hexpm · ericmj · Jun 6, 2026 · Jun 6, 2026 · Jun 6, 2026
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -17,7 +17,7 @@ jobs:
 
       - uses: erlef/setup-beam@fc68ffb90438ef2936bbb3251622353b3dcb2f93 # v1.24.0
         with:
-          otp-version: 27.3
+          otp-version: 27.3.4.12
           elixir-version: 1.18.1
 
       - run: mix deps.get
@@ -27,21 +27,13 @@ jobs:
       - run: mix test
 
   docker:
-    name: Docker (${{ matrix.platform }})
-    runs-on: ${{ matrix.runner }}
+    name: Docker
+    runs-on: ubuntu-24.04-arm
 
     permissions:
       contents: 'read'
       id-token: 'write'
 
-    strategy:
-      matrix:
-        include:
-          - platform: linux/amd64
-            runner: ubuntu-24.04
-          - platform: linux/arm64
-            runner: ubuntu-24.04-arm
-
     env:
       IMAGE_NAME: 'diff'
       PROJECT_ID: 'hexpm-prod'
@@ -53,6 +45,9 @@ jobs:
         with:
           persist-credentials: false
 
+      - name: Set short git commit SHA
+        run: echo "COMMIT_SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
 
@@ -75,74 +70,12 @@ jobs:
           username: 'oauth2accesstoken'
           password: '${{ steps.auth.outputs.access_token }}'
 
-      - name: Build and push by digest
+      - name: Build and push
         id: build
         uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
         with:
-          platforms: ${{ matrix.platform }}
-          outputs: type=image,name=gcr.io/${{ env.PROJECT_ID }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' && env.SERVICE_ACCOUNT != '' }}
-          cache-from: type=gha,scope=${{ matrix.runner }}
-          cache-to: type=gha,scope=${{ matrix.runner }},mode=max
-
-      - name: Export digest
-        if: ${{ github.event_name != 'pull_request' && env.SERVICE_ACCOUNT != '' }}
-        run: |
-          mkdir -p /tmp/digests
-          digest="${DIGEST}"
-          touch "/tmp/digests/${digest#sha256:}"
-        env:
-          DIGEST: ${{ steps.build.outputs.digest }}
-
-      - name: Upload digest
-        if: ${{ github.event_name != 'pull_request' && env.SERVICE_ACCOUNT != '' }}
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-        with:
-          name: digests-${{ matrix.runner }}
-          path: /tmp/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  docker-merge:
-    name: Docker Merge
-    runs-on: ubuntu-24.04
-    if: ${{ github.event_name != 'pull_request' && github.repository == 'hexpm/diff' }}
-    needs: docker
-    permissions:
-      contents: 'read'
-      id-token: 'write'
-    env:
-      IMAGE_NAME: 'diff'
-      PROJECT_ID: 'hexpm-prod'
-      SERVICE_ACCOUNT: ${{ secrets.GCLOUD_SERVICE_ACCOUNT }}
-      WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCLOUD_WORKFLOW_IDENTITY_POOL_PROVIDER }}
-    steps:
-      - name: Set short git commit SHA
-        run: echo "COMMIT_SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV
-      - name: Download digests
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
-        with:
-          path: /tmp/digests
-          pattern: digests-*
-          merge-multiple: true
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
-      - name: Google auth
-        id: auth
-        uses: 'google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093' # v3.0.0
-        with:
-          token_format: 'access_token'
-          project_id: ${{ env.PROJECT_ID }}
-          service_account: ${{ env.SERVICE_ACCOUNT }}
-          workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
-      - name: Docker Auth
-        uses: 'docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee' # v4.2.0
-        with:
-          registry: gcr.io
-          username: 'oauth2accesstoken'
-          password: '${{ steps.auth.outputs.access_token }}'
-      - name: Create manifest list and push
-        working-directory: /tmp/digests
-        run: |
-          docker buildx imagetools create \
-            -t gcr.io/${PROJECT_ID}/${IMAGE_NAME}:${COMMIT_SHORT_SHA} \
-            $(printf "gcr.io/${PROJECT_ID}/${IMAGE_NAME}@sha256:%s " *)
+          platforms: linux/arm64
+          tags: gcr.io/${{ env.PROJECT_ID }}/${{ env.IMAGE_NAME }}:${{ env.COMMIT_SHORT_SHA }}
+          push: ${{ github.event_name != 'pull_request' && env.SERVICE_ACCOUNT != '' }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 ARG ELIXIR_VERSION=1.18.1
-ARG ERLANG_VERSION=27.3
+ARG ERLANG_VERSION=27.3.4.12
 ARG DEBIAN_VERSION=bookworm-20260518-slim
 
 FROM hexpm/elixir:${ELIXIR_VERSION}-erlang-${ERLANG_VERSION}-debian-${DEBIAN_VERSION} AS build