Multiarch build support (#5)

Ableytner · web-flow · commit ff88c2441153 · 2026-01-24T22:19:31.000+01:00
* initial multiarch build support

* fix optional version_number check

* fetch arch / instruction_set in run step

* login to ghcr before push

* push to correct package registry

* fix docker download order
diff --git a/.github/workflows/build-push-linux.yaml b/.github/workflows/build-push-linux.yaml
@@ -0,0 +1,58 @@
+name: Build and push linux images
+
+on:
+  workflow_call:
+    inputs:
+      version_number:
+        required: false
+        type: string
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build-push-linux:
+    runs-on: [self-hosted, linux]
+    permissions:
+      contents: read
+      packages: write
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: lowercase github.repository
+      run: |
+        echo "IMAGE_NAME=`echo ${{github.repository}} | tr '[:upper:]' '[:lower:]'`" >>${GITHUB_ENV}
+    - name: Docker meta
+      uses: docker/metadata-action@v5
+      id: meta
+      with:
+        images: |
+          ghcr.io/${{ env.IMAGE_NAME }}
+        tags: |
+          # always release image under 'dev-ubuntu' tag
+          type=raw,value=dev-ubuntu
+          # release under 'latest-ubuntu' tag if set
+          type=raw,value=latest-ubuntu,enable=${{ github.event.inputs.version_number != '' }}
+          # release under version tag
+          type=raw,value=${{ github.event.inputs.version_number }}-ubuntu,enable=${{ github.event.inputs.version_number != '' }}
+        labels: |
+          org.opencontainers.image.authors=Ableytner
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build and push
+      uses: docker/build-push-action@v6
+      with:
+        context: ./linux
+        platforms: linux/amd64,linux/arm64
+        pull: true
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/define-build-linux-image.yaml b/.github/workflows/define-build-linux-image.yaml
diff --git a/.github/workflows/release-tagged-images.yaml b/.github/workflows/release-tagged-images.yaml
@@ -11,66 +11,14 @@ defaults:
     shell: bash
 
 jobs:
-  build-linux:
-    uses: ./.github/workflows/define-build-linux-image.yaml
+  build-push-linux:
+    uses: ./.github/workflows/build-push-linux.yaml
     secrets: inherit
-
-  tag:
-    runs-on: self-hosted
-    steps:
-    - uses: mukunku/tag-exists-action@v1.6.0
-      id: check-tag
-      with: 
-        tag: ${{ github.event.inputs.version_number }}
-    - name: Fail if tag exists
-      if: steps.check-tag.outputs.exists == 'true' 
-      run: |
-        echo "Tag ${{ github.event.inputs.version_number }} exists!"
-        exit 1
-    - name: Print tag if it doesn't exist
-      if: steps.check-tag.outputs.exists == 'false' 
-      run: |
-        echo "Tag ${{ github.event.inputs.version_number }} doesn't yet exist and can be created"
-
-  push-linux:
-    needs: [tag, build-linux]
-    runs-on: [self-hosted, linux]
-    permissions:
-      contents: read
-      packages: write
-    steps:
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-    - name: lowercase github.repository
-      run: |
-        echo "IMAGE_NAME=`echo ${{github.repository}} | tr '[:upper:]' '[:lower:]'`" >>${GITHUB_ENV}
-    - name: Download cached docker image
-      run: |
-        curl -X GET http://192.168.0.11:25000/attachments/gha-runner/1/image_ubuntu.tar -o /tmp/image_ubuntu.tar
-    - name: Load image
-      run: |
-        docker load --input /tmp/image_ubuntu.tar
-    - name: Push
-      run: |
-        docker tag ${{ env.IMAGE_NAME }}:latest-ubuntu ghcr.io/${{ env.IMAGE_NAME }}:${{ github.event.inputs.version_number }}-ubuntu
-        docker push ghcr.io/${{ env.IMAGE_NAME }}:${{ github.event.inputs.version_number }}-ubuntu
-        docker tag ghcr.io/${{ env.IMAGE_NAME }}:${{ github.event.inputs.version_number }}-ubuntu ghcr.io/${{ env.IMAGE_NAME }}:latest-ubuntu
-        docker push ghcr.io/${{ env.IMAGE_NAME }}:latest-ubuntu
-    - name: Remove local image
-      if: always()
-      run: |
-        docker image rm ${{ env.IMAGE_NAME }}:latest-ubuntu
-    - name: Remove cached docker image
-      if: always()
-      run: |
-        curl -X DELETE http://192.168.0.11:25000/attachments/gha-runner/1/image_ubuntu.tar
+    with:
+      version_number: ${{ github.event.inputs.version_number }}
 
   release:
-    needs: [tag, build-linux, push-linux]
+    needs: [build-push-linux]
     runs-on: [self-hosted, linux]
     permissions:
       contents: write
diff --git a/.github/workflows/run-build-images.yaml b/.github/workflows/run-build-images.yaml
@@ -7,41 +7,6 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-linux:
-    uses: ./.github/workflows/define-build-linux-image.yaml
+  build-push-linux:
+    uses: ./.github/workflows/build-push-linux.yaml
     secrets: inherit
-
-  push:
-    needs: [build-linux]
-    runs-on: [self-hosted, linux]
-    permissions:
-      contents: read
-      packages: write
-    steps:
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-    - name: lowercase github.repository
-      run: |
-        echo "IMAGE_NAME=`echo ${{github.repository}} | tr '[:upper:]' '[:lower:]'`" >>${GITHUB_ENV}
-    - name: Download cached docker image
-      run: |
-        curl -X GET http://192.168.0.11:25000/attachments/gha-runner/1/image_ubuntu.tar -o /tmp/image_ubuntu.tar
-    - name: Load image
-      run: |
-        docker load --input /tmp/image_ubuntu.tar
-    - name: Push
-      run: |
-        docker tag ${{ env.IMAGE_NAME }}:latest-ubuntu ghcr.io/${{ env.IMAGE_NAME }}:dev
-        docker push ghcr.io/${{ env.IMAGE_NAME }}:dev
-    - name: Remove local image
-      if: always()
-      run: |
-        docker image rm ${{ env.IMAGE_NAME }}:latest-ubuntu
-    - name: Remove cached docker image
-      if: always()
-      run: |
-        curl -X DELETE http://192.168.0.11:25000/attachments/gha-runner/1/image_ubuntu.tar
diff --git a/linux/Dockerfile b/linux/Dockerfile
@@ -1,14 +1,14 @@
 FROM ubuntu:24.04
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 # NOTE: CONTAINERD_VERSION needs to stay at 1.7.28 due to:
 # https://github.com/nestybox/sysbox/issues/973
 ARG RUNNER_VERSION="2.331.0" \
   CONTAINERD_VERSION="1.7.28" \
   DOCKER_VERSION="29.1.5" \
   BUILDX_VERSION="0.30.1" \
-  COMPOSE_VERSION="2.40.3" \
-  ARCH="amd64" \
-  INSTRUCTION_SET="x64"
+  COMPOSE_VERSION="2.40.3"
 
 ARG DEBIAN_FRONTEND=noninteractive
 
@@ -21,7 +21,8 @@ RUN apt-get update \
   && chmod 777 /opt/hostedtoolcache
 
 # install github actions runner
-RUN mkdir -p /home/runner/actions-runner \
+RUN INSTRUCTION_SET="$(arch | sed s/aarch64/arm64/ | sed s/x86_64/x64/)" \
+  && mkdir -p /home/runner/actions-runner \
   && curl -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${INSTRUCTION_SET}-${RUNNER_VERSION}.tar.gz -o /home/runner/actions-runner/actions.tar.gz \
   && cd /home/runner/actions-runner \
   && tar -xzf actions.tar.gz \
@@ -42,7 +43,8 @@ RUN apt-get update \
   wget
 
 # install gh cli
-RUN curl -L -H "Accept: application/vnd.github+json" https://api.github.com/repos/cli/cli/releases/latest \
+RUN ARCH="$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)" \
+  && curl -L -H "Accept: application/vnd.github+json" https://api.github.com/repos/cli/cli/releases/latest \
   | jq -r '.tag_name' \
   | sed 's/^v//g' \
   > /tmp/ghcli_vers.txt \
@@ -55,9 +57,10 @@ RUN curl -L -H "Accept: application/vnd.github+json" https://api.github.com/repo
   && rm /tmp/ghcli.deb
 
 # install docker
-RUN mkdir -p /home/runner/tmp \
-  && cd /home/runner/tmp \
+RUN ARCH="$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)" \
   && BASE_URL="https://download.docker.com/linux/ubuntu/dists/noble/pool/stable/${ARCH}" \
+  && mkdir -p /home/runner/tmp \
+  && cd /home/runner/tmp \
   && curl -L ${BASE_URL}/containerd.io_${CONTAINERD_VERSION}-1~ubuntu.24.04~noble_${ARCH}.deb -o ./containerd.io.deb \
   && curl -L ${BASE_URL}/docker-ce_${DOCKER_VERSION}-1~ubuntu.24.04~noble_${ARCH}.deb -o ./docker-ce.deb \
   && curl -L ${BASE_URL}/docker-ce-cli_${DOCKER_VERSION}-1~ubuntu.24.04~noble_${ARCH}.deb -o ./docker-ce-cli.deb \
diff --git a/linux/scripts/entrypoint.sh b/linux/scripts/entrypoint.sh
@@ -60,6 +60,7 @@ rm token_resp.txt
     --token "${REG_TOKEN}" \
     --name "${RUNNER_NAME:-"runner-ubuntu"}-${HOSTNAME}" \
     --unattended \
+    --disableupdate \
     --labels "${EXTRA_LABELS:-}"
 
 cleanup() {
