From a5d8a3b4e440e5cffc718c58bbf033d4a76e1034 Mon Sep 17 00:00:00 2001
From: Taylor Fausak <taylor@fausak.me>
Date: Mon, 26 Sep 2022 13:37:49 -0500
Subject: [PATCH 1/8] Switch from GitHub Actions to AWS CodeBuild

---
 .github/dependabot.yaml         |  6 -----
 .github/workflows/workflow.yaml | 39 ---------------------------------
 Dockerfile                      |  6 ++---
 buildspec.yml                   | 29 ++++++++++++++++++++++++
 4 files changed, 32 insertions(+), 48 deletions(-)
 delete mode 100644 .github/dependabot.yaml
 delete mode 100644 .github/workflows/workflow.yaml
 create mode 100644 buildspec.yml

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
deleted file mode 100644
index 253bcb7..0000000
--- a/.github/dependabot.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: daily
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
deleted file mode 100644
index c5c0d31..0000000
--- a/.github/workflows/workflow.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-name: Workflow
-on: push
-jobs:
-  docker:
-    strategy:
-      matrix:
-        include:
-          - { ghc: 9.0.2 }
-          - { ghc: 9.2.4 }
-          - { ghc: 9.4.2 }
-    name: Docker with GHC ${{ matrix.ghc }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ghcr.io/${{ github.repository }}
-          flavor: latest=false
-          tags: |
-            type=sha,format=long,prefix=${{ matrix.ghc }}-
-            type=raw,value=${{ matrix.ghc }},enable={{ is_default_branch }}
-      - uses: docker/login-action@v2
-        with:
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io
-          username: ${{ github.actor }}
-      - uses: docker/build-push-action@v3
-        with:
-          build-args: |
-            GHC_VERSION=${{ matrix.ghc }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
diff --git a/Dockerfile b/Dockerfile
index c75dd58..7c75dd0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-ARG DEBIAN_VERSION=11.4
+ARG DEBIAN_VERSION=11.5
 FROM "debian:$DEBIAN_VERSION-slim"
 
 # Install dependencies.
@@ -47,7 +47,7 @@ ARG GHCUP_VERSION=0.1.18.0
 RUN \
   set -o errexit -o xtrace; \
   if test -n "$GHCUP_VERSION"; then \
-  curl --output ~/.ghcup/bin/ghcup "https://downloads.haskell.org/~ghcup/$GHCUP_VERSION/$( uname --machine )-linux-ghcup-$GHCUP_VERSION"; \
+  curl --output ~/.ghcup/bin/ghcup "https://downloads.haskell.org/ghcup/$GHCUP_VERSION/$( uname --machine )-linux-ghcup-$GHCUP_VERSION"; \
   chmod --verbose +x ~/.ghcup/bin/ghcup; \
   ghcup --version; \
   fi
@@ -75,7 +75,7 @@ RUN \
 
 # Install Stack.
 
-ARG STACK_VERSION=2.7.5
+ARG STACK_VERSION=2.9.1
 RUN \
   set -o errexit -o xtrace; \
   if test -n "$STACK_VERSION"; then \
diff --git a/buildspec.yml b/buildspec.yml
new file mode 100644
index 0000000..b35f625
--- /dev/null
+++ b/buildspec.yml
@@ -0,0 +1,29 @@
+version: 0.2
+env:
+  secrets-manager:
+    DOCKER_PASSWORD: docker-hub-read-only:DOCKER_PASSWORD
+    DOCKER_USERNAME: docker-hub-read-only:DOCKER_USERNAME
+  variables:
+    AWS_REGION: us-east-1
+    GHC_VERSION: 9.2.4
+phases:
+  build:
+    commands:
+
+      - echo "$DOCKER_PASSWORD" | docker login --username "$DOCKER_USERNAME" --password-stdin
+
+      - server=public.ecr.aws/v6m6o3k4
+
+      - aws ecr-public get-login-password --region "$AWS_REGION" | docker login --username AWS --password-stdin "$server"
+
+      - case $( uname -m ) in ( aarch64 ) arch=arm64 ;; ( x86_64 ) arch=amd64 ;; ( * ) exit 1 ;; esac
+
+      - echo "$arch"
+
+      - tag="$server/haskell:$GHC_VERSION-$CODEBUILD_RESOLVED_SOURCE_VERSION-$arch"
+
+      - echo "$tag"
+
+      - docker build --build-arg GHC_VERSION="$GHC_VERSION" --tag "$tag" .
+
+      - docker push "$tag"

From 4641677e5ec103201c1a4c68a176161ac8c5cb5f Mon Sep 17 00:00:00 2001
From: Taylor Fausak <taylor@fausak.me>
Date: Mon, 26 Sep 2022 13:59:36 -0500
Subject: [PATCH 2/8] Trigger CodeBuild from Actions

---
 .github/dependabot.yaml         |  6 ++++++
 .github/workflows/workflow.yaml | 29 +++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 .github/dependabot.yaml
 create mode 100644 .github/workflows/workflow.yaml

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 0000000..253bcb7
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
new file mode 100644
index 0000000..038644a
--- /dev/null
+++ b/.github/workflows/workflow.yaml
@@ -0,0 +1,29 @@
+name: Workflow
+on: push
+jobs:
+  docker:
+    strategy:
+      matrix:
+        image:
+          - aws/codebuild/amazonlinux2-aarch64-standard:2.0
+          - aws/codebuild/amazonlinux2-x86_64-standard:4.0
+        ghc:
+          - 9.0.2
+          - 9.2.4
+          - 9.4.2
+    name: Docker with GHC ${{ matrix.ghc }}
+    runs-on: ubuntu-latest
+    steps:
+
+      - uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+      - uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: docker-haskell
+          image-override: ${{ matrix.image }}
+        env:
+          GHC_VERSION: ${{ matrix.ghc }}

From c0d0a9c437737d818d56feba9678b15592e2f0ff Mon Sep 17 00:00:00 2001
From: Taylor Fausak <taylor@fausak.me>
Date: Mon, 26 Sep 2022 14:22:33 -0500
Subject: [PATCH 3/8] Try to fix environment type

---
 .github/workflows/workflow.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index 038644a..e7ae6a9 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -4,13 +4,13 @@ jobs:
   docker:
     strategy:
       matrix:
-        image:
-          - aws/codebuild/amazonlinux2-aarch64-standard:2.0
-          - aws/codebuild/amazonlinux2-x86_64-standard:4.0
         ghc:
           - 9.0.2
           - 9.2.4
           - 9.4.2
+        include:
+          - { environment: ARM_CONTAINER, image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 }
+          - { environment: LINUX_CONTAINER, image: aws/codebuild/amazonlinux2-x86_64-standard:4.0 }
     name: Docker with GHC ${{ matrix.ghc }}
     runs-on: ubuntu-latest
     steps:
@@ -24,6 +24,8 @@ jobs:
       - uses: aws-actions/aws-codebuild-run-build@v1
         with:
           project-name: docker-haskell
+          environment-type-override: ${{ matrix.environment }}
           image-override: ${{ matrix.image }}
+          env-vars-for-codebuild: GHC_VERSION
         env:
           GHC_VERSION: ${{ matrix.ghc }}

From 046141fc4be170f459a2647d29d0feb53134a1d2 Mon Sep 17 00:00:00 2001
From: Taylor Fausak <taylor@fausak.me>
Date: Mon, 26 Sep 2022 14:23:20 -0500
Subject: [PATCH 4/8] Fix YAML syntax

---
 .github/workflows/workflow.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index e7ae6a9..f6971c7 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -9,8 +9,10 @@ jobs:
           - 9.2.4
           - 9.4.2
         include:
-          - { environment: ARM_CONTAINER, image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 }
-          - { environment: LINUX_CONTAINER, image: aws/codebuild/amazonlinux2-x86_64-standard:4.0 }
+          - environment: ARM_CONTAINER
+            image: 'aws/codebuild/amazonlinux2-aarch64-standard:2.0'
+          - environment: LINUX_CONTAINER
+            image: 'aws/codebuild/amazonlinux2-x86_64-standard:4.0'
     name: Docker with GHC ${{ matrix.ghc }}
     runs-on: ubuntu-latest
     steps:

From eb228ee187737e82f9162691f21d1a3bf9a6265e Mon Sep 17 00:00:00 2001
From: Taylor Fausak <taylor@fausak.me>
Date: Mon, 26 Sep 2022 14:25:05 -0500
Subject: [PATCH 5/8] Make job name more unique

---
 .github/workflows/workflow.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index f6971c7..f64b5dd 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -13,7 +13,7 @@ jobs:
             image: 'aws/codebuild/amazonlinux2-aarch64-standard:2.0'
           - environment: LINUX_CONTAINER
             image: 'aws/codebuild/amazonlinux2-x86_64-standard:4.0'
-    name: Docker with GHC ${{ matrix.ghc }}
+    name: Docker with GHC ${{ matrix.ghc }} in ${{ environment }}
     runs-on: ubuntu-latest
     steps:
 

From d15cad8a92f153760c2c7a99ef957d8306169ef7 Mon Sep 17 00:00:00 2001
From: Taylor Fausak <taylor@fausak.me>
Date: Mon, 26 Sep 2022 14:25:31 -0500
Subject: [PATCH 6/8] Fix typo

---
 .github/workflows/workflow.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index f64b5dd..99332e9 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -13,7 +13,7 @@ jobs:
             image: 'aws/codebuild/amazonlinux2-aarch64-standard:2.0'
           - environment: LINUX_CONTAINER
             image: 'aws/codebuild/amazonlinux2-x86_64-standard:4.0'
-    name: Docker with GHC ${{ matrix.ghc }} in ${{ environment }}
+    name: Docker with GHC ${{ matrix.ghc }} in ${{ matrix.environment }}
     runs-on: ubuntu-latest
     steps:
 

From e8082a96308a96327409ba789ac58d66f7f288d0 Mon Sep 17 00:00:00 2001
From: Taylor Fausak <taylor@fausak.me>
Date: Mon, 26 Sep 2022 15:12:38 -0500
Subject: [PATCH 7/8] Use separate build projects per architecture

---
 .github/workflows/workflow.yaml | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index 99332e9..04fc61f 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -4,16 +4,13 @@ jobs:
   docker:
     strategy:
       matrix:
+        arch:
+          - amd64
+          - arm64
         ghc:
           - 9.0.2
           - 9.2.4
           - 9.4.2
-        include:
-          - environment: ARM_CONTAINER
-            image: 'aws/codebuild/amazonlinux2-aarch64-standard:2.0'
-          - environment: LINUX_CONTAINER
-            image: 'aws/codebuild/amazonlinux2-x86_64-standard:4.0'
-    name: Docker with GHC ${{ matrix.ghc }} in ${{ matrix.environment }}
     runs-on: ubuntu-latest
     steps:
 
@@ -25,9 +22,7 @@ jobs:
 
       - uses: aws-actions/aws-codebuild-run-build@v1
         with:
-          project-name: docker-haskell
-          environment-type-override: ${{ matrix.environment }}
-          image-override: ${{ matrix.image }}
+          project-name: docker-haskell-${{ matrix.arch }}
           env-vars-for-codebuild: GHC_VERSION
         env:
           GHC_VERSION: ${{ matrix.ghc }}

From ecf08584ca4e459b567721c3a98b5515400d4443 Mon Sep 17 00:00:00 2001
From: Taylor Fausak <taylor@fausak.me>
Date: Mon, 26 Sep 2022 15:31:28 -0500
Subject: [PATCH 8/8] Create multiplatform manifest

---
 .github/workflows/workflow.yaml | 28 +++++++++++++++++++++++++++-
 buildspec.yml => aws/image.yaml |  0
 aws/manifest.yaml               | 20 ++++++++++++++++++++
 3 files changed, 47 insertions(+), 1 deletion(-)
 rename buildspec.yml => aws/image.yaml (100%)
 create mode 100644 aws/manifest.yaml

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index 04fc61f..9e2fdc0 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -1,7 +1,7 @@
 name: Workflow
 on: push
 jobs:
-  docker:
+  image:
     strategy:
       matrix:
         arch:
@@ -23,6 +23,32 @@ jobs:
       - uses: aws-actions/aws-codebuild-run-build@v1
         with:
           project-name: docker-haskell-${{ matrix.arch }}
+          buildspec-override: aws/image.yaml
+          env-vars-for-codebuild: GHC_VERSION
+        env:
+          GHC_VERSION: ${{ matrix.ghc }}
+
+  manifest:
+    needs: image
+    strategy:
+      matrix:
+        ghc:
+          - 9.0.2
+          - 9.2.4
+          - 9.4.2
+    runs-on: ubuntu-latest
+    steps:
+
+      - uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+      - uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: docker-haskell-amd64
+          buildspec-override: aws/manifest.yaml
           env-vars-for-codebuild: GHC_VERSION
         env:
           GHC_VERSION: ${{ matrix.ghc }}
diff --git a/buildspec.yml b/aws/image.yaml
similarity index 100%
rename from buildspec.yml
rename to aws/image.yaml
diff --git a/aws/manifest.yaml b/aws/manifest.yaml
new file mode 100644
index 0000000..770c8ad
--- /dev/null
+++ b/aws/manifest.yaml
@@ -0,0 +1,20 @@
+version: 0.2
+env:
+  variables:
+    AWS_REGION: us-east-1
+    GHC_VERSION: 9.2.4
+phases:
+  build:
+    commands:
+
+      - server=public.ecr.aws/v6m6o3k4
+
+      - aws ecr-public get-login-password --region "$AWS_REGION" | docker login --username AWS --password-stdin "$server"
+
+      - tag="$server/haskell:$GHC_VERSION-$CODEBUILD_RESOLVED_SOURCE_VERSION"
+
+      - echo "$tag"
+
+      - docker manifest create "$tag" "$tag-amd64" "$tag-arm64"
+
+      - docker manifest push "$tag"