From 19da3ac268c439cfecaec39cf36815a5f5134cc6 Mon Sep 17 00:00:00 2001 From: asmo Date: Wed, 28 May 2025 19:36:25 +0200 Subject: [PATCH] adding docker build workflow for arm64 images (#770) * build: added arm64 docker build * build: undo typo * build: remove whitespace * build: test workflow * build: test workflow * build: build arm first * build: build arm first * build: using nix arm64 base image * build: set up qemu * build: seccomp set to unconfined * build: create nix config * build: split arm workflow * build: reset on release * build: testing --extra-platforms flag * build: testing --extra-platforms flag * build: testing --extra-platforms flag * build: reset on release --- .github/workflows/docker-publish-arm.yml | 61 ++++++++++++++++++++++++ Dockerfile.arm | 43 +++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 .github/workflows/docker-publish-arm.yml create mode 100644 Dockerfile.arm diff --git a/.github/workflows/docker-publish-arm.yml b/.github/workflows/docker-publish-arm.yml new file mode 100644 index 00000000..03c8be83 --- /dev/null +++ b/.github/workflows/docker-publish-arm.yml @@ -0,0 +1,61 @@ +name: Publish Docker Image ARM + +on: + release: + types: [published] + workflow_dispatch: + inputs: + tag: + description: 'Tag to build and publish' + required: true + default: 'latest' + +env: + REGISTRY: docker.io + IMAGE_NAME: thesimplekid/cdk-mintd + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=latest,enable=${{ github.event_name == 'release' }} + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=ref,event=branch + type=ref,event=pr + type=sha + ${{ github.event.inputs.tag != '' && github.event.inputs.tag || '' }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + platforms: linux/arm64 + file: ./Dockerfile.arm + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/Dockerfile.arm b/Dockerfile.arm new file mode 100644 index 00000000..cdb19fd5 --- /dev/null +++ b/Dockerfile.arm @@ -0,0 +1,43 @@ +# Use the official NixOS image as the base image +FROM nixos/nix:latest AS builder + +# Set the working directory +WORKDIR /usr/src/app + +# Copy workspace files and crates directory into the container +COPY flake.nix ./flake.nix +COPY Cargo.toml ./Cargo.toml +COPY crates ./crates + +# Create a nix config file to disable syscall filtering +RUN echo 'filter-syscalls = false' > /etc/nix/nix.conf + +# Start the Nix daemon and develop the environment +RUN nix develop --extra-platforms aarch64-linux --extra-experimental-features nix-command --extra-experimental-features flakes --command cargo build --release --bin cdk-mintd --features redis + +# Create a runtime stage +FROM debian:bookworm-slim + +# Set the working directory +WORKDIR /usr/src/app + +# Install needed runtime dependencies (if any) +RUN apt-get update && \ + apt-get install -y --no-install-recommends patchelf && \ + rm -rf /var/lib/apt/lists/* + +# Copy the built application from the build stage +COPY --from=builder /usr/src/app/target/release/cdk-mintd /usr/local/bin/cdk-mintd + +# Detect the architecture and set the interpreter accordingly +RUN ARCH=$(uname -m) && \ + if [ "$ARCH" = "aarch64" ]; then \ + patchelf --set-interpreter /lib/ld-linux-aarch64.so.1 /usr/local/bin/cdk-mintd; \ + elif [ "$ARCH" = "x86_64" ]; then \ + patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 /usr/local/bin/cdk-mintd; \ + else \ + echo "Unsupported architecture: $ARCH"; exit 1; \ + fi + +# Set the entry point for the container +CMD ["cdk-mintd"]