feat(ci): add merge step to CI pipeline

- this verifies that merging actually works before doing publish
- can be later used for proper merge as described in WeblateOrg#2589

.github/workflows/bleeding.yml

@@ -676,6 +676,44 @@ jobs:
         name: Trivy scan SARIF
         path: trivy-results.sarif
 
+  merge:
+    runs-on: ubuntu-22.04
+    name: Merge images
+    needs:
+    - build
+    - buildx
+    - bleeding
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Set up QEMU
+      uses: docker/[email protected]
+      with:
+        platforms: all
+    - name: Set up Docker Buildx
+      uses: docker/[email protected]
+      with:
+        # renovate: datasource=github-releases depName=docker/buildx
+        version: v0.16.2
+    - name: Cache Docker layers
+      uses: actions/cache@v4
+      id: cache-arm64
+      with:
+        path: /tmp/.buildx-cache/linux/arm64
+        key: ${{ runner.os }}-bleeding-${{ github.run_id }}-linux/arm64
+    - name: Cache Docker layers
+      uses: actions/cache@v4
+      id: cache-amd64
+      with:
+        path: /tmp/.buildx-cache/linux/amd64
+        key: ${{ runner.os }}-bleeding-${{ github.run_id }}-linux/amd64
+    - name: Adjust bleeding edge image
+      run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}}  ${{needs.bleeding.outputs.weblate_date}}
+    - name: Configure Docker build
+      run: .github/bin/get-buildx-args
+    - name: Merge the Docker images
+      run: .github/bin/docker-build
+
   push_dockerhub:
     runs-on: ubuntu-22.04
     name: Publish to Docker Hub, stable
@@ -688,6 +726,7 @@ jobs:
     - buildx
     - anchore
     - trivy
+    - merge
     - bleeding
     if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }}
     steps:
@@ -737,6 +776,7 @@ jobs:
     - buildx
     - anchore
     - trivy
+    - merge
     - bleeding
     if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }}
     env:

.github/workflows/dockerimage.yml

@@ -705,6 +705,41 @@ jobs:
         name: Trivy scan SARIF
         path: trivy-results.sarif
 
+  merge:
+    runs-on: ubuntu-22.04
+    name: Merge images
+    needs:
+    - build
+    - buildx
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Set up QEMU
+      uses: docker/[email protected]
+      with:
+        platforms: all
+    - name: Set up Docker Buildx
+      uses: docker/[email protected]
+      with:
+        # renovate: datasource=github-releases depName=docker/buildx
+        version: v0.16.2
+    - name: Cache Docker layers
+      uses: actions/cache@v4
+      id: cache-arm64
+      with:
+        path: /tmp/.buildx-cache/linux/arm64
+        key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm64
+    - name: Cache Docker layers
+      uses: actions/cache@v4
+      id: cache-amd64
+      with:
+        path: /tmp/.buildx-cache/linux/amd64
+        key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/amd64
+    - name: Configure Docker build
+      run: .github/bin/get-buildx-args
+    - name: Merge the Docker images
+      run: .github/bin/docker-build
+
   push_dockerhub:
     runs-on: ubuntu-22.04
     name: Publish to Docker Hub, stable
@@ -717,6 +752,7 @@ jobs:
     - buildx
     - anchore
     - trivy
+    - merge
     if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }}
     steps:
     - name: Checkout
@@ -763,6 +799,7 @@ jobs:
     - buildx
     - anchore
     - trivy
+    - merge
     if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }}
     env:
       DOCKER_IMAGE: ghcr.io/weblateorg/weblate