From cb5d1652a3627eea0d4461297f2f246dfc7815da Mon Sep 17 00:00:00 2001
From: alex <a.malinin@hublab.ru>
Date: Wed, 15 Oct 2025 11:43:09 +0300
Subject: [PATCH] test new build

---
 .github/workflows/build.yaml | 114 +++++++++++++++++++++++------------
 1 file changed, 76 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 0296c6e..bfe065e 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -21,51 +21,89 @@ jobs:
       CR_REPO: ${{ github.event.repository.name }}
       IMAGE_TAG: ${{ github.sha }}
     steps:
-      - name: Checkout
-        uses: actions/checkout@master
-      - name: Checkout LFS
-        if: ${{ inputs.lfs  }}
-        run: |
-          UrlBase=$GITHUB_SERVER_URL; \
-          UrlLfsBase=$UrlBase/${{ github.repository }}.git/info/lfs/objects; \
-          Auth=`/usr/bin/git config --get --local http.$UrlBase/.extraheader`; \
-          /usr/bin/git config --local http.${UrlLfsBase}/batch.extraheader "$Auth"; \
-          /usr/bin/git config --local http.${UrlLfsBase}/.extraheader ''
+      - name: notify
+        uses: https://bb.hublab.ru/HUB/workflows/.gitea/actions/notify@HEAD
+        with:
+          result: 'started'
+          name: build tag ${{ inputs.tag }}
+          secrets: ${{ toJSON(secrets) }}
+
+      - uses: actions/checkout@v4
+        with:
+          lfs: ${{ inputs.lfs }}
 
-          git config --local lfs.transfer.maxretries 1
-          git ls-remote
-          git lfs checkout
-          git lfs fetch
-          git lfs pull
-          #git lfs fetch origin refs/heads/${{ github.head_ref || github.ref_name }}
       - name: Use ssh key
         uses: webfactory/ssh-agent@v0.9.0
         with:
-              ssh-private-key: | 
-                ${{ secrets.LIB_SSH_KEY }}
-                ${{ secrets.LIB_NEW_SSH_KEY }}
-      - name: Build Docker image
-        run: |
-          if [ "$NO_CACHE" == "true" ]; then
-            docker build -t cr.yandex/$CR_REGISTRY/$CR_REPO:${IMAGE_TAG::7} --no-cache --ssh default .
-          else
-            docker build -t cr.yandex/$CR_REGISTRY/$CR_REPO:${IMAGE_TAG::7} --ssh default .
-          fi
-        env:
-          NO_CACHE: ${{ inputs.force_build || 'false' }}
+          ssh-private-key: |
+            ${{ secrets.LIB_SSH_KEY }}
+            ${{ secrets.LIB_NEW_SSH_KEY }}
+
       - name: Yandex Cloud Login
         uses: yc-actions/yc-cr-login@v2
         with:
           yc-sa-json-credentials: ${{ secrets.YC_SA_JSON_CREDENTIALS }}
-      - name: Tag image
-        env:
-          INPUT_TAG: ${{ inputs.tag }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+
+      - name: Shorten commit SHA
+        run: echo "SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV
+
+      - name: Normalize tag
+        id: normalize
         run: |
-          echo ${INPUT_TAG/\//-} ${IMAGE_TAG::7} $INPUT_TAG $IMAGE_TAG
-          docker tag cr.yandex/$CR_REGISTRY/$CR_REPO:${IMAGE_TAG::7} cr.yandex/$CR_REGISTRY/$CR_REPO:${INPUT_TAG/\//-}
-      - name: Push image
-        env:
-          INPUT_TAG: ${{ inputs.tag }}
+          SAFE_TAG=$(echo "${{ inputs.tag }}" | tr '/' '-')
+          echo "SAFE_TAG=$SAFE_TAG" >> $GITHUB_ENV
+
+      - name: Restore Docker layer cache
+        uses: actions/cache/restore@v4
+        with:
+          path: /cache/buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Build and push multi-arch image
+        id: build-step
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          context: .
+          builder: ${{ steps.buildx.outputs.name }}
+          tags: |
+            cr.yandex/${{ env.CR_REGISTRY }}/${{ env.CR_REPO }}:${{ env.SHORT_SHA }}
+            cr.yandex/${{ env.CR_REGISTRY }}/${{ env.CR_REPO }}:${{ env.SAFE_TAG }}
+          platforms: linux/amd64,linux/arm64/v8
+          ssh: default
+          no-cache: ${{ inputs.force_build }}
+          build-args: |
+            GIT_COMMIT=${{ github.sha }}
+          cache-from: |
+            type=local,src=/cache/buildx-cache
+          cache-to: |
+            type=local,dest=/cache/buildx-cache-new,mode=max
+
+      - name: Move new cache
+        if: always()
         run: |
-          docker push cr.yandex/$CR_REGISTRY/$CR_REPO:${IMAGE_TAG::7}
-          docker push cr.yandex/$CR_REGISTRY/$CR_REPO:${INPUT_TAG/\//-}
\ No newline at end of file
+          rm -rf /cache/buildx-cache
+          mv /cache/buildx-cache-new /cache/buildx-cache
+
+      - name: Save Docker layer cache
+        if: always()
+        uses: actions/cache/save@v4
+        with:
+          path: /cache/buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+
+      - name: post-notify
+        if: always()
+        uses: https://bb.hublab.ru/HUB/workflows/.gitea/actions/notify@HEAD
+        with:
+          result: ${{ steps.build-step.outcome }}
+          name: build tag ${{ inputs.tag }}
+          secrets: ${{ toJSON(secrets) }}
\ No newline at end of file
-- 
2.49.1