feat: Publish container images to GitHub ghcr.io (#473)

* ghcr

* fix name

* ghcr

* ghcr

* ghcr

* ghcr

* ghcr

* ghcr update action

* ghcr update action

* ghcr update action

* ghcr update action

* ghcr update action

* ghcr update action

* ghcr classic

* ghcr classic

* ghcr: better naming and tidy up

* ghcr classic fix chmod

* tidy up

* tidy up

* if-no-files-found: error

.github/workflows/ghcr.yml

@@ -0,0 +1,329 @@
+name: Build and publish to ghcr.io
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+      - '[0-9]+.[0-9]+.[0-9]+'
+      - 'v[0-9]+.[0-9]+.[0-9]+-[0-9]+'
+      - '[0-9]+.[0-9]+.[0-9]+-[0-9]+'
+
+env:
+  CARGO_TERM_COLOR: always
+  LATEST_TAG: latest
+
+permissions:
+  contents: read
+  packages: write # So need to set "secrets.GITHUB_TOKEN"
+
+jobs:
+
+  # Binary build
+  build:
+    name: Build - ${{ matrix.job.name }}
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        job:
+          - { name: "amd64",   target: "x86_64-unknown-linux-musl" }
+          - { name: "arm64v8", target: "aarch64-unknown-linux-musl" }
+          - { name: "armv7",   target: "armv7-unknown-linux-musleabihf" }
+          - { name: "i386",    target: "i686-unknown-linux-musl" }
+          #- { name: "amd64fb", target: "x86_64-unknown-freebsd" }
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+    
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@v1
+        with:
+          toolchain: "1.70.0"
+          targets: ${{ matrix.job.target }}
+          components: "rustfmt"
+          
+      - uses: Swatinem/rust-cache@v2
+        with:
+          prefix-key: ${{ matrix.job.os }}
+
+      - name: Build
+        uses: actions-rs/cargo@v1
+        with:
+          command: build
+          args: --release --all-features --target=${{ matrix.job.target }}
+          use-cross: true  
+
+      - name: Exec chmod
+        run: chmod -v a+x target/${{ matrix.job.target }}/release/*
+
+      - name: Publish Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: binaries-linux-${{ matrix.job.name }}
+          path: |
+            target/${{ matrix.job.target }}/release/hbbr
+            target/${{ matrix.job.target }}/release/hbbs
+            target/${{ matrix.job.target }}/release/rustdesk-utils
+          if-no-files-found: error
+  
+  # Build and push single-arch Docker images to ghcr.io
+  create-s6-overlay-images:
+    name: Docker push - ${{ matrix.job.name }}
+    needs: build
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        job:
+          - { name: "amd64",   docker_platform: "linux/amd64",  s6_platform: "x86_64" }
+          - { name: "arm64v8", docker_platform: "linux/arm64",  s6_platform: "aarch64" }
+          - { name: "armv7",   docker_platform: "linux/arm/v7", s6_platform: "armhf" }
+          - { name: "i386",    docker_platform: "linux/386",    s6_platform: "i686" }
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download binaries
+        uses: actions/download-artifact@v4
+        with:
+          pattern: binaries-linux-${{ matrix.job.name }}
+          path: docker/rootfs/usr/bin
+          merge-multiple: true
+
+      - name: Make binaries executable
+        run: chmod -v a+x docker/rootfs/usr/bin/*
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+        
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}-s6
+
+      - name: Get git tag
+        id: vars
+        run: |
+          T=${GITHUB_REF#refs/*/}
+          M=${T%%.*}
+          echo "GIT_TAG=$T" >> $GITHUB_ENV
+          echo "MAJOR_TAG=$M" >> $GITHUB_ENV
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: "./docker"
+          platforms: ${{ matrix.job.docker_platform }}
+          push: true
+          provenance: false
+          build-args: |
+            S6_ARCH=${{ matrix.job.s6_platform }}
+          tags: |
+            ghcr.io/${{ github.repository }}-s6:${{ env.LATEST_TAG }}-${{ matrix.job.name }}
+            ghcr.io/${{ github.repository }}-s6:${{ env.GIT_TAG }}-${{ matrix.job.name }}
+            ghcr.io/${{ github.repository }}-s6:${{ env.MAJOR_TAG }}-${{ matrix.job.name }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  # Set up minifest and tag for pushed image
+  create-s6-overlay-images-manifest:
+    name: Manifest for s6-overlay images
+    needs: create-s6-overlay-images
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Log in to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get git tag
+        id: vars
+        run: |
+          T=${GITHUB_REF#refs/*/}
+          M=${T%%.*}
+          echo "GIT_TAG=$T" >> $GITHUB_ENV
+          echo "MAJOR_TAG=$M" >> $GITHUB_ENV
+
+      # Create and push manifest for :ve.rs.ion tag
+      - name: Create and push manifest (:ve.rs.ion)
+        uses: Noelware/docker-manifest-action@master
+        if: github.event_name != 'workflow_dispatch'
+        with:
+          base-image: ghcr.io/${{ github.repository }}-s6:${{ env.GIT_TAG }}
+          extra-images: |
+            ghcr.io/${{ github.repository }}-s6:${{ env.GIT_TAG }}-amd64,
+            ghcr.io/${{ github.repository }}-s6:${{ env.GIT_TAG }}-arm64v8,
+            ghcr.io/${{ github.repository }}-s6:${{ env.GIT_TAG }}-armv7,
+            ghcr.io/${{ github.repository }}-s6:${{ env.GIT_TAG }}-i386
+          push: true
+
+      # Create and push manifest for :major tag
+      - name: Create and push manifest (:major)
+        uses: Noelware/docker-manifest-action@master
+        with:
+          base-image: ghcr.io/${{ github.repository }}-s6:${{ env.MAJOR_TAG }}
+          extra-images: |
+            ghcr.io/${{ github.repository }}-s6:${{ env.MAJOR_TAG }}-amd64,
+            ghcr.io/${{ github.repository }}-s6:${{ env.MAJOR_TAG }}-arm64v8,
+            ghcr.io/${{ github.repository }}-s6:${{ env.MAJOR_TAG }}-armv7,
+            ghcr.io/${{ github.repository }}-s6:${{ env.MAJOR_TAG }}-i386
+          push: true
+
+      # Create and push manifest for :latest tag
+      - name: Create and push manifest (:latest)
+        uses: Noelware/docker-manifest-action@master
+        with:
+          base-image: ghcr.io/${{ github.repository }}-s6:${{ env.LATEST_TAG }}
+          extra-images: |
+            ghcr.io/${{ github.repository }}-s6:${{ env.LATEST_TAG }}-amd64,
+            ghcr.io/${{ github.repository }}-s6:${{ env.LATEST_TAG }}-arm64v8,
+            ghcr.io/${{ github.repository }}-s6:${{ env.LATEST_TAG }}-armv7,
+            ghcr.io/${{ github.repository }}-s6:${{ env.LATEST_TAG }}-i386
+          push: true
+
+  # Build and push single-arch Docker images to ghcr.io
+  create-classic-images:
+    name: Docker push - ${{ matrix.job.name }}
+    needs: build
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        job:
+          - { name: "amd64",   docker_platform: "linux/amd64" }
+          - { name: "arm64v8", docker_platform: "linux/arm64" }
+          - { name: "armv7",   docker_platform: "linux/arm/v7" }
+          - { name: "i386",    docker_platform: "linux/386" }
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download binaries
+        uses: actions/download-artifact@v4
+        with:
+          pattern: binaries-linux-${{ matrix.job.name }}
+          path: docker-classic
+          merge-multiple: true
+
+      - name: Make binaries executable
+        run: chmod -v a+x docker-classic/*
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+        
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+
+      - name: Get git tag
+        id: vars
+        run: |
+          T=${GITHUB_REF#refs/*/}
+          M=${T%%.*}
+          echo "GIT_TAG=$T" >> $GITHUB_ENV
+          echo "MAJOR_TAG=$M" >> $GITHUB_ENV
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: "./docker-classic"
+          platforms: ${{ matrix.job.docker_platform }}
+          push: true
+          provenance: false
+          tags: |
+            ghcr.io/${{ github.repository }}:${{ env.LATEST_TAG }}-${{ matrix.job.name }}
+            ghcr.io/${{ github.repository }}:${{ env.GIT_TAG }}-${{ matrix.job.name }}
+            ghcr.io/${{ github.repository }}:${{ env.MAJOR_TAG }}-${{ matrix.job.name }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  # Set up minifest and tag for pushed image
+  create-classic-images-manifest:
+    name: Manifest for classic images
+    needs: create-classic-images
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Log in to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get git tag
+        id: vars
+        run: |
+          T=${GITHUB_REF#refs/*/}
+          M=${T%%.*}
+          echo "GIT_TAG=$T" >> $GITHUB_ENV
+          echo "MAJOR_TAG=$M" >> $GITHUB_ENV
+
+      # Create and push manifest for :ve.rs.ion tag
+      - name: Create and push manifest (:ve.rs.ion)
+        uses: Noelware/docker-manifest-action@master
+        if: github.event_name != 'workflow_dispatch'
+        with:
+          base-image: ghcr.io/${{ github.repository }}:${{ env.GIT_TAG }}
+          extra-images: |
+            ghcr.io/${{ github.repository }}:${{ env.GIT_TAG }}-amd64,
+            ghcr.io/${{ github.repository }}:${{ env.GIT_TAG }}-arm64v8,
+            ghcr.io/${{ github.repository }}:${{ env.GIT_TAG }}-armv7,
+            ghcr.io/${{ github.repository }}:${{ env.GIT_TAG }}-i386
+          push: true
+
+      # Create and push manifest for :major tag
+      - name: Create and push manifest (:major)
+        uses: Noelware/docker-manifest-action@master
+        with:
+          base-image: ghcr.io/${{ github.repository }}:${{ env.MAJOR_TAG }}
+          extra-images: |
+            ghcr.io/${{ github.repository }}:${{ env.MAJOR_TAG }}-amd64,
+            ghcr.io/${{ github.repository }}:${{ env.MAJOR_TAG }}-arm64v8,
+            ghcr.io/${{ github.repository }}:${{ env.MAJOR_TAG }}-armv7,
+            ghcr.io/${{ github.repository }}:${{ env.MAJOR_TAG }}-i386
+          push: true
+
+      # Create and push manifest for :latest tag
+      - name: Create and push manifest (:latest)
+        uses: Noelware/docker-manifest-action@master
+        with:
+          base-image: ghcr.io/${{ github.repository }}:${{ env.LATEST_TAG }}
+          extra-images: |
+            ghcr.io/${{ github.repository }}:${{ env.LATEST_TAG }}-amd64,
+            ghcr.io/${{ github.repository }}:${{ env.LATEST_TAG }}-arm64v8,
+            ghcr.io/${{ github.repository }}:${{ env.LATEST_TAG }}-armv7,
+            ghcr.io/${{ github.repository }}:${{ env.LATEST_TAG }}-i386
+          push: true