algorithmicsuperintelligence · codelion · Aug 25, 2025 · Aug 25, 2025 · Aug 25, 2025 · Aug 25, 2025
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -28,46 +28,32 @@ jobs:
       - name: Publish package distributions to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
 
-  docker-publish:
-    name: Publish Docker image
-    runs-on: ubuntu-22.04
+  # AMD64 Docker build job
+  docker-build-amd64:
+    name: Build Docker image (AMD64)
+    runs-on: ubuntu-latest
     needs: pypi-publish
     permissions:
       contents: read
       packages: write
+    outputs:
+      digest: ${{ steps.build.outputs.digest }}
+      metadata: ${{ steps.meta.outputs.json }}
     steps:
-      - uses: actions/checkout@v4
-
-      # Add aggressive cleanup before any Docker operations
-      - name: Free disk space
-        run: |
-          # Clean Docker
-          docker system prune -af
-          docker image prune -af
-          docker builder prune -af
-
-          df -h
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: |
-            image=moby/buildkit:buildx-stable-1
-            network=host
-          buildkitd-flags: --debug
-
+
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Extract metadata for Docker image
-      - name: Extract metadata for Docker
+
+      - name: Extract metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
@@ -76,46 +62,142 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
             type=raw,value=latest
-
-      # Build and push Docker image for AMD64
-      - name: Build and push Docker image AMD64
+          labels: |
+            org.opencontainers.image.title=OpenEvolve
+            org.opencontainers.image.description=Open-source evolutionary coding agent
+            org.opencontainers.image.vendor=OpenEvolve
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}#readme
+            org.opencontainers.image.licenses=Apache-2.0
+
+      - name: Build and push AMD64
+        id: build
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: Dockerfile
-          push: true
           platforms: linux/amd64
-          tags: ${{ steps.meta.outputs.tags }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}-amd64
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha,scope=openevolve-amd64
           cache-to: type=gha,scope=openevolve-amd64,mode=max
-          outputs: type=registry,compression=zstd,compression-level=5
+          provenance: mode=max
+          sbom: true
 
-      # Cleanup after AMD64 build
-      - name: Cleanup after AMD64 build
-        run: |
-          docker system prune -af
-          docker builder prune -af
-          df -h
-
-      # Build and push Docker image for ARM64
-      - name: Build and push Docker image ARM64
+  # ARM64 Docker build job
+  docker-build-arm64:
+    name: Build Docker image (ARM64) 
+    runs-on: ubuntu-latest
+    needs: pypi-publish
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      digest: ${{ steps.build.outputs.digest }}
+      metadata: ${{ steps.meta.outputs.json }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest
+          labels: |
+            org.opencontainers.image.title=OpenEvolve
+            org.opencontainers.image.description=Open-source evolutionary coding agent
+            org.opencontainers.image.vendor=OpenEvolve
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}#readme
+            org.opencontainers.image.licenses=Apache-2.0
+
+      - name: Build and push ARM64
+        id: build
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: Dockerfile
-          push: true
           platforms: linux/arm64
-          tags: ${{ steps.meta.outputs.tags }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}-arm64
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha,scope=openevolve-arm64
           cache-to: type=gha,scope=openevolve-arm64,mode=max
-          outputs: type=registry,compression=zstd,compression-level=5
+          provenance: mode=max
+          sbom: true
+
+  # Create multi-platform manifest
+  docker-manifest:
+    name: Create multi-platform manifest
+    runs-on: ubuntu-latest
+    needs: [docker-build-amd64, docker-build-arm64]
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest
+          labels: |
+            org.opencontainers.image.title=OpenEvolve
+            org.opencontainers.image.description=Open-source evolutionary coding agent
+            org.opencontainers.image.vendor=OpenEvolve
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}#readme
+            org.opencontainers.image.licenses=Apache-2.0
+
+      - name: Create and push multi-platform manifests
+        run: |
+          # Get the tags from metadata
+          TAGS="${{ steps.meta.outputs.tags }}"
+
+          # Create manifests for each tag
+          for tag in $TAGS; do
+            echo "Creating manifest for $tag"
+            docker manifest create $tag \
+              ${tag}-amd64 \
+              ${tag}-arm64
+
+            # Add platform annotations
+            docker manifest annotate $tag ${tag}-amd64 --os linux --arch amd64
+            docker manifest annotate $tag ${tag}-arm64 --os linux --arch arm64 --variant v8
+
+            # Push the manifest
+            docker manifest push $tag
+          done
 
-      # Final cleanup
-      - name: Final cleanup
+      - name: Clean up platform-specific tags
         run: |
-          docker system prune -af
-          docker builder prune -af
-          find /tmp -type f -user $(id -u) -exec rm -f {} + 2>/dev/null || true
-          df -h
+          # Note: Platform-specific tags are kept for debugging purposes
+          # They can be manually cleaned up later if needed
+          echo "Platform-specific tags retained: -amd64, -arm64 suffixes"