Build arm containers with new github actions arm runner (PP-2139) (#2280

) * Try running with new arm based runner * Use ubuntu 24.04 image everywhere
ThePalaceProject · Feb 11, 2025 · b8ba6cc · b8ba6cc
1 parent 8a5f196
commit b8ba6cc
Show file tree

Hide file tree

Showing 10 changed files with 413 additions and 182 deletions.
diff --git a/.github/actions/poetry/action.yml b/.github/actions/poetry/action.yml
@@ -51,7 +51,7 @@ runs:
       id: cache
       with:
         path: ${{ steps.poetry-dir.outputs.home }}
-        key: ${{ runner.os }}-poetry${{ inputs.version }}-install-py${{ steps.python-version.outputs.version }}
+        key: ${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-install-py${{ steps.python-version.outputs.version }}
 
     - run: curl -sSL https://install.python-poetry.org | python - --yes --version ${{ inputs.version }}
       env:
@@ -72,18 +72,18 @@ runs:
       with:
         path: ${{ steps.poetry-info.outputs.cache-dir }}
         key: |
-          ${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-${{ hashFiles('**/poetry.lock') }}
+          ${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-${{ hashFiles('**/poetry.lock') }}
         restore-keys: |
-          ${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-
-          ${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-
+          ${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-
+          ${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-
       if: inputs.cache != 'false' && inputs.cache-restore-only == 'false'
 
     - uses: actions/cache/restore@v4
       with:
         path: ${{ steps.poetry-info.outputs.cache-dir }}
         key: |
-          ${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-${{ hashFiles('**/poetry.lock') }}
+          ${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-${{ hashFiles('**/poetry.lock') }}
         restore-keys: |
-          ${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-
-          ${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-
+          ${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-
+          ${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-
       if: inputs.cache != 'false' && inputs.cache-restore-only != 'false'
diff --git a/.github/workflows/build-base-image.yml b/.github/workflows/build-base-image.yml
@@ -3,6 +3,13 @@ on:
   schedule:
     # Every Monday at 6:22am Eastern Time
     - cron: '22 10 * * 1'
+  push:
+    # Build base image when the Dockerfile or the workflow file changes
+    branches:
+      - main
+    paths:
+      - .github/workflows/build-base-image.yml
+      - docker/Dockerfile.baseimage
   workflow_dispatch:
     # Allow us to manually trigger build
 
@@ -12,18 +19,28 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  docker-build-baseimage:
-    name: Build Base Image
-    # Some issue with the ubuntu-latest image is causing gcc to segfault with building
-    # an emulated arm64 target. Downgrading to 22.04 seems to fix this.
-    # See https://github.com/actions/runner-images/issues/11471
-    # runs-on: ubuntu-latest
-    runs-on: ubuntu-22.04
+  build:
+    name: Build Base Image (${{ matrix.arch.name }})
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - name: "amd64"
+            runner: "ubuntu-24.04"
+          - name: "arm64"
+            runner: "ubuntu-24.04-arm"
+
+    runs-on: ${{ matrix.arch.runner }}
+
     timeout-minutes: 120
     permissions:
       contents: read
       packages: write
 
+    outputs:
+      repo: ${{ steps.ghcr-repo.outputs.baseimage }}
+      meta: ${{ steps.meta.outputs.json }}
+
     steps:
       - uses: actions/checkout@v4
         with:
@@ -33,9 +50,6 @@ jobs:
       - name: Disable network offload
         run: sudo ethtool -K eth0 tx off rx off
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -46,11 +60,19 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Set GHCR repos
+        # Docker doesn't support uppercase letters in repo names, so we need to lowercase the owner
+        id: ghcr-repo
+        run: |
+          baseimage="ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/circ-baseimage"
+          echo "$baseimage"
+          echo "baseimage=$baseimage" >> "$GITHUB_OUTPUT"
+
       - name: Generate tags for image
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ghcr.io/${{ github.repository_owner }}/circ-baseimage
+          images: ${{ steps.ghcr-repo.outputs.baseimage }}
           # Generate tags for the image
           # We use the following tags:
             # - The date in YYYYww format, which is the year and week number. 202052 is the last week of 2020.
@@ -60,13 +82,59 @@ jobs:
             type=raw,value=latest
 
       - name: Build base image
+        id: build
         uses: docker/build-push-action@v6
         with:
           context: .
           file: ./docker/Dockerfile.baseimage
-          tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          push: true
           target: baseimage
           cache-to: type=inline
-          platforms: linux/amd64, linux/arm64
+          outputs: type=image,"name=${{ steps.ghcr-repo.outputs.baseimage }}",push-by-digest=true,name-canonical=true,push=true
+
+      - name: Export digests
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digests
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ matrix.arch.name }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  push:
+    name: Tag & Push Images
+    runs-on: ubuntu-24.04
+    needs: [build]
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create manifest & push images
+        working-directory: ${{ runner.temp }}/digests
+        run: >
+          docker buildx imagetools create
+          $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< '${{ needs.build.outputs.meta }}')
+          $(printf '${{ needs.build.outputs.repo }}@sha256:%s ' *)