skpr · nickschuch · Oct 1, 2025 · Sep 26, 2025 · Sep 29, 2025 · Sep 29, 2025
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
@@ -0,0 +1,29 @@
+name: 🏗️ Build PR
+
+on:
+  pull_request: ~
+
+env:
+  stream: "pr-${{ github.event.pull_request.number }}"
+
+jobs:
+  build:
+    name: Build Docker image
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        node: [ '20', '22', '24' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: 🐋 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 🏗️ Build  Docker image
+        uses: docker/bake-action@v6
+        env:
+          NODE_VERSION: ${{ matrix.node }}
+          STREAM: ${{ env.stream }}
diff --git a/.github/workflows/build-push-latest.yml b/.github/workflows/build-push-latest.yml
@@ -0,0 +1,17 @@
+name: 🏗️ Build and Push Latest
+
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch: ~
+  schedule:
+    # At 14:00 UTC every day
+    - cron: '0 14 * * *'
+
+jobs:
+  build:
+    uses: ./.github/workflows/build-push.yml
+    with:
+      stream: latest
+      push: true
+    secrets: inherit
diff --git a/.github/workflows/build-push-stable.yml b/.github/workflows/build-push-stable.yml
@@ -0,0 +1,17 @@
+name: 🏗️ Build and Push Stable
+
+on:
+  push:
+    branches: [ releases ]
+  workflow_dispatch: ~
+  schedule:
+    # At 14:00 UTC every day
+    - cron: '0 14 * * *'
+
+jobs:
+  build:
+    uses: ./.github/workflows/build-push.yml
+    with:
+      stream: stable
+      push: true
+    secrets: inherit
diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
@@ -0,0 +1,62 @@
+name: 🏗️ Build and Push
+
+on:
+  workflow_call:
+    inputs:
+      runs_on:
+        type: string
+        default: ubuntu-latest
+        description: The image to run the jobs.
+      stream:
+        type: string
+        default: latest
+        description: The stream to build (e.g latest or stable).
+      push:
+        type: boolean
+        default: false
+        description: Whether to push the built image to the registry.
+
+    secrets:
+      DOCKERHUB_USERNAME:
+        required: true
+      DOCKERHUB_TOKEN:
+        required: true
+
+jobs:
+  build:
+    name: Build Docker image
+    runs-on: ${{ inputs.runs_on }}
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    strategy:
+      fail-fast: false
+      matrix:
+        node: [ '20', '22', '24' ]
+
+    steps:
+      - name: 🔑 Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: 🔑 Log in to the GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 🐋 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 🏗️ Build and push Docker image
+        uses: docker/bake-action@v6
+        env:
+          PHP_VERSION: ${{ matrix.php }}
+          STREAM: ${{ inputs.stream }}
+        with:
+          push: ${{ inputs.push }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,4 @@
-ARG FROM_IMAGE
-FROM ${FROM_IMAGE}
+FROM from_image AS base
 
 # Libuv 1.45.0 is affected by a kernel bug on certain kernels.
 # This leads to errors where Garden tool downloading errors with ETXTBSY
@@ -49,4 +48,13 @@ RUN npm install -g pnpm@10
 
 USER skpr
 
-ENV PATH /data/node_modules/.bin:$PATH
+ENV PATH=/data/node_modules/.bin:$PATH
+
+# Temporary build stage where we can run the test suite.
+FROM base AS test
+COPY --from=ghcr.io/goss-org/goss:latest /usr/bin/goss /usr/bin/goss
+ADD goss.yml /tmp/goss.yml
+RUN goss --gossfile=/tmp/goss.yml validate
+
+FROM base AS run
+CMD ["bash"]
diff --git a/Makefile b/Makefile
@@ -1,34 +1,10 @@
 #!/usr/bin/make -f
 
-REGISTRY=skpr/node
-ALPINE_VERSION=3.21
-NODE_VERSION=20
-ARCH=amd64
-VERSION_TAG=v3-latest
+NODE_VERSION=22
 
-IMAGE=${REGISTRY}:${NODE_VERSION}-${VERSION_TAG}
-IMAGE_DEV=${REGISTRY}:dev-${NODE_VERSION}-${VERSION_TAG}
-
-build:
-	# Building production image.
-	docker build --build-arg FROM_IMAGE=node:${NODE_VERSION}-alpine${ALPINE_VERSION} -t ${IMAGE}-${ARCH} .
-	# Building development image.
-	docker build --build-arg FROM_IMAGE=${IMAGE}-${ARCH} -t ${IMAGE_DEV}-${ARCH} dev
-	# Testing development image.
-	container-structure-test test --image ${IMAGE_DEV}-${ARCH} --config tests.yml
-
-push:
-	# Pushing production image.
-	docker push ${IMAGE}-${ARCH}
-	# Pushing development image.
-	docker push ${IMAGE_DEV}-${ARCH}
-
-manifest:
-	# Creating manifest for production image.
-	docker manifest create ${IMAGE} --amend ${IMAGE}-arm64 --amend ${IMAGE}-amd64
-	docker manifest push ${IMAGE}
-	# Creating manifest for development image.
-	docker manifest create ${IMAGE_DEV} --amend ${IMAGE_DEV}-arm64 --amend ${IMAGE_DEV}-amd64
-	docker manifest push ${IMAGE_DEV}
+# Example build command for local development.
+# See Github Action for multi-arch and multi-stream building.
+nbake:
+	NODE_VERSION=${NODE_VERSION} docker buildx bake
 
 .PHONY: *