use matrix stratagy to avoid duplication

Author: anthony-nhs

.github/workflows/build_and_push_docker_image.yml

@@ -25,10 +25,17 @@ on:
                 default: "dev_container_build"
 
 jobs:
-    build_image_amd64:
+    build_image:
         permissions:
             id-token: write
-        runs-on: ubuntu-22.04
+        runs-on: ${{ matrix.runner }}
+        strategy:
+            matrix:
+                include:
+                    - arch: amd64
+                      runner: ubuntu-22.04
+                    - arch: arm64
+                      runner: ubuntu-22.04-arm
         steps:
             - name: Checkout code
               uses: actions/checkout@v5
@@ -37,7 +44,7 @@ jobs:
 
             - name: Build container
               run: |
-                  docker build -f "${DOCKER_FILE}" -t amd64-image .
+                  docker build -f "${DOCKER_FILE}" -t ${{ matrix.arch }}-image .
               env:
                   DOCKER_FILE: ${{ inputs.docker_file }}
 
@@ -47,7 +54,7 @@ jobs:
               with:
                   aws-region: eu-west-2
                   role-to-assume: ${{ secrets.PUSH_IMAGE_ROLE }}
-                  role-session-name: dev-container-build-amd64
+                  role-session-name: dev-container-build-${{ matrix.arch }}
                   output-credentials: true
 
             - name: Retrieve AWS Account ID
@@ -60,74 +67,20 @@ jobs:
               run: |
                   aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ steps.retrieve-deploy-account-id.outputs.account_id }}.dkr.ecr.eu-west-2.amazonaws.com
 
-            - name: Push amd64 image to Amazon ECR
+            - name: Push ${{ matrix.arch }} image to Amazon ECR
               env:
                   ECR_REPOSITORY: ${{ inputs.container_ecr }}
                   IMAGE_TAG: ${{ inputs.container_image_tag }}
                   ACCOUNT_ID: ${{ steps.retrieve-deploy-account-id.outputs.account_id }}
+                  ARCH: ${{ matrix.arch }}
               run: |
-                  docker tag "amd64-image" "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/${ECR_REPOSITORY}:${IMAGE_TAG}-amd64"
-                  docker push "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/${ECR_REPOSITORY}:${IMAGE_TAG}-amd64"
-
-            - name: Check dev container scan results
-              env:
-                  REPOSITORY_NAME: ${{ inputs.container_ecr }}
-                  IMAGE_TAG: ${{ inputs.container_image_tag }}-amd64
-                  ACCOUNT_ID: ${{ steps.retrieve-deploy-account-id.outputs.account_id }}
-                  SCRIPT_TAG: ${{ inputs.check_ecr_image_scan_results_script_tag }}
-              run: |
-                  curl -L "https://raw.githubusercontent.com/NHSDigital/eps-common-workflows/refs/heads/${SCRIPT_TAG}/.github/scripts/check_ecr_image_scan_results.sh" -o /tmp/check_ecr_image_scan_results.sh
-                  chmod +x /tmp/check_ecr_image_scan_results.sh
-                  sleep 30
-                  /tmp/check_ecr_image_scan_results.sh
-
-    build_image_arm64:
-        permissions:
-            id-token: write
-        runs-on: ubuntu-22.04-arm
-        steps:
-            - name: Checkout code
-              uses: actions/checkout@v5
-              with:
-                  fetch-depth: 0
-
-            - name: Build container
-              run: |
-                  docker build -f "${DOCKER_FILE}" -t arm64-image .
-              env:
-                  DOCKER_FILE: ${{ inputs.docker_file }}
-
-            - name: Configure AWS Credentials
-              uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8
-              id: connect-aws-deploy
-              with:
-                  aws-region: eu-west-2
-                  role-to-assume: ${{ secrets.PUSH_IMAGE_ROLE }}
-                  role-session-name: dev-container-build-arm64
-                  output-credentials: true
-
-            - name: Retrieve AWS Account ID
-              id: retrieve-deploy-account-id
-              run: |
-                  ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
-                  echo "account_id=$ACCOUNT_ID" >> "$GITHUB_OUTPUT"
-
-            - name: Login to Amazon ECR
-              run: |
-                  aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ steps.retrieve-deploy-account-id.outputs.account_id }}.dkr.ecr.eu-west-2.amazonaws.com
+                  docker tag "${ARCH}-image" "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/${ECR_REPOSITORY}:${IMAGE_TAG}-${ARCH}"
+                  docker push "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/${ECR_REPOSITORY}:${IMAGE_TAG}-${ARCH}"
 
-            - name: Push ARM64 image to Amazon ECR
-              env:
-                  ECR_REPOSITORY: ${{ inputs.container_ecr }}
-                  IMAGE_TAG: ${{ inputs.container_image_tag }}
-                  ACCOUNT_ID: ${{ steps.retrieve-deploy-account-id.outputs.account_id }}
-              run: |
-                  docker tag "arm64-image" "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/${ECR_REPOSITORY}:${IMAGE_TAG}-arm64"
-                  docker push "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/${ECR_REPOSITORY}:${IMAGE_TAG}-arm64"
             - name: Check dev container scan results
               env:
                   REPOSITORY_NAME: ${{ inputs.container_ecr }}
-                  IMAGE_TAG: ${{ inputs.container_image_tag }}-arm64
+                  IMAGE_TAG: ${{ inputs.container_image_tag }}-${{ matrix.arch }}
                   ACCOUNT_ID: ${{ steps.retrieve-deploy-account-id.outputs.account_id }}
                   SCRIPT_TAG: ${{ inputs.check_ecr_image_scan_results_script_tag }}
               run: |
@@ -140,7 +93,7 @@ jobs:
         permissions:
             id-token: write
         runs-on: ubuntu-22.04
-        needs: [build_image_amd64, build_image_arm64]
+        needs: [build_image]
         steps:
             - name: Set up Docker Buildx
               uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435