chore: misc maintenance updates

update several docs and inputs

.github/workflows/reusable-docker-build.yml

@@ -60,8 +60,11 @@ on:
         type: string
         default: "linux/amd64"
         description: |
-          comma-separated list of platforms to build with.
-          e.g: linux/amd64,linux/arm64
+          comma-separated list of the target platforms for container builds.
+          e.g:
+            - all
+            - linux/amd64
+            - linux/arm64,linux/amd64
       push:
         required: false
         type: boolean

.github/workflows/reusable-go-container-apps.yml

@@ -22,6 +22,16 @@ on:
         description: |
           the Go entrypoint paths for applications, where there they have `package main`
           e.g: ./cmd/thing1 ./cmd/thing2
+      platforms:
+        required: false
+        type: string
+        default: linux/amd64
+        description: |
+          the target platforms to build containers for.
+          e.g:
+            - all
+            - linux/amd64
+            - linux/arm64,linux/amd64
       containerScanningEnabled:
         type: boolean
         default: false
@@ -108,6 +118,7 @@ jobs:
       aws-role-session-name: ${{ inputs.aws-role-session-name }}
       registryGhcrUsernameOverride: ${{ inputs.registryGhcrUsernameOverride }}
       setup: ${{ inputs.buildSetup }}
+      platforms: ${{ inputs.platforms }}
   scan:
     if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "release"]'), github.event_name) && inputs.containerScanningEnabled && startsWith(github.repository, 'GeoNet/') != false }}
     needs: build

.github/workflows/reusable-ko-build.yml

@@ -32,6 +32,16 @@ on:
         type: boolean
         description: |
           set to true to push an image to a registry. When set to false, it will build and exit
+      platforms:
+        required: false
+        type: string
+        default: "linux/amd64"
+        description: |
+          comma-separated list of the target platforms for container builds.
+          e.g:
+            - all
+            - linux/amd64
+            - linux/arm64,linux/amd64
       aws-region:
         type: string
         default: ap-southeast-2
@@ -149,9 +159,10 @@ jobs:
           KO_DOCKER_REPO: ${{ steps.run-info.outputs.ko-docker-repo }}
           IMAGES_PATH: ${{ steps.run-info.outputs.paths }}
           PUSH: ${{ inputs.push }}
+          PLATFORMS: ${{ inputs.platforms }}
         run: |
           echo "NOTICE: using default base image $KO_DEFAULTBASEIMAGE"
-          IMAGES="$(ko build --push=$PUSH --base-import-paths $IMAGES_PATH)"
+          IMAGES="$(ko build --platform=$PLATFORMS --push=$PUSH --base-import-paths $IMAGES_PATH)"
           echo "images=$(echo $IMAGES | tr ' ' ',')" >> $GITHUB_OUTPUT
       - name: sign images and attest SBOM
         id: sign-images-and-attest-sbom

.github/workflows/reusable-markdown-lint.yml

@@ -49,5 +49,5 @@ jobs:
           done
           CONFIG_FILE="$(mktemp)"
           cat <<< "$CONFIG" > "$CONFIG_FILE"
-          npm install -g markdownlint-cli@0.29.0
+          npm install -g markdownlint-cli@0.37.0
           markdownlint '**/*.md' $IGNORE -c "$CONFIG_FILE"

README.md

@@ -380,6 +380,53 @@ jobs:
     secrets: inherit
 ```
 
+Copy an image to a different container registry:
+
+```yaml
+name: build
+
+on:
+  push: {}
+  release:
+    types: [published]
+  workflow_dispatch: {}
+
+permissions:
+  packages: write
+  id-token: write
+
+env:
+  VERSION_CRANE: v0.16.1
+
+jobs:
+  build:
+    uses: GeoNet/Actions/.github/workflows/reusable-docker-build.yml@main
+    with:
+      context: .
+      dockerfile: ./Dockerfile
+      imageName: cool
+      platforms: 'linux/amd64,linux/arm64'
+      push: ${{ github.ref == 'refs/heads/main' }}
+  copy-image-to-registry:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main
+        with:
+          version: ${{ env.VERSION_CRANE }}
+      - name: authenticate to registry
+        run: |
+          echo SOME_PASSWORD | crane auth login -u some-user --password-stdin
+      - name: copy image
+        env:
+          SOURCE: ${{ needs.build.outputs.image }}
+          DESTINATION: ghcr.io/someorg/someimage:sometag
+        run: |
+          crane cp "$SOURCE" "$DESTINATION"
+```
+
+this may be useful for things like image promotion or staging.
+
 for configuration see [`on.workflow_call.inputs` in .github/workflows/reusable-docker-build.yml](.github/workflows/reusable-docker-build.yml).
 
 #### Docker build container image signing