From 861b62993024d08047d68ec0bb719bd37e41d25a Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Thu, 9 Dec 2021 23:26:32 +0100
Subject: [PATCH] Use Buildx bake files for better control over the docker
 images

---
 .dockerignore                |  1 +
 .github/workflows/check.yaml | 28 +++++++++++++++++++++-------
 docker-bake.hcl              | 35 +++++++++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 7 deletions(-)
 create mode 100644 docker-bake.hcl

diff --git a/.dockerignore b/.dockerignore
index ea7950c13..0c50c0918 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -4,3 +4,4 @@ crates/*/node_modules
 .git/
 Dockerfile
 .dockerignore
+docker-bake.hcl
diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml
index 665d3755f..356aad04e 100644
--- a/.github/workflows/check.yaml
+++ b/.github/workflows/check.yaml
@@ -317,6 +317,7 @@ jobs:
         uses: docker/metadata-action@v3
         with:
           images: ghcr.io/matrix-org/matrix-authentication-service
+          bake-target: docker-metadata-action
           tags: |
             type=ref,event=branch
             type=ref,event=pr
@@ -325,6 +326,24 @@ jobs:
             type=semver,pattern={{major}}
             type=sha
 
+      - name: Docker meta (debug variant)
+        id: meta-debug
+        uses: docker/metadata-action@v3
+        with:
+          images: ghcr.io/matrix-org/matrix-authentication-service
+          bake-target: docker-metadata-action-debug
+          tags: |
+            type=ref,event=branch,suffix=-debug
+            type=ref,event=pr,suffix=-debug
+            type=semver,pattern={{version}},suffix=-debug
+            type=semver,pattern={{major}}.{{minor}},suffix=-debug
+            type=semver,pattern={{major}},suffix=-debug
+            type=sha,suffix=-debug
+
+      - name: Merge buildx bake files
+        run: |
+            jq -s '.[0] * .[1]' ${{ steps.meta.outputs.bake-file }} ${{ steps.meta-debug.outputs.bake-file }} > docker-bake.override.json
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
@@ -337,12 +356,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/bake-action@v1
         with:
-          context: .
-          platforms: linux/amd64,linux/arm64
+          targets: gha
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
diff --git a/docker-bake.hcl b/docker-bake.hcl
new file mode 100644
index 000000000..a466aebf2
--- /dev/null
+++ b/docker-bake.hcl
@@ -0,0 +1,35 @@
+// Target filled by GitHub Actions, one for the regular tag, one for the debug tag
+target "docker-metadata-action" {}
+target "docker-metadata-action-debug" {}
+
+target "default" {
+  dockerfile = "Dockerfile"
+  context = "./"
+}
+
+target "debug" {
+  inherits = ["default"]
+  target = "debug"
+}
+
+target "release" {
+  inherits = ["default"]
+  platforms = ["linux/amd64", "linux/arm64"]
+}
+
+// This is what is baked by GitHub Actions
+group "gha" { targets = ["gha-regular", "gha-debug"] }
+
+target "gha-base" {
+  inherits = ["release"]
+  cache-from = ["type=gha"]
+  cache-to = ["type=gha,mode=max"]
+}
+
+target "gha-regular" {
+  inherits = ["gha-base", "docker-metadata-action"]
+}
+
+target "gha-debug" {
+  inherits = ["gha-base", "debug", "docker-metadata-action-debug"]
+}