kata-containers/.github/workflows/cc-payload.yaml

name: Publish Kata Containers payload for Confidential Containers
on:
  push:
    tags:
      - 'CC\-[0-9]+.[0-9]+.[0-9]+'

jobs:
  build-assets-amd64:
    uses: ./.github/workflows/cc-payload-amd64.yaml
    with:
      target-arch: amd64
    secrets: inherit

  build-assets-s390x:
    uses: ./.github/workflows/cc-payload-s390x.yaml
    with:
      target-arch: s390x
    secrets: inherit

  publish:
    runs-on: ubuntu-latest
    needs: [build-assets-amd64, build-assets-s390x]
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Login to Confidential Containers quay.io
        uses: docker/login-action@v2
        with:
          registry: quay.io
          username: ${{ secrets.COCO_QUAY_DEPLOYER_USERNAME }}
          password: ${{ secrets.COCO_QUAY_DEPLOYER_PASSWORD }}

      - name: Push commit multi-arch manifest
        run: |
          docker manifest create quay.io/confidential-containers/runtime-payload:kata-containers-${GITHUB_SHA} \
          --amend quay.io/confidential-containers/runtime-payload:kata-containers-${GITHUB_SHA}-amd64 \
          --amend quay.io/confidential-containers/runtime-payload:kata-containers-${GITHUB_SHA}-s390x
          docker manifest push quay.io/confidential-containers/runtime-payload:kata-containers-${GITHUB_SHA}

      - name: Push latest multi-arch manifest
        run: |
          docker manifest create quay.io/confidential-containers/runtime-payload:kata-containers-latest \
          --amend quay.io/confidential-containers/runtime-payload:kata-containers-amd64 \
          --amend quay.io/confidential-containers/runtime-payload:kata-containers-s390x
          docker manifest push quay.io/confidential-containers/runtime-payload:kata-containers-latest