Merge remote-tracking branch 'origin/2024.06' into oidc

.github/workflows/build_test_deploy.yml

@@ -4,10 +4,6 @@
 #    Username of docker login for logging in docker for pulling images (higher pull rate limit)
 # ${{ secrets.Docker_Password }}
 #    Password of docker login for logging in docker for pulling images (higher pull rate limit)
-# ${{ secrets.Docker_Login2 }}
-#    Second Username of docker login for logging in docker for pulling images (higher pull rate limit)
-# ${{ secrets.Docker_Password2 }}
-#    Second Password of docker login for logging in docker for pulling images (higher pull rate limit)
 ################################################
 
 name: build-test-deploy
@@ -87,7 +83,7 @@ jobs:
 # This is used by the next build job.
   targets:
     name: create targets
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     outputs:
       matrix: ${{ steps.targets.outputs.matrix }}
     steps:
@@ -109,7 +105,7 @@ jobs:
       fail-fast: false
       matrix:
         target: ["base", "assets"]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
      contents: read
      packages: write
@@ -184,7 +180,7 @@ jobs:
       fail-fast: false
       matrix:
         target: ["base", "assets"]
-    runs-on: self-hosted
+    runs-on: ubuntu-24.04-arm
     permissions:
      contents: read
      packages: write
@@ -219,8 +215,8 @@ jobs:
           PINNED_LABEL_VERSION: ${{ env.PINNED_MAILU_VERSION }}
           ARCH: linux/arm64/v8,linux/arm/v7
           BUILDER: ${{ steps.uuid.outputs.uuid }}
-          DOCKER_LOGIN2: ${{ secrets.Docker_Login2 }}
-          DOCKER_PASSW2: ${{ secrets.Docker_Password2 }}
+          DOCKER_LOGIN: ${{ secrets.Docker_Login }}
+          DOCKER_PASSW: ${{ secrets.Docker_Password }}
           BUILDX_NO_DEFAULT_ATTESTATIONS: 1
         uses: nick-fields/retry@v3
         with:
@@ -232,7 +228,7 @@ jobs:
             set -euxo pipefail \
               ; /usr/bin/docker info \
               ; echo "${{ github.token }}" |        docker login --username "${{ github.repository_owner }}" --password-stdin ghcr.io \
-              ; echo "$DOCKER_PASSW2" |    docker login --username "$DOCKER_LOGIN2" --password-stdin \
+              ; echo "$DOCKER_PASSW" |    docker login --username "$DOCKER_LOGIN" --password-stdin \
               ; /usr/bin/docker buildx rm builder-${{ env.BUILDER }} \
               || echo "builder does not exist" \
               ; /usr/bin/docker buildx create --name builder-${{ env.BUILDER }} --driver docker-container --use \
@@ -261,7 +257,7 @@ jobs:
       fail-fast: false
       matrix:
         target: ${{ fromJson(needs.targets.outputs.matrix) }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
      contents: read
      packages: write
@@ -339,7 +335,7 @@ jobs:
       fail-fast: false
       matrix:
         target: ${{ fromJson(needs.targets.outputs.matrix) }}
-    runs-on: self-hosted
+    runs-on: ubuntu-24.04-arm
     permissions:
      contents: read
      packages: write
@@ -374,8 +370,8 @@ jobs:
           PINNED_LABEL_VERSION: ${{ env.PINNED_MAILU_VERSION }}
           ARCH: linux/arm64/v8,linux/arm/v7
           BUILDER: ${{ steps.uuid.outputs.uuid }}
-          DOCKER_LOGIN2: ${{ secrets.Docker_Login2 }}
-          DOCKER_PASSW2: ${{ secrets.Docker_Password2 }}
+          DOCKER_LOGIN: ${{ secrets.Docker_Login }}
+          DOCKER_PASSW: ${{ secrets.Docker_Password }}
           BUILDX_NO_DEFAULT_ATTESTATIONS: 1
         uses: nick-fields/retry@v3
         with:
@@ -387,7 +383,7 @@ jobs:
             set -euxo pipefail \
               ; /usr/bin/docker info \
               ; echo "${{ github.token }}" |        docker login --username "${{ github.repository_owner }}" --password-stdin ghcr.io \
-              ; echo "$DOCKER_PASSW2" |    docker login --username "$DOCKER_LOGIN2" --password-stdin \
+              ; echo "$DOCKER_PASSW" |    docker login --username "$DOCKER_LOGIN" --password-stdin \
               ; /usr/bin/docker buildx rm builder-${{ env.BUILDER }} \
               || echo "builder does not exist" \
               ; /usr/bin/docker buildx create --name builder-${{ env.BUILDER }} --driver docker-container --use \
@@ -409,7 +405,7 @@ jobs:
   tests:
     name: tests
     if: contains(inputs.architecture, 'linux/amd64')
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
      contents: read
      packages: read
@@ -466,10 +462,10 @@ jobs:
     name: Deploy images
     # Deploying is not required for staging
     if: inputs.deploy == 'true'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs:
       - build
-     # - build-arm
+      - build-arm
       - tests
     strategy:
       fail-fast: false
@@ -535,7 +531,7 @@ jobs:
 #This job creates a tagged release. A tag is created for the pinned version x.y.z. The GH release refers to this tag.
   tag-release:
     if: inputs.release == 'true'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs:
       - deploy
     steps:

.github/workflows/multiarch.yml

@@ -86,9 +86,7 @@ jobs:
       - derive-variables
     uses: ./.github/workflows/build_test_deploy.yml
     with:
-      # linux/arm64/v8,linux/arm/v7 will be added when GitHub hosted arm64 runners are available by the end of 2024
-      # https://github.blog/news-insights/product-news/arm64-on-github-actions-powering-faster-more-efficient-build-systems/
-      architecture: 'linux/amd64'
+      architecture: 'linux/amd64,linux/arm64/v8,linux/arm/v7'
       mailu_version: ${{needs.derive-variables.outputs.MAILU_VERSION}}
       pinned_mailu_version: ${{needs.derive-variables.outputs.PINNED_MAILU_VERSION}}
       docker_org: ${{needs.derive-variables.outputs.DOCKER_ORG}}