From d48d1a4b596b10089dc2c181559fd93f53e48644 Mon Sep 17 00:00:00 2001
From: David Linus Briemann <david.briemann@sap.com>
Date: Tue, 15 Jul 2025 15:56:16 +0200
Subject: [PATCH 1/4] add automatic sapmachine build action

---
 .github/workflows/auto-publish-images.yml | 108 ++++++++++++++++++++++
 dockerfiles/Dockerfile                    |  37 ++++++++
 2 files changed, 145 insertions(+)
 create mode 100644 .github/workflows/auto-publish-images.yml
 create mode 100644 dockerfiles/Dockerfile

diff --git a/.github/workflows/auto-publish-images.yml b/.github/workflows/auto-publish-images.yml
new file mode 100644
index 00000000000..135360a9953
--- /dev/null
+++ b/.github/workflows/auto-publish-images.yml
@@ -0,0 +1,108 @@
+name: Automatically build & publish SapMachine on Garden Linux container images
+
+on:
+  schedule:
+    - cron: '0 0 * * *'  # Daily at midnight
+  workflow_dispatch:
+
+env:
+  GARDEN_LINUX_IMAGE: ghcr.io/gardenlinux/gardenlinux
+  GARDEN_LINUX_VER: TODO
+  SAPMACHINE_VERSION: TODO
+  TARGET_IMAGE: WILL_BE_SET
+
+    # TODO: how to use flavor/version here?
+    # inputs:
+    #   sapMachineVersion:
+    #     type: string
+    #     description: "SapMachine major version (e.g. 21)"
+    #   gardenLinuxVersion:
+    #     type: string
+    #     description: "GardenLinux major version (e.g. 1592)"        
+
+jobs:
+  docker-login:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Login to registry
+        run: |
+          podman login -u token -p ${{ github.token }} ghcr.io
+
+  conditional-build:
+    runs-on: ubuntu-24.04
+    needs: docker-login
+
+    strategy:
+      matrix:
+        flavor: ["jdk", "jdk-headless", "jre", "jre-headless"]
+        sapmachineVersion: [24, 21, 17, 11] # TODO: generate this in another action or update by hand
+        gardenVersion: [1592, 1877] # TODO: generate this in another action or update by hand
+
+    steps:
+      - name: Retrieve existing image and extract labels
+        # id: inspect_target
+        # continue-on-error: true
+        run: |
+          set -euo pipefail
+          TARGET_IMAGE="ghcr.io/sap/sapmachine:${{sapmachineVersion}}-${{matrix.flavor}}-gl-${{matrix.gardenVersion}"
+          if podman pull $TARGET_IMAGE; then
+            SAPMACHINE_CHECKSUM=$(podman inspect $TARGET_IMAGE --format '{{ index .Labels "sapmachine.checksum" }}')
+            GARDEN_LINUX_IMAGEID=$(podman inspect $TARGET_IMAGE --format '{{ index .Labels "gardenlinux.id" }}')
+          else
+            echo "Target image not found.. forcing rebuild."
+            SAPMACHINE_CHECKSUM=""
+            GARDEN_LINUX_IMAGEID=""
+          fi
+          echo "SAPMACHINE_CHECKSUM=$SAPMACHINE_CHECKSUM" >> $GITHUB_ENV
+          echo "GARDEN_LINUX_IMAGEID=$GARDEN_LINUX_IMAGEID" >> $GITHUB_ENV
+
+      - name: Pull base image and get corresponding image id
+        run: |
+          BASE_IMAGE=ghcr.io/gardenlinux/gardenlinux:${{matrix.gardenVersion}}
+          podman pull $BASE_IMAGE
+          CURRENT_IMAGEID=$(podman image inspect $BASE_IMAGE --format '{{.Id}}')
+          echo "CURRENT_IMAGEID=$CURRENT_IMAGEID" >> $GITHUB_ENV
+
+      - name: Get current package checksum for sapmachine deb package
+        run: |
+          cd dockerfiles/
+          podman build --target checksum-stage -t checksum-temp .
+          CURRENT_CHECKSUM=$(podman run --rm checksum-temp cat /checksum.txt)
+          echo "CURRENT_CHECKSUM=$CURRENT_CHECKSUM" >> $GITHUB_ENV
+
+      - name: Decide whether to build
+        run: |
+          echo "Garden Linux image changed: $GARDEN_LINUX_IMAGEID != $CURRENT_IMAGEID"
+          echo "SapMachine .deb package changed: $SAPMACHINE_CHECKSUM != $CURRENT_CHECKSUM"
+          if [[ -z "$GARDEN_LINUX_IMAGEID != $CURRENT_IMAGEID" || "$SAPMACHINE_CHECKSUM != $CURRENT_CHECKSUM" ]]; then
+            echo "NEED_BUILD=true" >> $GITHUB_ENV
+          else
+            echo "NEED_BUILD=false" >> $GITHUB_ENV
+          fi
+
+      - name: Build and push image
+        if: env.NEED_BUILD == 'true'
+        run: |
+          podman build --target main-stage --build-arg GARDEN_LINUX_MAJOR_VER="${{ matrix.gardenVersion }}" --build-arg SAPMACHINE_MAJOR_VER="${{ matrix.sapmachineVersion }}" --build-arg SAPMACHINE_FLAVOR="${{ matrix.flavor }}" --build-arg SAPMACHINE_CHECKSUM="$SAPMACHINE_CHECKSUM" --build-arg GARDEN_LINUX_IMAGEID="$GARDEN_LINUX_IMAGEID" -t "ghcr.io/sap/sapmachine:${{ matrix.sapmachineVersion }}-${{ matrix.flavor }}-gl-${{ matrix.gardenVersion }}" .
+          echo "TODO: PUBLISH"
+          # podman build \
+          #   --build-arg BASE_IMAGE_DIGEST=$CURRENT_BASE_DIGEST \
+          #   --build-arg DEB_PACKAGE_CHECKSUM=$CURRENT_PACKAGE_CHECKSUM \
+          #   -t docker.io/your-namespace/your-target-image:latest .
+          #
+          # podman push docker.io/your-namespace/your-target-image:latest
+#             SM_FLAVOURS=(jdk jdk-headless jre jre-headless)
+#             SM_REGISTRY="ghcr.io/sap/sapmachine"
+#             cd dockerfiles/${{ inputs.sapMachineVersion }}/gardenlinux/${{ inputs.gardenLinuxVersion }}
+#             podman login -u token -p ${{ github.token }} ghcr.io
+#             for sm_flvr in "${SM_FLAVOURS[@]}" ; do
+#               tag=${{ inputs.sapMachineVersion }}-${sm_flvr}-gl-${{ inputs.gardenLinuxVersion }}
+#               cd ${sm_flvr}
+#               podman manifest create ${SM_REGISTRY}:$tag
+#               podman build --platform linux/amd64,linux/arm64 --manifest ${SM_REGISTRY}:$tag .
+#               podman manifest push ${SM_REGISTRY}:$tag
+#               cd ..
+#             done
+#
+#
+#
diff --git a/dockerfiles/Dockerfile b/dockerfiles/Dockerfile
new file mode 100644
index 00000000000..c38bb6d5073
--- /dev/null
+++ b/dockerfiles/Dockerfile
@@ -0,0 +1,37 @@
+ARG GARDEN_LINUX_MAJOR_VER
+ARG SAPMACHINE_MAJOR_VER
+ARG SAPMACHINE_FLAVOR
+
+# Base image used in all further stages
+FROM ghcr.io/gardenlinux/gardenlinux:$GARDEN_LINUX_MAJOR_VER as base-stage
+RUN apt-get update && apt-get -y --no-install-recommends install wget && \
+    wget -qO- https://dist.sapmachine.io/debian/sapmachine.key > /etc/apt/trusted.gpg.d/sapmachine.asc && \
+    chmod 644 /etc/apt/trusted.gpg.d/sapmachine.asc && \
+    echo "deb https://dist.sapmachine.io/debian/$(dpkg --print-architecture)/ ./" > /etc/apt/sources.list.d/sapmachine.list && \
+    apt-get update
+
+# TODO: do checksum verification via debian repository
+# https://dist.sapmachine.io/debian/amd64/Packages
+
+# Image to calculate and export checksum.
+FROM base-stage as checksum-stage
+ARG SAPMACHINE_MAJOR_VER
+ARG SAPMACHINE_FLAVOR
+RUN apt download -y sapmachine-$SAPMACHINE_MAJOR_VER-$SAPMACHINE_FLAVOR
+RUN echo -n "md5:" > checksum.txt
+RUN md5sum sapmachine-$SAPMACHINE_MAJOR_VER-$SAPMACHINE_FLAVOR*.deb | awk '{ print $1 }' >> checksum.txt
+
+
+# Final image
+FROM base-stage as main-stage
+ARG SAPMACHINE_MAJOR_VER
+ARG SAPMACHINE_FLAVOR
+ARG SAPMACHINE_CHECKSUM
+ARG GARDEN_LINUX_IMAGEID
+LABEL sapmachine.checksum=$SAPMACHINE_CHECKSUM
+LABEL gardenlinux.id=$GARDEN_LINUX_IMAGEID
+RUN apt-get -y --no-install-recommends install sapmachine-$SAPMACHINE_MAJOR_VER-$SAPMACHINE_FLAVOR
+RUN apt-get remove -y --purge --autoremove wget && rm -rf /var/lib/apt/lists/*
+ENV JAVA_HOME=/usr/lib/jvm/sapmachine-24
+
+CMD ["jshell"]

From a0a652b55f3e01813977a2a4e12c632b05cb1526 Mon Sep 17 00:00:00 2001
From: David Linus Briemann <david.briemann@sap.com>
Date: Wed, 23 Jul 2025 15:11:03 +0200
Subject: [PATCH 2/4] up

---
 .github/workflows/auto-publish-images.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/.github/workflows/auto-publish-images.yml b/.github/workflows/auto-publish-images.yml
index 135360a9953..0093336f248 100644
--- a/.github/workflows/auto-publish-images.yml
+++ b/.github/workflows/auto-publish-images.yml
@@ -11,15 +11,6 @@ env:
   SAPMACHINE_VERSION: TODO
   TARGET_IMAGE: WILL_BE_SET
 
-    # TODO: how to use flavor/version here?
-    # inputs:
-    #   sapMachineVersion:
-    #     type: string
-    #     description: "SapMachine major version (e.g. 21)"
-    #   gardenLinuxVersion:
-    #     type: string
-    #     description: "GardenLinux major version (e.g. 1592)"        
-
 jobs:
   docker-login:
     runs-on: ubuntu-24.04

From 0be36c7987a8f0d6f784e329b7dddd1583d08738 Mon Sep 17 00:00:00 2001
From: David Linus Briemann <david.briemann@sap.com>
Date: Wed, 23 Jul 2025 15:14:50 +0200
Subject: [PATCH 3/4] disable daily cron

---
 .github/workflows/auto-publish-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/auto-publish-images.yml b/.github/workflows/auto-publish-images.yml
index 0093336f248..21ff857e303 100644
--- a/.github/workflows/auto-publish-images.yml
+++ b/.github/workflows/auto-publish-images.yml
@@ -1,8 +1,8 @@
 name: Automatically build & publish SapMachine on Garden Linux container images
 
 on:
-  schedule:
-    - cron: '0 0 * * *'  # Daily at midnight
+  # schedule:
+  #   - cron: '0 0 * * *'  # Daily at midnight
   workflow_dispatch:
 
 env:

From 5dc3a68fe0428a85636d91a80b7981568b3c8ea3 Mon Sep 17 00:00:00 2001
From: David Linus Briemann <david.briemann@sap.com>
Date: Wed, 23 Jul 2025 15:25:54 +0200
Subject: [PATCH 4/4] change name to hopefully create action in UI

---
 .github/workflows/auto-publish-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-publish-images.yml b/.github/workflows/auto-publish-images.yml
index 21ff857e303..79dd1e1e1be 100644
--- a/.github/workflows/auto-publish-images.yml
+++ b/.github/workflows/auto-publish-images.yml
@@ -1,4 +1,4 @@
-name: Automatically build & publish SapMachine on Garden Linux container images
+name: "WIP: SapMachine auto builder"
 
 on:
   # schedule: