Add container image support with multi-arch builds

.github/workflows/container.yaml

@@ -0,0 +1,72 @@
+name: Container Image
+
+on:
+
+  # Manual trigger via GH Actions page, runs this workflow from a selected tag or branch,
+  # which also affects the git clone for the `Dockerfile` used, and `github.ref_type` (branch / tag)
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to build (e.g., 1.42.4)'
+        required: true
+        type: string
+
+  # `release.yaml` calls this workflow after it has published a new release and attached files.
+  # NOTE: As `release.yaml` is triggered via a tag being pushed, this workflow inherits
+  # that push event context (github.{event_name, event, ref_type, ref_name, ...})
+  workflow_call:
+    inputs:
+      version:
+        description: 'Version to build (e.g., 1.42.4)'
+        required: true
+        type: string
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  container:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Prepare image metadata
+      id: metadata
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        # NOTE: The `semver` tag type below (with the default `flavor.latest=auto` action setting),
+        # will implicitly append a `latest` tag to publish:
+        # https://github.com/docker/metadata-action/issues/461#issuecomment-2680849083
+        tags: |
+          type=semver,pattern={{major}},value=${{ inputs.version }}
+          type=semver,pattern={{major}}.{{minor}},value=${{ inputs.version }}
+          type=semver,pattern={{major}}.{{minor}}.{{patch}},value=${{ inputs.version }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        platforms: linux/amd64,linux/arm64
+        push: true
+        tags: ${{ steps.metadata.outputs.tags }}
+        labels: ${{ steps.metadata.outputs.labels }}
+        build-args: |
+          JUST_VERSION=${{ inputs.version }}

.github/workflows/release.yaml

@@ -203,3 +203,14 @@ jobs:
         github_token: ${{secrets.GITHUB_TOKEN}}
         publish_branch: gh-pages
         publish_dir: www
+
+  container:
+    uses: ./.github/workflows/container.yaml
+    needs:
+      - package
+      - prerelease
+    # Avoid publishing images for pre-releases (NOTE: `value` is a string, not a boolean)
+    if: ${{ needs.prerelease.outputs.value == 'false' }}
+    with:
+      version: ${{ github.ref_name }}
+    secrets: inherit

Dockerfile

@@ -0,0 +1,30 @@
+# syntax=docker/dockerfile:1
+
+# NOTE: ARGs `BUILDPLATFORM` + `TARGETARCH` are implicitly defined by BuildKit:
+# https://docs.docker.com/reference/dockerfile/#automatic-platform-args-in-the-global-scope
+# NOTE: BuildKit supplied ARGs use convention amd64 / arm64 instead of the desired x86_64 / aarch64
+# https://itsfoss.com/arm-aarch64-x86_64
+#
+# Map arch naming conventions from BuildKit to Rust (TARGETARCH => RUST_ARCH):
+FROM --platform=${BUILDPLATFORM} alpine AS downloader-amd64
+ARG RUST_ARCH=x86_64
+FROM --platform=${BUILDPLATFORM} alpine AS downloader-arm64
+ARG RUST_ARCH=aarch64
+
+# Fetch the expected version of `just` via GH Releases:
+FROM downloader-${TARGETARCH} AS downloader
+SHELL ["/bin/ash", "-eux", "-o", "pipefail", "-c"]
+# This ARG will be set via GitHub Actions during release builds
+ARG JUST_VERSION
+ARG RELEASE_URL="https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-${RUST_ARCH}-unknown-linux-musl.tar.gz"
+RUN wget -O - "${RELEASE_URL}" \
+    | tar --directory /usr/local/bin --extract --gzip --no-same-owner just
+
+# Use scratch for minimal final image - no OS, just the binary
+# This results in a ~10MB image vs ~50MB+ with a full OS
+FROM scratch
+COPY --from=downloader /usr/local/bin/just /usr/local/bin/just
+
+# Default to running just with help if no arguments provided
+ENTRYPOINT ["just"]
+CMD ["--help"]

README.md

@@ -4682,4 +4682,12 @@ your computational endeavors!
 
 😸
 
+## Container Usage
+
+Copy `just` into your own `Dockerfile`:
+
+```Dockerfile
+COPY --link --from=ghcr.io/casey/just:latest /usr/local/bin/just /usr/local/bin/just
+```
+
 [🔼 Back to the top!](#just)