feat: add docker-build-cloud reusable workflow for multi-arch DockerHub publish (#115)

Author: Natchica

.github/workflows/docker-build-cloud.yml

@@ -0,0 +1,72 @@
+name: Build and Push Multi-Platform Docker Image via Docker Build Cloud
+
+on:
+  workflow_call:
+    inputs:
+      image-name:
+        description: "Name of Docker Image (fully qualified, e.g. 'iexechub/my-image')"
+        required: true
+        type: string
+      image-tag:
+        description: "Tag to apply to the built image (e.g. '1.0.0', no v prefix)"
+        required: true
+        type: string
+      platforms:
+        description: "Comma-separated build platforms (e.g. 'linux/amd64,linux/arm64')"
+        required: true
+        type: string
+      cloud-builder-endpoint:
+        description: "Docker Build Cloud endpoint, format '<dbc-org>/<builder>'"
+        required: true
+        type: string
+      dockerfile:
+        description: "Path to the Dockerfile (e.g. './Dockerfile', './docker/Dockerfile')"
+        default: "Dockerfile"
+        type: string
+      context:
+        description: "Path to Docker Build Context"
+        default: "."
+        type: string
+      build-args:
+        description: "Docker build arguments (multiline format: KEY1=value1\nKEY2=value2)"
+        default: ""
+        type: string
+    secrets:
+      dockerhub-username:
+        description: "Username for Docker Hub authentication"
+        required: true
+      dockerhub-password:
+        description: "DockerHub PAT with Build scope (required to authenticate to Docker Build Cloud endpoint)"
+        required: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v6
+
+      # Login MUST run before Set up Docker Buildx so the cloud driver can
+      # authenticate to the Docker Build Cloud endpoint via ~/.docker/config.json.
+      - name: Login to Docker Hub
+        uses: docker/login-action@v4
+        with:
+          username: ${{ secrets.dockerhub-username }}
+          password: ${{ secrets.dockerhub-password }}
+
+      - name: Set up Docker Buildx (Docker Build Cloud)
+        uses: docker/setup-buildx-action@v4
+        with:
+          driver: cloud
+          endpoint: ${{ inputs.cloud-builder-endpoint }}
+
+      - name: Build and push multi-platform image
+        uses: docker/build-push-action@v7
+        with:
+          build-args: ${{ inputs.build-args }}
+          context: ${{ inputs.context }}
+          file: ${{ inputs.dockerfile }}
+          platforms: ${{ inputs.platforms }}
+          push: true
+          tags: ${{ inputs.image-name }}:${{ inputs.image-tag }}

README.md

@@ -7,6 +7,9 @@ This repository contains a comprehensive collection of reusable GitHub Actions w
 ### 🐳 [Build Docker Image](./docker-build)
 Automates the process of building, tagging, and pushing Docker images to Docker Hub. Perfect for projects that require containerization with minimal configuration overhead.
 
+### ☁️ [Build Docker Image via Docker Build Cloud](./docker-build-cloud)
+Builds and pushes a multi-platform Docker image (e.g. `linux/amd64` + `linux/arm64`) to Docker Hub in a single job using Docker Build Cloud's remote builders. No QEMU emulation, no native ARM runners.
+
 ### 🚀 [Deploy Docker](./deploy-docker)
 Automates the process of building a Docker image and deploying it to a remote server. Configurable for different Dockerfile paths, image names, tags, and remote hosts. Streamlines the deployment process with secure SSH connections.
 

docker-build-cloud/CHANGELOG.md

@@ -0,0 +1 @@
+# Changelog

docker-build-cloud/README.md

@@ -0,0 +1,68 @@
+# 🐳 Docker Build Cloud — Multi-Platform Workflow
+
+## 🔍 Overview
+
+This reusable GitHub Actions workflow builds and pushes a multi-platform Docker image to Docker Hub using [Docker Build Cloud](https://docs.docker.com/build-cloud/) remote builders. It produces a single multi-arch manifest (e.g. `linux/amd64` + `linux/arm64`) in one job, with no QEMU emulation and no native ARM runners required.
+
+## ✨ Features
+
+- 🏗️ Multi-platform build in a single job via Docker Build Cloud's remote builders
+- 🔐 Authenticates to DockerHub for both registry push and DBC endpoint access
+- 🏷️ Tags the image with `<image-name>:<image-tag>`
+- 🚀 No QEMU emulation, no native ARM runners — DBC handles arch-specific builds
+
+> [!IMPORTANT]
+> Requires a Docker Build Cloud subscription and a builder configured in your DockerHub organization. The DockerHub PAT must have the **Build** scope to authenticate to the cloud endpoint.
+
+## ⚙️  Inputs
+
+| Name                     | Description                                                                       | Required | Default        |
+| ------------------------ | --------------------------------------------------------------------------------- | -------- | -------------- |
+| `build-args`             | Docker build arguments (multiline format: `KEY1=value1\nKEY2=value2`)             | No       | `""`           |
+| `cloud-builder-endpoint` | Docker Build Cloud endpoint, format `<dbc-org>/<builder>`                         | Yes      | -              |
+| `context`                | Path to Docker Build Context                                                      | No       | `"."`          |
+| `dockerfile`             | Path to the Dockerfile (e.g. `'./Dockerfile'`, `'./docker/Dockerfile'`)           | No       | `"Dockerfile"` |
+| `image-name`             | Name of Docker Image, fully qualified (e.g. `iexechub/my-image`)                  | Yes      | -              |
+| `image-tag`              | Tag to apply to the built image (e.g. `1.0.0`, no v prefix)                       | Yes      | -              |
+| `platforms`              | Comma-separated build platforms (e.g. `linux/amd64,linux/arm64`)                  | Yes      | -              |
+
+## 🔐 Secrets
+
+| Name                 | Description                                                                                | Required |
+| -------------------- | ------------------------------------------------------------------------------------------ | -------- |
+| `dockerhub-username` | Username for Docker Hub authentication                                                     | Yes      |
+| `dockerhub-password` | Personal Access Token for Docker Hub with the **Build** scope (needed for DBC endpoint)    | Yes      |
+
+## 💻 Example Usage
+
+```yaml
+name: Build and Push Release Image
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  build-multiplatform:
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build-cloud.yml@main # ⚠️ use tagged version here
+    with:
+      image-name: iexechub/my-image
+      image-tag: ${{ github.ref_name }}
+      platforms: linux/amd64,linux/arm64
+      cloud-builder-endpoint: ${{ vars.DOCKER_CLOUD_BUILDER_LABEL }}
+    secrets:
+      dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
+      dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
+```
+
+## 📝 Notes
+
+- 🔒 The DockerHub PAT must have the **Build** scope, not just Read/Write — DBC endpoints will return `403 Forbidden` otherwise.
+- 🪪 The user owning the PAT must be a member of the cloud builder (Docker Hub → org → Build Cloud → builder → Members).
+- 🔁 Login to DockerHub MUST run before `setup-buildx-action` — the cloud driver reads `~/.docker/config.json` at bootstrap.
+
+## 🛠️ Troubleshooting
+
+- **`403 Forbidden` on Set up Docker Buildx**: PAT missing Build scope, user not a member of the cloud builder, token owner not in the builder org, malformed endpoint, or inactive DBC subscription.
+- **Manifest only contains one platform**: confirm `platforms` input lists every arch with commas (no spaces).

docker-build-cloud/version.txt

@@ -0,0 +1 @@
+0.0.0