build multiple alpine images

Author: pdabelf5

.github/workflows/ci.yml

@@ -16,14 +16,14 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        image: ["3.17", "3.19", "3.20"]
+        openssl_version: ["3.0.9"]
     steps:
       - name: Checkout Repository
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
-      - name: Get Alpine version
-        id: alpine
-        run: echo "version=$(grep -m1 'FROM alpine' <Dockerfile | awk -F'[:]' '{print $2}')" >> $GITHUB_OUTPUT
-
       - name: Docker Buildx
         uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
 
@@ -52,7 +52,7 @@ jobs:
             type=ref,event=pr
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}},suffix=-alpine${{ steps.alpine.outputs.version }}
+            type=semver,pattern={{version}},suffix=-alpine${{ matrix.image }}
         env:
           DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
 
@@ -62,23 +62,27 @@ jobs:
         with:
           file: Dockerfile
           context: "."
-          cache-from: type=gha,scope=alpine
-          cache-to: type=gha,scope=alpine,mode=max
+          cache-from: type=gha,scope=alpine${{ matrix.image }}
+          cache-to: type=gha,scope=alpine${{ matrix.image }},mode=max
           tags: ${{ steps.meta.outputs.tags }}
           load: ${{ github.event_name == 'pull_request' }}
           push: ${{ github.event_name != 'pull_request' }}
           platforms: ${{ github.event_name != 'pull_request' && env.platforms || '' }}
           annotations: ${{ github.event_name != 'pull_request' && steps.meta.outputs.annotations || '' }}
+          target: alpine
           pull: true
           sbom: ${{ github.event_name != 'pull_request' }}
           provenance: ${{ github.event_name != 'pull_request' }}
+          build-args: | 
+            BUILD_OS=alpine:${{ matrix.image }}
+            OPENSSL_VERSION=${{ matrix.openssl_version }}
 
       - name: Run Grype vulnerability scanner
         uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
         continue-on-error: true
         id: scan
         with:
-          image: ghcr.io/nginxinc/alpine-fips:${{ steps.meta.outputs.version }}
+          image: ghcr.io/nginxinc/alpine-fips:${{ steps.meta.outputs.version }}-alpine${{ matrix.image }}
           only-fixed: true
           add-cpes-if-none: true
 

Dockerfile

@@ -1,7 +1,10 @@
-FROM alpine:3.19
-
+# syntax=docker/dockerfile:1.6
+ARG BUILD_OS=alpine:3.19
 ARG OPENSSL_VERSION=3.0.9
 
+FROM ${BUILD_OS} as alpine
+ARG OPENSSL_VERSION
+
 RUN apk add --no-cache --virtual .build-deps \
     make gcc libgcc musl-dev linux-headers perl vim \
     &&  wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \