From 6fcf2fa70b95c06f941e9c2b55bc22ec86c28b90 Mon Sep 17 00:00:00 2001
From: James Greenhill <fuziontech@gmail.com>
Date: Wed, 1 Apr 2026 20:45:52 -0700
Subject: [PATCH] Fix: use buildx imagetools for multi-arch manifest creation

docker/build-push-action pushes single-platform manifest lists, not
plain images. `docker manifest create` cannot compose manifest lists
from other manifest lists ("is a manifest list" error). Switch to
`docker buildx imagetools create` which handles this correctly.

Also captures the manifest digest via `imagetools inspect` for the
deployment payload.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/container-image-cd.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/container-image-cd.yml b/.github/workflows/container-image-cd.yml
index 6fc1dbe..61407fa 100644
--- a/.github/workflows/container-image-cd.yml
+++ b/.github/workflows/container-image-cd.yml
@@ -87,6 +87,9 @@ jobs:
             packages: write
 
         steps:
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+
             - name: Configure AWS credentials
               uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
               with:
@@ -106,19 +109,18 @@ jobs:
             - name: Create and push ECR manifest
               id: ecr-manifest
               run: |
-                  docker manifest create ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \
+                  docker buildx imagetools create --tag ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \
                       ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64 \
                       ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64
-                  digest=$(docker manifest push ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }})
+                  digest=$(docker buildx imagetools inspect ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} --format '{{.Manifest.Digest}}')
                   echo "digest=${digest}" >> "$GITHUB_OUTPUT"
 
             - name: Create and push GHCR manifests
               run: |
                   for tag in "${{ github.sha }}" "latest"; do
-                      docker manifest create ${{ env.GHCR_REGISTRY }}/posthog/${{ env.IMAGE_NAME }}:${tag} \
+                      docker buildx imagetools create --tag ${{ env.GHCR_REGISTRY }}/posthog/${{ env.IMAGE_NAME }}:${tag} \
                           ${{ env.GHCR_REGISTRY }}/posthog/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64 \
                           ${{ env.GHCR_REGISTRY }}/posthog/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64
-                      docker manifest push ${{ env.GHCR_REGISTRY }}/posthog/${{ env.IMAGE_NAME }}:${tag}
                   done
 
             - name: Get deployer token