:
+          name: image-arm64-${{ github.run_id }}
+          path: /tmp
+
+      - name: Load tarballs into local containers-storage
+        run: |
+          buildah pull docker-archive:/tmp/image-amd64.tar
+          buildah pull docker-archive:/tmp/image-arm64.tar
+
+      - name: Log into Quay
+        env:
+          USERNAME: ${{ matrix.legacy && secrets.LEGACY_QUAY_USERNAME || secrets.QUAY_USERNAME }}
+          PASSWORD: ${{ matrix.legacy && secrets.LEGACY_QUAY_PASSWORD || secrets.QUAY_PASSWORD }}
+        run: |
+          buildah login -u "${USERNAME}" -p "${PASSWORD}" quay.io
+
+      # The compressed manifest in Quay has a different digest than the local so we
+      # need to use skopeo to retrieve the correct digest for signing
+      - name: Create manifest and push to Quay
+        id: manifest-push
+        env:
+          UPLOADREGISTRY: ${{ matrix.upload_registry }}
+          CONTAINER: ${{ env.NAME }}:${{ env.TAG }}
+        run: |
+          make manifest
+          buildah manifest add --arch=amd64 "${REGISTRY}/${CONTAINER}" "${REGISTRY}/${CONTAINER}-amd64"
+          buildah manifest add --arch=arm64 "${REGISTRY}/${CONTAINER}" "${REGISTRY}/${CONTAINER}-arm64"
+          make upload
+          DIGEST=$(skopeo inspect --format "{{.Digest}}" "docker://${UPLOADREGISTRY}/${CONTAINER}")
+          echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+        with:
+          cosign-release: "v2.2.4"
+
+      # Cosign expects the docker config.json for registry authentication so we must
+      # copy it from buildah
+      - name: Sign the published Docker image
+        env:
+          CONTAINER: ${{ env.NAME }}:${{ env.TAG }}
+          DIGEST: ${{ steps.manifest-push.outputs.digest }}
+          UPLOADREGISTRY: ${{ matrix.upload_registry }}
+        run: |
+          cat "${XDG_RUNTIME_DIR}/containers/auth.json" > ~/.docker/config.json
+          cosign sign --yes "${UPLOADREGISTRY}/${CONTAINER}@${DIGEST}"

.github/workflows/lint-test.yaml

@@ -0,0 +1,50 @@
+name: Lint and Test on PRs
+
+on:
+  pull_request:
+    branches: ["main"]
+
+env:
+  GO_VERSION: '1.24'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache-dependency-path: src/go.sum
+
+      - name: Run linting checks
+        run: make lint
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache-dependency-path: src/go.sum
+
+      - name: Build binary
+        run: make build
+
+      - name: Run unit tests
+        run: make test-unit
+
+      - name: Generate test coverage report
+        run: make test-coverage
+
+      - name: Run integration tests
+        run: make test-integration

Containerfile

@@ -1,5 +1,6 @@
 ARG GO_VERSION=1.24-alpine
 ARG ALPINE_VERSION=latest
+ARG GOARCH=amd64
 
 # Build stage
 FROM docker.io/library/golang:${GO_VERSION} AS builder
@@ -10,7 +11,7 @@ COPY src/go.mod src/go.sum .
 RUN go mod download
 
 COPY src/ .
-RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o patternizer .
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${GOARCH} go build -a -installsuffix cgo -o patternizer .
 
 # Runtime stage
 FROM docker.io/library/alpine:${ALPINE_VERSION}