From 84644fee26d9a860e6ff327b2642d46f22424654 Mon Sep 17 00:00:00 2001 From: Lorenzo Manacorda Date: Thu, 4 Dec 2025 16:36:24 +0100 Subject: [PATCH 1/6] ci: multi-arch without qemu --- .github/workflows/docker.yaml | 77 +++++++++++++++++++++++++++++------ Dockerfile | 6 ++- 2 files changed, 69 insertions(+), 14 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index a6e7d19..c6f05e0 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -16,14 +16,20 @@ concurrency: cancel-in-progress: true jobs: - docker: + build: runs-on: cluster-runner permissions: contents: read + strategy: + matrix: + include: + - platform: linux/amd64 + goarch: amd64 + - platform: linux/arm64 + goarch: arm64 steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - uses: actions/checkout@v6 - name: Login to Docker Hub uses: docker/login-action@v3 @@ -38,18 +44,18 @@ jobs: images: golemnetwork/restate-allocators tags: | # Tag main as latest - type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=latest,enable={{is_default_branch}},suffix=-${{ matrix.goarch }} # Label based on git tag - type=ref,event=tag + type=ref,event=tag,suffix=-${{ matrix.goarch }} # Also add label for major version only - type=match,pattern=v\d+ + type=match,pattern=v\d+,suffix=-${{ matrix.goarch }} # Nightly release for each PR - type=ref,event=pr + type=ref,event=pr,suffix=-${{ matrix.goarch }} # Nightly releases on each push, except on main - type=sha,enable={{is_not_default_branch}} + type=sha,enable={{is_not_default_branch}},suffix=-${{ matrix.goarch }} # check out PR head instead of merge commit into base branch # this way, the SHAs will be correct env: @@ -59,12 +65,57 @@ jobs: uses: docker/build-push-action@v6 with: push: true - platforms: | - linux/amd64 - linux/arm64/v8 + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + build-args: | + GOARCH=${{ matrix.goarch }} + cache-from: type=gha,scope=${{ matrix.goarch }} + cache-to: type=gha,mode=max,scope=${{ matrix.goarch }} env: DOCKER_BUILD_RECORD_UPLOAD: false + + manifest: + runs-on: cluster-runner + needs: build + permissions: + contents: read + + steps: + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: golemnetwork/restate-allocators + tags: | + # Tag main as latest + type=raw,value=latest,enable={{is_default_branch}} + + # Label based on git tag + type=ref,event=tag + # Also add label for major version only + type=match,pattern=v\d+ + + # Nightly release for each PR + type=ref,event=pr + + # Nightly releases on each push, except on main + type=sha,enable={{is_not_default_branch}} + env: + DOCKER_METADATA_PR_HEAD_SHA: true + + - name: Create and push multi-arch manifest + run: | + TAGS="${{ steps.meta.outputs.tags }}" + + for tag in $TAGS; do + docker buildx imagetools create -t $tag \ + ${tag}-amd64 \ + ${tag}-arm64 + done diff --git a/Dockerfile b/Dockerfile index 2c45741..b826859 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,13 +2,17 @@ FROM golang:1.24.3-alpine AS builder +ARG GOARCH=amd64 +ARG GOOS=linux + WORKDIR /build ADD . /build/ RUN mkdir /out -RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod/ go build -o /out/service ./cmd +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod/ \ + GOARCH=${GOARCH} GOOS=${GOOS} CGO_ENABLED=0 go build -o /out/service ./cmd FROM alpine From 0045e860bc64d6b648c73085af1f253b8ba72885 Mon Sep 17 00:00:00 2001 From: Lorenzo Manacorda Date: Thu, 4 Dec 2025 16:51:29 +0100 Subject: [PATCH 2/6] ci: use idiomatic Docker arch variables --- .github/workflows/docker.yaml | 2 -- Dockerfile | 6 +++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index c6f05e0..56152c0 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -68,8 +68,6 @@ jobs: platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - build-args: | - GOARCH=${{ matrix.goarch }} cache-from: type=gha,scope=${{ matrix.goarch }} cache-to: type=gha,mode=max,scope=${{ matrix.goarch }} env: diff --git a/Dockerfile b/Dockerfile index b826859..60b0d86 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ # syntax=docker/dockerfile:1 -FROM golang:1.24.3-alpine AS builder +FROM --platform=$BUILDPLATFORM golang:1.24.3-alpine AS builder -ARG GOARCH=amd64 -ARG GOOS=linux +ARG TARGETOS +ARG TARGETARCH WORKDIR /build From 14fd0522c48bb78becce2709b73cc202ee29f0d8 Mon Sep 17 00:00:00 2001 From: Lorenzo Manacorda Date: Thu, 4 Dec 2025 16:51:29 +0100 Subject: [PATCH 3/6] ci: avoid repetition --- .github/workflows/docker.yaml | 81 +++++++++++++++-------------------- Dockerfile | 2 +- 2 files changed, 36 insertions(+), 47 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 56152c0..c6b7eb8 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -16,27 +16,16 @@ concurrency: cancel-in-progress: true jobs: - build: + metadata: runs-on: cluster-runner permissions: contents: read - strategy: - matrix: - include: - - platform: linux/amd64 - goarch: amd64 - - platform: linux/arm64 - goarch: arm64 - + outputs: + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} steps: - uses: actions/checkout@v6 - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Extract metadata id: meta uses: docker/metadata-action@v5 @@ -44,30 +33,52 @@ jobs: images: golemnetwork/restate-allocators tags: | # Tag main as latest - type=raw,value=latest,enable={{is_default_branch}},suffix=-${{ matrix.goarch }} + type=raw,value=latest,enable={{is_default_branch}} # Label based on git tag - type=ref,event=tag,suffix=-${{ matrix.goarch }} + type=ref,event=tag # Also add label for major version only - type=match,pattern=v\d+,suffix=-${{ matrix.goarch }} + type=match,pattern=v\d+ # Nightly release for each PR - type=ref,event=pr,suffix=-${{ matrix.goarch }} + type=ref,event=pr # Nightly releases on each push, except on main - type=sha,enable={{is_not_default_branch}},suffix=-${{ matrix.goarch }} + type=sha,enable={{is_not_default_branch}} # check out PR head instead of merge commit into base branch # this way, the SHAs will be correct env: DOCKER_METADATA_PR_HEAD_SHA: true + build: + runs-on: cluster-runner + needs: metadata + permissions: + contents: read + strategy: + matrix: + include: + - platform: linux/amd64 + goarch: amd64 + - platform: linux/arm64 + goarch: arm64 + + steps: + - uses: actions/checkout@v6 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Build and push Docker image uses: docker/build-push-action@v6 with: push: true platforms: ${{ matrix.platform }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: ${{ needs.metadata.outputs.tags }}-${{ matrix.goarch }} + labels: ${{ needs.metadata.outputs.labels }} cache-from: type=gha,scope=${{ matrix.goarch }} cache-to: type=gha,mode=max,scope=${{ matrix.goarch }} env: @@ -75,7 +86,7 @@ jobs: manifest: runs-on: cluster-runner - needs: build + needs: [metadata, build] permissions: contents: read @@ -86,31 +97,9 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Extract metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: golemnetwork/restate-allocators - tags: | - # Tag main as latest - type=raw,value=latest,enable={{is_default_branch}} - - # Label based on git tag - type=ref,event=tag - # Also add label for major version only - type=match,pattern=v\d+ - - # Nightly release for each PR - type=ref,event=pr - - # Nightly releases on each push, except on main - type=sha,enable={{is_not_default_branch}} - env: - DOCKER_METADATA_PR_HEAD_SHA: true - - name: Create and push multi-arch manifest run: | - TAGS="${{ steps.meta.outputs.tags }}" + TAGS="${{ needs.metadata.outputs.tags }}" for tag in $TAGS; do docker buildx imagetools create -t $tag \ diff --git a/Dockerfile b/Dockerfile index 60b0d86..26d78d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ ADD . /build/ RUN mkdir /out RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod/ \ - GOARCH=${GOARCH} GOOS=${GOOS} CGO_ENABLED=0 go build -o /out/service ./cmd + GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 go build -o /out/service ./cmd FROM alpine From 257e9370d4fd8d3042cdcf9b8c615b86a0edebe0 Mon Sep 17 00:00:00 2001 From: Lorenzo Manacorda Date: Thu, 4 Dec 2025 17:06:43 +0100 Subject: [PATCH 4/6] ci: simplify --- .github/workflows/docker.yaml | 70 ++++++++--------------------------- 1 file changed, 16 insertions(+), 54 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index c6b7eb8..7a6e9d1 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -16,16 +16,23 @@ concurrency: cancel-in-progress: true jobs: - metadata: + docker: runs-on: cluster-runner permissions: contents: read - outputs: - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + steps: - uses: actions/checkout@v6 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Extract metadata id: meta uses: docker/metadata-action@v5 @@ -50,59 +57,14 @@ jobs: env: DOCKER_METADATA_PR_HEAD_SHA: true - build: - runs-on: cluster-runner - needs: metadata - permissions: - contents: read - strategy: - matrix: - include: - - platform: linux/amd64 - goarch: amd64 - - platform: linux/arm64 - goarch: arm64 - - steps: - - uses: actions/checkout@v6 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build and push Docker image uses: docker/build-push-action@v6 with: push: true - platforms: ${{ matrix.platform }} - tags: ${{ needs.metadata.outputs.tags }}-${{ matrix.goarch }} - labels: ${{ needs.metadata.outputs.labels }} - cache-from: type=gha,scope=${{ matrix.goarch }} - cache-to: type=gha,mode=max,scope=${{ matrix.goarch }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max env: DOCKER_BUILD_RECORD_UPLOAD: false - - manifest: - runs-on: cluster-runner - needs: [metadata, build] - permissions: - contents: read - - steps: - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Create and push multi-arch manifest - run: | - TAGS="${{ needs.metadata.outputs.tags }}" - - for tag in $TAGS; do - docker buildx imagetools create -t $tag \ - ${tag}-amd64 \ - ${tag}-arm64 - done From 05766f7347f966e40ae79092d68cc4eb5fb2db0e Mon Sep 17 00:00:00 2001 From: Lorenzo Manacorda Date: Thu, 4 Dec 2025 17:08:22 +0100 Subject: [PATCH 5/6] wip --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 26d78d8..56dfd25 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN mkdir /out RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod/ \ GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 go build -o /out/service ./cmd -FROM alpine +FROM --platform=$TARGETPLATFORM alpine RUN apk add --no-cache ca-certificates From 72f2d13833b8eefa1f13535fcc7261d0c72e7a7d Mon Sep 17 00:00:00 2001 From: Lorenzo Manacorda Date: Thu, 4 Dec 2025 19:07:26 +0100 Subject: [PATCH 6/6] ci: use github runners --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 7a6e9d1..8524429 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -17,7 +17,7 @@ concurrency: jobs: docker: - runs-on: cluster-runner + runs-on: ubuntu-latest permissions: contents: read