From 09dc70e603159aff46053e4366dea80ae0bc1814 Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Fri, 6 Dec 2024 13:43:24 +0200
Subject: [PATCH 01/17] adding the build.sh script for multi arch

---
 buildpack.toml   |  21 +++++++++-
 scripts/build.sh | 105 +++++++++++++++++++++++++++++++----------------
 2 files changed, 90 insertions(+), 36 deletions(-)

diff --git a/buildpack.toml b/buildpack.toml
index 9f9d8dcb..dcc8416c 100644
--- a/buildpack.toml
+++ b/buildpack.toml
@@ -11,7 +11,18 @@ api = "0.7"
     uri = "https://github.com/paketo-buildpacks/npm-install/blob/main/LICENSE"
 
 [metadata]
-  include-files = ["bin/build", "bin/detect", "bin/run", "bin/setup-symlinks", "buildpack.toml"]
+  include-files = [
+    "buildpack.toml",
+    "linux/amd64/bin/build",
+    "linux/amd64/bin/detect",
+    "linux/amd64/bin/run",
+    "linux/amd64/bin/setup-symlinks",
+    "linux/arm64/bin/build",
+    "linux/arm64/bin/detect",
+    "linux/arm64/bin/run",
+    "linux/arm64/bin/setup-symlinks"
+  ]
+
   pre-package = "./scripts/build.sh"
 
   [[metadata.configurations]]
@@ -53,3 +64,11 @@ api = "0.7"
 
 [[stacks]]
   id = "*"
+
+[[targets]]
+  os = "linux"
+  arch = "amd64"
+
+[[targets]]
+  os = "linux"
+  arch = "arm64"
diff --git a/scripts/build.sh b/scripts/build.sh
index c6e1413e..11ab80b4 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -3,10 +3,15 @@
 set -eu
 set -o pipefail
 
+readonly ROOT_DIR="$(cd "$(dirname "${0}")/.." && pwd)"
 readonly PROGDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 readonly BUILDPACKDIR="$(cd "${PROGDIR}/.." && pwd)"
 
+# shellcheck source=SCRIPTDIR/.util/print.sh
+source "${ROOT_DIR}/scripts/.util/print.sh"
+
 function main() {
+  local targets=()
   while [[ "${#}" != 0 ]]; do
     case "${1}" in
       --help|-h)
@@ -15,6 +20,11 @@ function main() {
         exit 0
         ;;
 
+      --target)
+        targets+=("${2}")
+        shift 2
+        ;;
+
       "")
         # skip if the argument is empty
         shift 1
@@ -27,8 +37,18 @@ function main() {
 
   mkdir -p "${BUILDPACKDIR}/bin"
 
+  if [[ ${#targets[@]} -eq 0 ]]; then
+    targets=("linux/amd64")
+    util::print::info "Setting default target platform architecture to: linux/amd64"
+  fi
+
   run::build
   cmd::build
+
+  ## For backwards compatibility with amd64 wokflows
+  if [[ ${#targets[@]} -eq 1 && "${targets[0]}" == "linux/amd64" ]]; then
+    cp -r "${BUILDPACKDIR}/linux/amd64/bin/" "${BUILDPACKDIR}/"
+  fi
 }
 
 function usage() {
@@ -38,39 +58,49 @@ build.sh [OPTIONS]
 Builds the buildpack executables.
 
 OPTIONS
-  --help  -h  prints the command usage
+  --target strings  Target platforms to build for.
+                    Targets should be in the format '[os][/arch][/variant]'.
+                      - To specify two different architectures: '--target "linux/amd64" --target "linux/arm64"'
+  --help  -h        prints the command usage
 USAGE
 }
 
 function run::build() {
   if [[ -f "${BUILDPACKDIR}/run/main.go" ]]; then
-    pushd "${BUILDPACKDIR}/bin" > /dev/null || return
-      printf "%s" "Building run... "
+    pushd "${BUILDPACKDIR}" > /dev/null || return
+      for target in "${targets[@]}"; do
+        platform=$(echo "${target}" | cut -d '/' -f1)
+        arch=$(echo "${target}" | cut -d'/' -f2)
 
-      GOOS=linux \
-      CGO_ENABLED=0 \
-        go build \
-          -ldflags="-s -w" \
-          -o "run" \
-            "${BUILDPACKDIR}/run"
+        util::print::title "Building run... for platform: ${platform} and arch: ${arch}"
 
-      echo "Success!"
+        GOOS=$platform \
+        GOARCH=$arch \
+        CGO_ENABLED=0 \
+          go build \
+            -ldflags="-s -w" \
+            -o "${platform}/${arch}/bin/run" \
+              "${BUILDPACKDIR}/run"
 
-      names=("detect")
+          echo "Success!"
 
-      if [ -f "${BUILDPACKDIR}/extension.toml" ]; then
-        names+=("generate")
-      else
-        names+=("build")
-      fi
+          names=("detect")
 
-      for name in "${names[@]}"; do
-        printf "%s" "Linking ${name}... "
+          if [ -f "${BUILDPACKDIR}/extension.toml" ]; then
+            names+=("generate")
+          else
+            names+=("build")
+          fi
 
-        ln -sf "run" "${name}"
+        for name in "${names[@]}"; do
+          printf "%s" "Linking ${name}... "
 
-        echo "Success!"
+          ln -fs "run" "${platform}/${arch}/bin/${name}"
+
+          echo "Success!"
+        done
       done
+
     popd > /dev/null || return
   fi
 }
@@ -80,21 +110,26 @@ function cmd::build() {
     local name
     for src in "${BUILDPACKDIR}"/cmd/*; do
       name="$(basename "${src}")"
-
-      if [[ -f "${src}/main.go" ]]; then
-        printf "%s" "Building ${name}... "
-
-        GOOS="linux" \
-        CGO_ENABLED=0 \
-          go build \
-            -ldflags="-s -w" \
-            -o "${BUILDPACKDIR}/bin/${name}" \
-              "${src}/main.go"
-
-        echo "Success!"
-      else
-        printf "%s" "Skipping ${name}... "
-      fi
+      for target in "${targets[@]}"; do
+        platform=$(echo "${target}" | cut -d '/' -f1)
+        arch=$(echo "${target}" | cut -d'/' -f2)
+
+        if [[ -f "${src}/main.go" ]]; then
+          util::print::title "Building ${name}... for platform: ${platform} and arch: ${arch}"
+
+          GOOS=$platform \
+          GOARCH=$arch \
+          CGO_ENABLED=0 \
+            go build \
+              -ldflags="-s -w" \
+              -o "${BUILDPACKDIR}/${platform}/${arch}/bin/${name}" \
+                "${src}/main.go"
+
+          echo "Success!"
+        else
+          printf "%s" "Skipping ${name}... "
+        fi
+      done
     done
   fi
 }

From 6892b4f563b48f326085ceb4f12360d494afcd2e Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Fri, 6 Dec 2024 13:43:41 +0200
Subject: [PATCH 02/17] adding the package.sh script multiarch

---
 scripts/.syncignore | 2 ++
 scripts/package.sh  | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/scripts/.syncignore b/scripts/.syncignore
index ac5fd814..808fb583 100644
--- a/scripts/.syncignore
+++ b/scripts/.syncignore
@@ -1 +1,3 @@
 options.json
+build.sh
+package.sh
\ No newline at end of file
diff --git a/scripts/package.sh b/scripts/package.sh
index 916363eb..8ea721a6 100755
--- a/scripts/package.sh
+++ b/scripts/package.sh
@@ -159,10 +159,15 @@ function buildpackage::create() {
 
     cd $cwd
   else
+    mkdir ${BUILD_DIR}/cnbdir
+    tar -xvf ${BUILD_DIR}/buildpack.tgz -C ${BUILD_DIR}/cnbdir
+
     pack \
       buildpack package "${output}" \
-        --path "${BUILD_DIR}/buildpack.tgz" \
+        --path ${BUILD_DIR}/cnbdir \
         --format file
+
+    rm -rf ${BUILD_DIR}/cnbdir
   fi
 }
 

From 60aafd4993b616f50aab600d2186bb49f557f628 Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Fri, 6 Dec 2024 13:43:59 +0200
Subject: [PATCH 03/17] adding to gitignore output binary files

---
 .gitignore | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 34be9d81..a7bf348f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,9 @@
 !integration/testdata
-
 .DS_Store
 .idea
 /.bin
 /build
+bin/
+linux/
+darwin/
+windows/
\ No newline at end of file

From aeacc88fa80fd536faeac592ee0b588fc14bb276 Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Fri, 6 Dec 2024 15:35:37 +0200
Subject: [PATCH 04/17] upgrading occam to v0.20.0

---
 go.mod | 18 +++++++++---------
 go.sum | 48 ++++++++++++++++++++++++++----------------------
 2 files changed, 35 insertions(+), 31 deletions(-)

diff --git a/go.mod b/go.mod
index 1040812a..ef7699ab 100644
--- a/go.mod
+++ b/go.mod
@@ -4,10 +4,10 @@ go 1.23.4
 
 require (
 	github.com/BurntSushi/toml v1.4.0
-	github.com/onsi/gomega v1.34.1
+	github.com/onsi/gomega v1.36.0
 	github.com/paketo-buildpacks/libnodejs v0.3.0
-	github.com/paketo-buildpacks/occam v0.18.7
-	github.com/paketo-buildpacks/packit/v2 v2.14.2
+	github.com/paketo-buildpacks/occam v0.20.0
+	github.com/paketo-buildpacks/packit/v2 v2.16.0
 	github.com/sclevine/spec v1.4.0
 )
 
@@ -57,7 +57,7 @@ require (
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/facebookincubator/nvdtools v0.1.5 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.5 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-git/go-git/v5 v5.12.0 // indirect
@@ -139,17 +139,17 @@ require (
 	go.opentelemetry.io/otel v1.28.0 // indirect
 	go.opentelemetry.io/otel/metric v1.28.0 // indirect
 	go.opentelemetry.io/otel/trace v1.28.0 // indirect
-	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
 	golang.org/x/mod v0.20.0 // indirect
-	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.23.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect
 	google.golang.org/grpc v1.65.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 10fe0f16..47d4912b 100644
--- a/go.sum
+++ b/go.sum
@@ -1493,8 +1493,8 @@ github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrt
 github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
 github.com/gabriel-vasile/mimetype v1.4.0/go.mod h1:fA8fi6KUiG7MgQQ+mEWotXoEOvmxRtOJlERCzSmRvr8=
 github.com/gabriel-vasile/mimetype v1.4.1/go.mod h1:05Vi0w3Y9c/lNvJOdmIwvrrAhX3rYhfQQCaf9VJcv7M=
-github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4=
-github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4=
+github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc=
+github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc=
 github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
@@ -1869,8 +1869,9 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
-github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA=
+github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg=
 github.com/google/rpmpack v0.0.0-20210518075352-dc539ef4f2ea/go.mod h1:+y9lKiqDhR4zkLl+V9h4q0rdyrYVsWWm6LLCQP33DIk=
@@ -2546,8 +2547,9 @@ github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
 github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
-github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
 github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
+github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo=
+github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
 github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -2581,8 +2583,9 @@ github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3ev
 github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
 github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY=
 github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
-github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
 github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
+github.com/onsi/gomega v1.36.0 h1:Pb12RlruUtj4XUuPUqeEWc6j5DkVVVA49Uf6YLfC95Y=
+github.com/onsi/gomega v1.36.0/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/open-policy-agent/opa v0.42.2/go.mod h1:MrmoTi/BsKWT58kXlVayBb+rYVeaMwuBm3nYAN3923s=
 github.com/open-policy-agent/opa v0.44.0/go.mod h1:YpJaFIk5pq89n/k72c1lVvfvR5uopdJft2tMg1CW/yU=
@@ -2648,11 +2651,11 @@ github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH
 github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
 github.com/paketo-buildpacks/libnodejs v0.3.0 h1:vh2fDuUt/XPPy0ENY3mmRHlb127wVD8d782liVKa9WM=
 github.com/paketo-buildpacks/libnodejs v0.3.0/go.mod h1:V8bTCbjjpthcdrDK2g2KL7c0mHQeZJAfN+hQtPpmGuQ=
-github.com/paketo-buildpacks/occam v0.18.7 h1:L5tl/JnzhSKecJ78ggR4SBz9AHqoVKCBJ0EoT8t6y84=
-github.com/paketo-buildpacks/occam v0.18.7/go.mod h1:6V8muvg0TfB/7VKKio65DRC4PZXVDmBCtUjaPoDUCV8=
+github.com/paketo-buildpacks/occam v0.20.0 h1:R9lFiYBy8xVJLa09+3GV2R9jtPB/4yi4CcscqFTCgAA=
+github.com/paketo-buildpacks/occam v0.20.0/go.mod h1:PyG1KPqnnLweufXS1yGPcAKccUs3oqPFZUjIFO9FOZ0=
 github.com/paketo-buildpacks/packit/v2 v2.6.1/go.mod h1:iBArWOfC5xZQF01o+zwnVKS+/hUBuFG+O1jCvzqBujs=
-github.com/paketo-buildpacks/packit/v2 v2.14.2 h1:4+c9xERJYvww2PvE5niRFa0aMJv4NfA8D1zdcEPIVwo=
-github.com/paketo-buildpacks/packit/v2 v2.14.2/go.mod h1:phcMhuAR4alR4bd3EewJsfBQLhftz8DDn54K1gT/zqk=
+github.com/paketo-buildpacks/packit/v2 v2.16.0 h1:zy5sszT/awIgpT4NioQolai/0H3ANIXlGW9wCbmwzrQ=
+github.com/paketo-buildpacks/packit/v2 v2.16.0/go.mod h1:LchgmOIDCXSDovrpoyP1J/yQEJq0Ely/vGCdiTp0vtA=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
@@ -3482,8 +3485,8 @@ golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOM
 golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -3682,8 +3685,8 @@ golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -3941,8 +3944,8 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
-golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -3970,8 +3973,8 @@ golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -3995,8 +3998,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -4167,8 +4170,9 @@ golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps
 golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
 golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
 golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
+golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -4528,8 +4532,8 @@ google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/alexcesaro/statsd.v2 v2.0.0/go.mod h1:i0ubccKGzBVNBpdGV5MocxyA/XlLUJzA7SLonnE4drU=

From aa3d70f7dd41df0e305e5f0adfebce894828566e Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Thu, 12 Dec 2024 12:36:07 +0200
Subject: [PATCH 05/17] adding multi-arch buildpack.toml

---
 buildpack.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildpack.toml b/buildpack.toml
index dcc8416c..48085366 100644
--- a/buildpack.toml
+++ b/buildpack.toml
@@ -23,7 +23,7 @@ api = "0.7"
     "linux/arm64/bin/setup-symlinks"
   ]
 
-  pre-package = "./scripts/build.sh"
+  pre-package = "./scripts/build.sh --target linux/amd64 --target linux/arm64"
 
   [[metadata.configurations]]
     name = "BP_DISABLE_SBOM"

From d4f102660794b311c8f26f73cc27a99ab8107346 Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Thu, 12 Dec 2024 12:36:27 +0200
Subject: [PATCH 06/17] multi-arch support for create-draft-release workflow

---
 .github/workflows/create-draft-release.yml | 62 +++++++++++++++++-----
 1 file changed, 49 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/create-draft-release.yml b/.github/workflows/create-draft-release.yml
index acc723ec..b6ad6f4d 100644
--- a/.github/workflows/create-draft-release.yml
+++ b/.github/workflows/create-draft-release.yml
@@ -110,6 +110,16 @@ jobs:
           echo "buildpack_type=buildpack" >> "$GITHUB_OUTPUT"
         fi
 
+    - name: Get buildpack path
+      id: get_buildpack_path
+      run: |
+
+        if [ -f "build/buildpackage.cnb" ]; then
+          echo "path=build/buildpackage.cnb" >> "$GITHUB_OUTPUT"
+        else
+          echo "path=build/buildpackage-linux-amd64.cnb" >> "$GITHUB_OUTPUT"
+        fi
+
     - name: Create Release Notes
       id: create-release-notes
       uses: paketo-buildpacks/github-config/actions/release/notes@main
@@ -117,6 +127,44 @@ jobs:
         repo: ${{ github.repository }}
         token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
         buildpack_type: ${{ steps.get_buildpack_type.outputs.buildpack_type }}
+        buildpackage_path: ${{ steps.get_buildpack_path.outputs.path }}
+
+    - name: Create release assets
+      id: create_release_assets
+      run: |
+        release_assets=$(jq -n --arg repo_name "${{ github.event.repository.name }}" --arg tag "${{ steps.tag.outputs.tag }}" '
+        [
+          {
+            "path": "build/buildpack.tgz",
+            "name": ($repo_name + "-" + $tag + ".tgz"),
+            "content_type": "application/gzip"
+          }
+        ]')
+
+        for filepath in build/*.cnb; do
+          filename=$(basename "$filepath")
+          asset_name=""
+          if [[ "$filename" == "buildpackage-linux-amd64.cnb" ]]; then
+            asset_name="${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.cnb"
+          elif [[ "$filename" == "buildpackage.cnb" ]]; then
+            asset_name="${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.cnb"
+          else
+            formatted_filename="${filename#buildpackage-}"
+            asset_name="${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}-${formatted_filename}"
+          fi
+
+          release_assets=$(echo "$release_assets" | jq --arg asset_name "${asset_name}" --arg filepath "$filepath" '
+          . + [
+            {
+              "path": $filepath,
+              "name": $asset_name,
+              "content_type": "application/gzip"
+            }
+          ]')
+        done
+
+        release_assets=$(jq -c <<< "$release_assets" )
+        printf "release_assets=%s\n" "${release_assets}" >> "$GITHUB_OUTPUT"
 
     - name: Create Release
       uses: paketo-buildpacks/github-config/actions/release/create@main
@@ -128,19 +176,7 @@ jobs:
         name: v${{ steps.tag.outputs.tag }}
         body: ${{ steps.create-release-notes.outputs.release_body }}
         draft: true
-        assets: |
-          [
-            {
-              "path": "build/buildpack.tgz",
-              "name": "${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.tgz",
-              "content_type": "application/gzip"
-            },
-            {
-              "path": "build/buildpackage.cnb",
-              "name": "${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.cnb",
-              "content_type": "application/gzip"
-            }
-          ]
+        assets: ${{ steps.create_release_assets.outputs.release_assets }}
 
   failure:
     name: Alert on Failure

From 97ab6bb64b0e19ba2978228d7dc659374134596d Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Fri, 13 Dec 2024 14:25:06 +0200
Subject: [PATCH 07/17] adding publish script to publish multi arch images

---
 .github/.syncignore |   1 +
 scripts/publish.sh  | 131 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 132 insertions(+)
 create mode 100755 scripts/publish.sh

diff --git a/.github/.syncignore b/.github/.syncignore
index 4b724c29..0d39fac5 100644
--- a/.github/.syncignore
+++ b/.github/.syncignore
@@ -1,2 +1,3 @@
 CODEOWNERS
 workflows/update-dependencies-from-metadata.yml
+scripts/publish.sh
diff --git a/scripts/publish.sh b/scripts/publish.sh
new file mode 100755
index 00000000..cca0be0e
--- /dev/null
+++ b/scripts/publish.sh
@@ -0,0 +1,131 @@
+#!/usr/bin/env bash
+
+set -eu
+set -o pipefail
+
+readonly ROOT_DIR="$(cd "$(dirname "${0}")/.." && pwd)"
+readonly BIN_DIR="${ROOT_DIR}/.bin"
+readonly BUILD_DIR="${ROOT_DIR}/build"
+
+# shellcheck source=SCRIPTDIR/.util/tools.sh
+source "${ROOT_DIR}/scripts/.util/tools.sh"
+
+# shellcheck source=SCRIPTDIR/.util/print.sh
+source "${ROOT_DIR}/scripts/.util/print.sh"
+
+function main {
+  local buildpack_archive image_ref token
+  token=""
+
+  while [[ "${#}" != 0 ]]; do
+    case "${1}" in
+    --buildpack-archive | -b)
+      buildpack_archive="${2}"
+      shift 2
+      ;;
+
+    --image-ref | -i)
+      image_ref+=("${2}")
+      shift 2
+      ;;
+
+    --token | -t)
+      token="${2}"
+      shift 2
+      ;;
+
+    --help | -h)
+      shift 1
+      usage
+      exit 0
+      ;;
+
+    "")
+      # skip if the argument is empty
+      shift 1
+      ;;
+
+    *)
+      util::print::error "unknown argument \"${1}\""
+      ;;
+    esac
+  done
+
+  if [[ -z "${image_ref:-}" ]]; then
+    usage
+    echo
+    util::print::error "--image-ref is required"
+  fi
+
+  if [[ -z "${buildpack_archive:-}" ]]; then
+    util::print::info "Using default buildpack archive path: ${BUILD_DIR}/buildpack.tgz"
+    buildpack_archive="${BUILD_DIR}/buildpack.tgz"
+  fi
+
+  repo::prepare
+
+  tools::install "${token}"
+
+  buildpack_type=buildpack
+  if [ -f "${ROOT_DIR}/extension.toml" ]; then
+    buildpack_type=extension
+  fi
+
+  buildpack::publish "${image_ref}" "${buildpack_type}"
+}
+
+function usage() {
+  cat <<-USAGE
+package.sh --version <version> [OPTIONS]
+
+Packages a buildpack or an extension into a buildpackage .cnb file.
+
+OPTIONS
+  -h, --help                          Prints the command usage
+  -b, --buildpack-archive <filepath>  Path to the buildpack arhive (default: ${BUILD_DIR}/buildpack.tgz) (optional)
+  -i, --image-ref <ref>               List of image reference to publish to (required)
+  -t, --token <token>                 Token used to download assets from GitHub (e.g. jam, pack, etc) (optional)
+USAGE
+}
+
+function repo::prepare() {
+  util::print::title "Preparing repo..."
+
+  mkdir -p "${BIN_DIR}"
+  mkdir -p "${BUILD_DIR}"
+
+  export PATH="${BIN_DIR}:${PATH}"
+}
+
+function tools::install() {
+  local token
+  token="${1}"
+
+  util::tools::pack::install \
+    --directory "${BIN_DIR}" \
+    --token "${token}"
+}
+
+function buildpack::publish() {
+
+  local image_ref buildpack_type
+  image_ref="${1}"
+  buildpack_type="${2}"
+
+  util::print::title "Publishing ${buildpack_type}... ${image_ref}"
+
+  which pack
+
+  mkdir ${BUILD_DIR}/cnbdir
+  tar -xvf ${BUILD_DIR}/buildpack.tgz -C ${BUILD_DIR}/cnbdir
+
+  pack \
+    buildpack package $image_ref \
+    --path ${BUILD_DIR}/cnbdir \
+    --format image \
+    --publish
+
+  rm -rf ${BUILD_DIR}/cnbdir
+}
+
+main "${@:-}"

From df947ad85b899d7118a0796852bff425f628365b Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Fri, 13 Dec 2024 14:27:06 +0200
Subject: [PATCH 08/17] feat: changing push-buildpackage workflow to support
 multi arch

---
 .github/workflows/push-buildpackage.yml | 69 ++++++++++++++++++-------
 scripts/publish.sh                      |  3 ++
 2 files changed, 52 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/push-buildpackage.yml b/.github/workflows/push-buildpackage.yml
index 390ce277..dc28c4ef 100644
--- a/.github/workflows/push-buildpackage.yml
+++ b/.github/workflows/push-buildpackage.yml
@@ -25,16 +25,23 @@ jobs:
         echo "tag_full=${FULL_VERSION}" >> "$GITHUB_OUTPUT"
         echo "tag_minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT"
         echo "tag_major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT"
-        echo "download_url=$(jq -r '.release.assets[] | select(.name | endswith(".cnb")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT"
+        echo "download_tgz_file_url=$(jq -r '.release.assets[] | select(.name | endswith(".tgz")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT"
+        echo "download_cnb_file_url=$(jq -r --arg tag_full "$FULL_VERSION" '.release.assets[] | select(.name | endswith($tag_full + ".cnb")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT"
 
-    - name: Download
-      id: download
+    - name: Download .cnb buildpack
       uses: paketo-buildpacks/github-config/actions/release/download-asset@main
       with:
-        url: ${{ steps.event.outputs.download_url }}
+        url: ${{ steps.event.outputs.download_cnb_file_url }}
         output: "/github/workspace/buildpackage.cnb"
         token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
 
+    - name: Download .tgz buildpack
+      uses: paketo-buildpacks/github-config/actions/release/download-asset@main
+      with:
+        url: ${{ steps.event.outputs.download_tgz_file_url }}
+        output: "/github/workspace/buildpack.tgz"
+        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+
     - name: Parse Configs
       id: parse_configs
       run: |
@@ -64,16 +71,12 @@ jobs:
           exit 1
         fi
 
-    - name: Push to GCR
-      if: ${{  steps.parse_configs.outputs.push_to_gcr == 'true' }}
-      env:
-        GCR_PUSH_BOT_JSON_KEY: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
-      run: |
-        echo "${GCR_PUSH_BOT_JSON_KEY}" | sudo skopeo login --username _json_key --password-stdin gcr.io
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_full }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_major }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:latest"
+    - name: Docker login docker.io
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
+        password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
+        registry: docker.io
 
     - name: Push to DockerHub
       if: ${{  steps.parse_configs.outputs.push_to_dockerhub == 'true' }}
@@ -85,13 +88,39 @@ jobs:
       run: |
         REPOSITORY="${GITHUB_REPOSITORY_OWNER/-/}/${GITHUB_REPOSITORY#${GITHUB_REPOSITORY_OWNER}/}" # translates 'paketo-buildpacks/bundle-install' to 'paketobuildpacks/bundle-install'
         IMAGE="index.docker.io/${REPOSITORY}"
-        echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin index.docker.io
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_full }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_minor }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_major }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:latest"
+
+        ./scripts/publish.sh \
+          --buildpack-archive ./buildpack.tgz \
+          --image-ref "${IMAGE}:${{ steps.event.outputs.tag_full }}"
+
+        # echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin index.docker.io
+        sudo skopeo copy "${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${IMAGE}:${{ steps.event.outputs.tag_minor }}"
+        sudo skopeo copy "${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${IMAGE}:${{ steps.event.outputs.tag_major }}"
+        sudo skopeo copy "${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${IMAGE}:latest"
         echo "image=${IMAGE}" >> "$GITHUB_OUTPUT"
-        echo "digest=$(sudo skopeo inspect "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" | jq -r .Digest)" >> "$GITHUB_OUTPUT"
+        echo "digest=$(sudo skopeo inspect "${IMAGE}:${{ steps.event.outputs.tag_full }}" | jq -r .Digest)" >> "$GITHUB_OUTPUT"
+
+    - name: Docker login gcr.io
+      uses: docker/login-action@v3
+      env:
+        GCR_REGISTRY: "gcr.io"
+        GCR_USERNAME: "_json_key"
+      if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }}
+      with:
+        username: ${{ env.GCR_USERNAME }}
+        password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
+        registry: ${{ env.GCR_REGISTRY }}
+
+    - name: Push to GCR
+      if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }}
+      env:
+        GCR_PUSH_BOT_JSON_KEY: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
+      run: |
+        echo "${GCR_PUSH_BOT_JSON_KEY}" | sudo skopeo login --username _json_key --password-stdin gcr.io
+        sudo skopeo copy "${{ steps.push.outputs.image }}" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_full }}"
+        sudo skopeo copy "${{ steps.push.outputs.image }}" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}"
+        sudo skopeo copy "${{ steps.push.outputs.image }}" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_major }}"
+        sudo skopeo copy "${{ steps.push.outputs.image }}" "docker://gcr.io/${{ github.repository }}:latest"
 
     - name: Register with CNB Registry
       uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:main
diff --git a/scripts/publish.sh b/scripts/publish.sh
index cca0be0e..cab1f5a2 100755
--- a/scripts/publish.sh
+++ b/scripts/publish.sh
@@ -116,7 +116,9 @@ function buildpack::publish() {
 
   which pack
 
+  ## CWIP fix below path to math the buildpack archive
   mkdir ${BUILD_DIR}/cnbdir
+  cp ${buildpack_archive} ${BUILD_DIR}/buildpack.tgz
   tar -xvf ${BUILD_DIR}/buildpack.tgz -C ${BUILD_DIR}/cnbdir
 
   pack \
@@ -126,6 +128,7 @@ function buildpack::publish() {
     --publish
 
   rm -rf ${BUILD_DIR}/cnbdir
+  rm -rf ${BUILD_DIR}/buildpack.tgz
 }
 
 main "${@:-}"

From fdf187165c950bb7daa4fe947d3ae40c59586c23 Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Sat, 14 Dec 2024 14:02:39 +0200
Subject: [PATCH 09/17] fixup! adding publish script to publish multi arch
 images

---
 scripts/publish.sh | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/scripts/publish.sh b/scripts/publish.sh
index cab1f5a2..2cd01cb4 100755
--- a/scripts/publish.sh
+++ b/scripts/publish.sh
@@ -5,7 +5,6 @@ set -o pipefail
 
 readonly ROOT_DIR="$(cd "$(dirname "${0}")/.." && pwd)"
 readonly BIN_DIR="${ROOT_DIR}/.bin"
-readonly BUILD_DIR="${ROOT_DIR}/build"
 
 # shellcheck source=SCRIPTDIR/.util/tools.sh
 source "${ROOT_DIR}/scripts/.util/tools.sh"
@@ -58,8 +57,8 @@ function main {
   fi
 
   if [[ -z "${buildpack_archive:-}" ]]; then
-    util::print::info "Using default buildpack archive path: ${BUILD_DIR}/buildpack.tgz"
-    buildpack_archive="${BUILD_DIR}/buildpack.tgz"
+    util::print::info "Using default buildpack archive path: ${ROOT_DIR}/build/buildpack.tgz"
+    buildpack_archive="${ROOT_DIR}/build/buildpack.tgz"
   fi
 
   repo::prepare
@@ -82,7 +81,7 @@ Packages a buildpack or an extension into a buildpackage .cnb file.
 
 OPTIONS
   -h, --help                          Prints the command usage
-  -b, --buildpack-archive <filepath>  Path to the buildpack arhive (default: ${BUILD_DIR}/buildpack.tgz) (optional)
+  -b, --buildpack-archive <filepath>  Path to the buildpack arhive (default: ${ROOT_DIR}/build/buildpack.tgz) (optional)
   -i, --image-ref <ref>               List of image reference to publish to (required)
   -t, --token <token>                 Token used to download assets from GitHub (e.g. jam, pack, etc) (optional)
 USAGE
@@ -92,7 +91,6 @@ function repo::prepare() {
   util::print::title "Preparing repo..."
 
   mkdir -p "${BIN_DIR}"
-  mkdir -p "${BUILD_DIR}"
 
   export PATH="${BIN_DIR}:${PATH}"
 }
@@ -112,23 +110,20 @@ function buildpack::publish() {
   image_ref="${1}"
   buildpack_type="${2}"
 
-  util::print::title "Publishing ${buildpack_type}... ${image_ref}"
+  util::print::title "Publishing ${buildpack_type}..."
 
-  which pack
-
-  ## CWIP fix below path to math the buildpack archive
-  mkdir ${BUILD_DIR}/cnbdir
-  cp ${buildpack_archive} ${BUILD_DIR}/buildpack.tgz
-  tar -xvf ${BUILD_DIR}/buildpack.tgz -C ${BUILD_DIR}/cnbdir
+  util::print::info "Extracting archive..."
+  tmp_dir=$(mktemp -d -p $ROOT_DIR)
+  tar -xvf $buildpack_archive -C $tmp_dir
 
+  util::print::info "Publishing ${buildpack_type} to ${image_ref}"
   pack \
     buildpack package $image_ref \
-    --path ${BUILD_DIR}/cnbdir \
+    --path $tmp_dir \
     --format image \
     --publish
 
-  rm -rf ${BUILD_DIR}/cnbdir
-  rm -rf ${BUILD_DIR}/buildpack.tgz
+  rm -rf $tmp_dir
 }
 
 main "${@:-}"

From a9bcbd9966baeca0190d956d9fe9b7f88757b37c Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Sat, 14 Dec 2024 14:26:54 +0200
Subject: [PATCH 10/17] setting global env variables

---
 .github/workflows/push-buildpackage.yml | 76 ++++++++++++-------------
 1 file changed, 38 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/push-buildpackage.yml b/.github/workflows/push-buildpackage.yml
index dc28c4ef..e21cbf9a 100644
--- a/.github/workflows/push-buildpackage.yml
+++ b/.github/workflows/push-buildpackage.yml
@@ -4,6 +4,7 @@ on:
   release:
     types:
     - published
+
 env:
   REGISTRIES_FILENAME: "registries.json"
 
@@ -11,6 +12,14 @@ jobs:
   push:
     name: Push
     runs-on: ubuntu-22.04
+    env:
+      GCR_REGISTRY: "gcr.io"
+      GCR_PASSWORD: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
+      GCR_USERNAME: "_json_key"
+      DOCKERHUB_REGISTRY: docker.io
+      DOCKERHUB_USERNAME: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
+      DOCKERHUB_PASSWORD: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
+
     steps:
 
     - name: Checkout
@@ -45,17 +54,15 @@ jobs:
     - name: Parse Configs
       id: parse_configs
       run: |
-        registries_filename="${{ env.REGISTRIES_FILENAME }}"
-
         push_to_dockerhub=true
         push_to_gcr=true
 
-        if [[ -f $registries_filename ]]; then
-          if jq 'has("dockerhub")' $registries_filename > /dev/null; then
-            push_to_dockerhub=$(jq '.dockerhub' $registries_filename)
+        if [[ -f $REGISTRIES_FILENAME ]]; then
+          if jq 'has("dockerhub")' $REGISTRIES_FILENAME > /dev/null; then
+            push_to_dockerhub=$(jq '.dockerhub' $REGISTRIES_FILENAME)
           fi
-          if jq 'has("GCR")' $registries_filename > /dev/null; then
-            push_to_gcr=$(jq '.GCR' $registries_filename)
+          if jq 'has("GCR")' $REGISTRIES_FILENAME > /dev/null; then
+            push_to_gcr=$(jq '.GCR' $REGISTRIES_FILENAME)
           fi
         fi
 
@@ -74,53 +81,46 @@ jobs:
     - name: Docker login docker.io
       uses: docker/login-action@v3
       with:
-        username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
-        password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
-        registry: docker.io
+        username: ${{ env.DOCKERHUB_USERNAME }}
+        password: ${{ env.DOCKERHUB_PASSWORD }}
+        registry: ${{ env.DOCKERHUB_REGISTRY }}
+
+    - name: Docker login gcr.io
+      uses: docker/login-action@v3
+      if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }}
+      with:
+        username: ${{ env.GCR_USERNAME }}
+        password: ${{ env.GCR_PASSWORD }}
+        registry: ${{ env.GCR_REGISTRY }}
 
     - name: Push to DockerHub
       if: ${{  steps.parse_configs.outputs.push_to_dockerhub == 'true' }}
       id: push
       env:
-        DOCKERHUB_USERNAME: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
-        DOCKERHUB_PASSWORD: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
         GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
       run: |
-        REPOSITORY="${GITHUB_REPOSITORY_OWNER/-/}/${GITHUB_REPOSITORY#${GITHUB_REPOSITORY_OWNER}/}" # translates 'paketo-buildpacks/bundle-install' to 'paketobuildpacks/bundle-install'
-        IMAGE="index.docker.io/${REPOSITORY}"
+        IMAGE="${GITHUB_REPOSITORY_OWNER/-/}/${GITHUB_REPOSITORY#${GITHUB_REPOSITORY_OWNER}/}" # translates 'paketo-buildpacks/bundle-install' to 'paketobuildpacks/bundle-install'
+        echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin ${DOCKERHUB_REGISTRY}
 
         ./scripts/publish.sh \
           --buildpack-archive ./buildpack.tgz \
-          --image-ref "${IMAGE}:${{ steps.event.outputs.tag_full }}"
+          --image-ref "${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}"
 
-        # echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin index.docker.io
-        sudo skopeo copy "${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${IMAGE}:${{ steps.event.outputs.tag_minor }}"
-        sudo skopeo copy "${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${IMAGE}:${{ steps.event.outputs.tag_major }}"
-        sudo skopeo copy "${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${IMAGE}:latest"
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_minor }}"
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_major }}"
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:latest"
         echo "image=${IMAGE}" >> "$GITHUB_OUTPUT"
-        echo "digest=$(sudo skopeo inspect "${IMAGE}:${{ steps.event.outputs.tag_full }}" | jq -r .Digest)" >> "$GITHUB_OUTPUT"
-
-    - name: Docker login gcr.io
-      uses: docker/login-action@v3
-      env:
-        GCR_REGISTRY: "gcr.io"
-        GCR_USERNAME: "_json_key"
-      if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }}
-      with:
-        username: ${{ env.GCR_USERNAME }}
-        password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
-        registry: ${{ env.GCR_REGISTRY }}
+        echo "digest=$(sudo skopeo inspect "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" | jq -r .Digest)" >> "$GITHUB_OUTPUT"
 
     - name: Push to GCR
       if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }}
-      env:
-        GCR_PUSH_BOT_JSON_KEY: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
       run: |
-        echo "${GCR_PUSH_BOT_JSON_KEY}" | sudo skopeo login --username _json_key --password-stdin gcr.io
-        sudo skopeo copy "${{ steps.push.outputs.image }}" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_full }}"
-        sudo skopeo copy "${{ steps.push.outputs.image }}" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}"
-        sudo skopeo copy "${{ steps.push.outputs.image }}" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_major }}"
-        sudo skopeo copy "${{ steps.push.outputs.image }}" "docker://gcr.io/${{ github.repository }}:latest"
+        echo "${GCR_PASSWORD}" | sudo skopeo login --username "${GCR_USERNAME}" --password-stdin "${GCR_REGISTRY}"
+
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_full }}"
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}"
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_major }}"
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:latest"
 
     - name: Register with CNB Registry
       uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:main

From 9771835e461524507712d719967213d29410972a Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Sat, 14 Dec 2024 17:35:04 +0200
Subject: [PATCH 11/17] fixing .gitignore and syncignore files

---
 .github/.syncignore | 2 ++
 .gitignore          | 8 ++++----
 scripts/.syncignore | 3 ++-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/.syncignore b/.github/.syncignore
index 0d39fac5..8903f275 100644
--- a/.github/.syncignore
+++ b/.github/.syncignore
@@ -1,3 +1,5 @@
 CODEOWNERS
 workflows/update-dependencies-from-metadata.yml
+workflows/push-buildpackage.yml
+workflows/create-draft-release.yml
 scripts/publish.sh
diff --git a/.gitignore b/.gitignore
index a7bf348f..68a80398 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,7 @@
 .idea
 /.bin
 /build
-bin/
-linux/
-darwin/
-windows/
\ No newline at end of file
+/bin
+/linux
+/darwin
+/windows
\ No newline at end of file
diff --git a/scripts/.syncignore b/scripts/.syncignore
index 808fb583..0fb89bb8 100644
--- a/scripts/.syncignore
+++ b/scripts/.syncignore
@@ -1,3 +1,4 @@
 options.json
 build.sh
-package.sh
\ No newline at end of file
+package.sh
+publish.sh
\ No newline at end of file

From 376e90c8c10be1a9ea8fe5a247a3f7fe5f7a7f2d Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Mon, 16 Dec 2024 11:32:04 +0200
Subject: [PATCH 12/17] adding local registry to fetch digest

---
 .github/workflows/create-draft-release.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/workflows/create-draft-release.yml b/.github/workflows/create-draft-release.yml
index b6ad6f4d..d725ace8 100644
--- a/.github/workflows/create-draft-release.yml
+++ b/.github/workflows/create-draft-release.yml
@@ -61,6 +61,12 @@ jobs:
     name: Release
     runs-on: ubuntu-22.04
     needs: integration
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+
     steps:
     - name: Setup Go
       uses: actions/setup-go@v3
@@ -129,6 +135,20 @@ jobs:
         buildpack_type: ${{ steps.get_buildpack_type.outputs.buildpack_type }}
         buildpackage_path: ${{ steps.get_buildpack_path.outputs.path }}
 
+    - name: Get Image Digest
+      id: image_digest
+
+      run: |
+        image_name="localhost:5000/npm-install:latest"
+
+        ./scripts/publish.sh \
+          --buildpack-archive ./build/buildpack.tgz \
+          --image-ref $image_name
+
+        digest=$(sudo skopeo inspect "docker://${image_name}" --tls-verify=false | jq -r .Digest)
+        echo $digest
+        echo $digest >> "$GITHUB_OUTPUT"
+
     - name: Create release assets
       id: create_release_assets
       run: |

From 93fbb19dacd806afa0a73d14f7982f736a757f27 Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Mon, 16 Dec 2024 14:31:22 +0200
Subject: [PATCH 13/17] setting the correct image digest

---
 .github/workflows/create-draft-release.yml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/create-draft-release.yml b/.github/workflows/create-draft-release.yml
index d725ace8..1ebf97a3 100644
--- a/.github/workflows/create-draft-release.yml
+++ b/.github/workflows/create-draft-release.yml
@@ -137,7 +137,6 @@ jobs:
 
     - name: Get Image Digest
       id: image_digest
-
       run: |
         image_name="localhost:5000/npm-install:latest"
 
@@ -145,9 +144,14 @@ jobs:
           --buildpack-archive ./build/buildpack.tgz \
           --image-ref $image_name
 
-        digest=$(sudo skopeo inspect "docker://${image_name}" --tls-verify=false | jq -r .Digest)
-        echo $digest
-        echo $digest >> "$GITHUB_OUTPUT"
+        echo "digest=$(sudo skopeo inspect "docker://${image_name}" --tls-verify=false | jq -r .Digest)" >> "$GITHUB_OUTPUT"
+
+    - name: Set Correct Image Digest on the Release notes
+      run: |
+          printf '${{ steps.create-release-notes.outputs.release_body }}' \
+            | sed -E \
+              "s/\*\*Digest:\*\* \`sha256:[a-f0-9]{64}\`/\*\*Digest:\*\* \`${{ steps.image_digest.outputs.digest }}\`/" \
+              > ./release_notes
 
     - name: Create release assets
       id: create_release_assets
@@ -194,7 +198,7 @@ jobs:
         tag_name: v${{ steps.tag.outputs.tag }}
         target_commitish: ${{ github.sha }}
         name: v${{ steps.tag.outputs.tag }}
-        body: ${{ steps.create-release-notes.outputs.release_body }}
+        body_filepath: "./release_notes"
         draft: true
         assets: ${{ steps.create_release_assets.outputs.release_assets }}
 

From 4374f65ef9ede59d5b4600174bcdd9b5c2824fe5 Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Mon, 16 Dec 2024 15:02:26 +0200
Subject: [PATCH 14/17] fix: copying mulit-arch

---
 .github/workflows/push-buildpackage.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/push-buildpackage.yml b/.github/workflows/push-buildpackage.yml
index e21cbf9a..9400fa56 100644
--- a/.github/workflows/push-buildpackage.yml
+++ b/.github/workflows/push-buildpackage.yml
@@ -106,9 +106,9 @@ jobs:
           --buildpack-archive ./buildpack.tgz \
           --image-ref "${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}"
 
-        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_minor }}"
-        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_major }}"
-        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:latest"
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_minor }}" --multi-arch all
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_major }}" --multi-arch all
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:latest" --multi-arch all
         echo "image=${IMAGE}" >> "$GITHUB_OUTPUT"
         echo "digest=$(sudo skopeo inspect "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" | jq -r .Digest)" >> "$GITHUB_OUTPUT"
 
@@ -117,10 +117,10 @@ jobs:
       run: |
         echo "${GCR_PASSWORD}" | sudo skopeo login --username "${GCR_USERNAME}" --password-stdin "${GCR_REGISTRY}"
 
-        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_full }}"
-        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}"
-        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_major }}"
-        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:latest"
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_full }}" --multi-arch all
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}" --multi-arch all
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:${{ steps.event.outputs.tag_major }}" --multi-arch all
+        sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${{ steps.push.outputs.image }}" "docker://${GCR_REGISTRY}/${{ github.repository }}:latest" --multi-arch all
 
     - name: Register with CNB Registry
       uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:main

From 071cc741de6bacb4844a2602c56e675909ea0b4a Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Thu, 26 Dec 2024 15:41:44 +0200
Subject: [PATCH 15/17] adding check on the index digests

---
 .github/workflows/create-draft-release.yml |  7 +++++++
 .github/workflows/push-buildpackage.yml    | 20 ++++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 .github/workflows/create-draft-release.yml
 mode change 100644 => 100755 .github/workflows/push-buildpackage.yml

diff --git a/.github/workflows/create-draft-release.yml b/.github/workflows/create-draft-release.yml
old mode 100644
new mode 100755
index 1ebf97a3..8b025a42
--- a/.github/workflows/create-draft-release.yml
+++ b/.github/workflows/create-draft-release.yml
@@ -153,6 +153,8 @@ jobs:
               "s/\*\*Digest:\*\* \`sha256:[a-f0-9]{64}\`/\*\*Digest:\*\* \`${{ steps.image_digest.outputs.digest }}\`/" \
               > ./release_notes
 
+          printf '${{ steps.image_digest.outputs.digest }}' > ./index-digest.sha256
+
     - name: Create release assets
       id: create_release_assets
       run: |
@@ -162,6 +164,11 @@ jobs:
             "path": "build/buildpack.tgz",
             "name": ($repo_name + "-" + $tag + ".tgz"),
             "content_type": "application/gzip"
+          },
+          {
+            "path": "./index-digest.sha256",
+            "name": ($repo_name + "-" + $tag + "-" + "index-digest.sha256"),
+            "content_type": "text/plain"
           }
         ]')
 
diff --git a/.github/workflows/push-buildpackage.yml b/.github/workflows/push-buildpackage.yml
old mode 100644
new mode 100755
index 9400fa56..e5b5fce2
--- a/.github/workflows/push-buildpackage.yml
+++ b/.github/workflows/push-buildpackage.yml
@@ -11,7 +11,7 @@ env:
 jobs:
   push:
     name: Push
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     env:
       GCR_REGISTRY: "gcr.io"
       GCR_PASSWORD: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
@@ -36,6 +36,7 @@ jobs:
         echo "tag_major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT"
         echo "download_tgz_file_url=$(jq -r '.release.assets[] | select(.name | endswith(".tgz")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT"
         echo "download_cnb_file_url=$(jq -r --arg tag_full "$FULL_VERSION" '.release.assets[] | select(.name | endswith($tag_full + ".cnb")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT"
+        echo "download_sha256_file_url=$(jq -r '.release.assets[] | select(.name | endswith("index-digest.sha256")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT"
 
     - name: Download .cnb buildpack
       uses: paketo-buildpacks/github-config/actions/release/download-asset@main
@@ -51,6 +52,13 @@ jobs:
         output: "/github/workspace/buildpack.tgz"
         token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
 
+    - name: Download .sha digest
+      uses: paketo-buildpacks/github-config/actions/release/download-asset@main
+      with:
+        url: ${{ steps.event.outputs.download_sha256_file_url }}
+        output: "/github/workspace/index-digest.sha256"
+        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+
     - name: Parse Configs
       id: parse_configs
       run: |
@@ -106,11 +114,19 @@ jobs:
           --buildpack-archive ./buildpack.tgz \
           --image-ref "${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}"
 
+        ## Validate that the digest pushed to registry matches with the one mentioned on the readme file
+        pushed_image_index_digest=$(sudo skopeo inspect "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" | jq -r .Digest)
+
+        if [ "$(cat ./index-digest.sha256)" != "$pushed_image_index_digest" ]; then
+          echo "Image index digest pushed to registry does not match with the one mentioned on the readme file"
+          exit 1;
+        fi
+
         sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_minor }}" --multi-arch all
         sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_major }}" --multi-arch all
         sudo skopeo copy "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:latest" --multi-arch all
         echo "image=${IMAGE}" >> "$GITHUB_OUTPUT"
-        echo "digest=$(sudo skopeo inspect "docker://${DOCKERHUB_REGISTRY}/${IMAGE}:${{ steps.event.outputs.tag_full }}" | jq -r .Digest)" >> "$GITHUB_OUTPUT"
+        echo "digest=$pushed_image_index_digest" >> "$GITHUB_OUTPUT"
 
     - name: Push to GCR
       if: ${{ steps.parse_configs.outputs.push_to_gcr == 'true' }}

From e997ac6b3cf1677b77524b3232f9dd6169af6204 Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Tue, 7 Jan 2025 14:43:31 +0200
Subject: [PATCH 16/17] refactor: package script more reusable

---
 scripts/package.sh | 30 +++++++-----------------------
 scripts/publish.sh |  4 ++--
 2 files changed, 9 insertions(+), 25 deletions(-)

diff --git a/scripts/package.sh b/scripts/package.sh
index 8ea721a6..cb79bfdd 100755
--- a/scripts/package.sh
+++ b/scripts/package.sh
@@ -144,31 +144,15 @@ function buildpackage::create() {
 
   util::print::title "Packaging ${buildpack_type}... ${output}"
 
-  if [ "$buildpack_type" == "extension" ]; then
-    cwd=$(pwd)
-    cd ${BUILD_DIR}
-    mkdir cnbdir
-    cd cnbdir
-    cp ../buildpack.tgz .
-    tar -xvf buildpack.tgz
-    rm buildpack.tgz
-
-    pack \
-      extension package "${output}" \
-        --format file
-
-    cd $cwd
-  else
-    mkdir ${BUILD_DIR}/cnbdir
-    tar -xvf ${BUILD_DIR}/buildpack.tgz -C ${BUILD_DIR}/cnbdir
+  mkdir ${BUILD_DIR}/cnbdir
+  tar -xvf ${BUILD_DIR}/buildpack.tgz -C ${BUILD_DIR}/cnbdir
 
-    pack \
-      buildpack package "${output}" \
-        --path ${BUILD_DIR}/cnbdir \
-        --format file
+  pack \
+    "${buildpack_type}" package "${output}" \
+      --path ${BUILD_DIR}/cnbdir \
+      --format file
 
-    rm -rf ${BUILD_DIR}/cnbdir
-  fi
+  rm -rf ${BUILD_DIR}/cnbdir
 }
 
 main "${@:-}"
\ No newline at end of file
diff --git a/scripts/publish.sh b/scripts/publish.sh
index 2cd01cb4..0c65d5fa 100755
--- a/scripts/publish.sh
+++ b/scripts/publish.sh
@@ -75,9 +75,9 @@ function main {
 
 function usage() {
   cat <<-USAGE
-package.sh --version <version> [OPTIONS]
+publish.sh --version <version> [OPTIONS]
 
-Packages a buildpack or an extension into a buildpackage .cnb file.
+Publishes a buildpack or an extension in to a registry.
 
 OPTIONS
   -h, --help                          Prints the command usage

From a65eb3b7a94c8b029f7331e68c12d99a0ed8ce1f Mon Sep 17 00:00:00 2001
From: Costas Papastathis <papastathiscr@gmail.com>
Date: Mon, 20 Jan 2025 17:43:53 +0200
Subject: [PATCH 17/17] removing publish from .github syncignore

---
 .github/.syncignore | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/.syncignore b/.github/.syncignore
index 8903f275..7b1d2c87 100644
--- a/.github/.syncignore
+++ b/.github/.syncignore
@@ -2,4 +2,3 @@ CODEOWNERS
 workflows/update-dependencies-from-metadata.yml
 workflows/push-buildpackage.yml
 workflows/create-draft-release.yml
-scripts/publish.sh