|
1 | 1 | # Test QEMU/binfmt versions for arm64 cross-compilation on x86_64 runners. |
2 | 2 | # |
3 | | -# The serverless-init release build uses QEMU (via docker/setup-qemu-action) to |
4 | | -# emulate arm64 during multi-platform Docker builds. The QEMU version provided by |
5 | | -# tonistiigi/binfmt:latest has broken arm64 emulation multiple times, causing |
6 | | -# segfaults during "Processing triggers for libc-bin" in the ubuntu:22.04 |
7 | | -# compresser stage of our Dockerfiles. |
| 3 | +# The serverless-init release build (release-serverless-init.yml) uses QEMU via |
| 4 | +# docker/setup-qemu-action to emulate arm64 during multi-platform Docker builds. |
| 5 | +# The QEMU version provided by tonistiigi/binfmt:latest has broken arm64 emulation |
| 6 | +# multiple times, causing segfaults during "Processing triggers for libc-bin" in |
| 7 | +# the ubuntu:22.04 compresser stage of our Dockerfiles (Dockerfile.build and |
| 8 | +# Dockerfile.alpine.build). Because of this, release-serverless-init.yml pins a |
| 9 | +# specific binfmt image version rather than using :latest. |
8 | 10 | # |
9 | | -# Known broken versions: |
10 | | -# - qemu-v9.2.0: Feb 2025, https://github.com/tonistiigi/binfmt/issues/240 |
11 | | -# - qemu-v8.1.5: also segfaults in simple docker run tests |
12 | | -# - qemu-v8.1.4: also segfaults in simple docker run tests |
13 | | -# - qemu-v10.2.1: Mar 2026, passes simple tests but segfaults under real build |
14 | | -# load (parallel Go compilation + compresser stage under QEMU) |
| 11 | +# History of QEMU breakage in this repo: |
15 | 12 | # |
16 | | -# Known working versions (as of Mar 2026): |
17 | | -# - qemu-v10.1.3: released Feb 17 2026, passes all tests |
18 | | -# - qemu-v10.0.4: passes all tests |
19 | | -# - qemu-v9.2.2: has QEMU-side fix for segfault (actions/runner-images#11662) |
20 | | -# - qemu-v8.0.4: passes all tests |
21 | | -# - qemu-v7.0.0-28: long-standing known-good baseline |
| 13 | +# Feb 2025 — qemu-v9.2.0 caused segfaults in arm64 emulation. |
| 14 | +# - https://github.com/tonistiigi/binfmt/issues/240 |
| 15 | +# - https://github.com/DataDog/datadog-agent/pull/33988 (pin in datadog-agent) |
| 16 | +# - https://github.com/DataDog/datadog-lambda-extension/pull/571 (pin here) |
| 17 | +# - https://github.com/DataDog/datadog-lambda-extension/pull/581 (reverted pin |
| 18 | +# after upstream claimed fix — this left us on :latest for ~12 months) |
22 | 19 | # |
23 | | -# Relevant issues: |
| 20 | +# Mar 2026 — qemu-v10.2.1 (shipped in binfmt:latest on Feb 18 2026) caused the |
| 21 | +# same segfault pattern. The last successful build was Feb 17 2026, one day |
| 22 | +# before the new image was published. This time we pin permanently. |
| 23 | +# |
| 24 | +# Test results (Mar 2026, two runs to check for flakiness): |
| 25 | +# |
| 26 | +# Version | Run 1 | Run 2 | Notes |
| 27 | +# --------------|-------|-------|------ |
| 28 | +# qemu-v10.2.1 | pass | pass | Passes simple tests but FAILS in real build |
| 29 | +# qemu-v10.1.3 | pass | pass | Current pin target |
| 30 | +# qemu-v10.0.4 | pass | pass | |
| 31 | +# qemu-v9.2.2 | pass | pass | Has QEMU-side fix (actions/runner-images#11662) |
| 32 | +# qemu-v9.2.0 | FAIL | FAIL | Consistently broken |
| 33 | +# qemu-v8.1.5 | FAIL | FAIL | Consistently broken |
| 34 | +# qemu-v8.1.4 | FAIL | pass | Flaky |
| 35 | +# qemu-v8.0.4 | pass | pass | |
| 36 | +# qemu-v7.0.0-28| pass | pass | Long-standing known-good baseline |
| 37 | +# |
| 38 | +# Important caveats: |
| 39 | +# - Some versions are non-deterministically broken (v8.1.4 flipped between runs). |
| 40 | +# - v10.2.1 passes all tests here but segfaults in the real build, likely because |
| 41 | +# the real build runs Go compilation and the compresser stage concurrently under |
| 42 | +# QEMU, creating enough load to trigger the flaky segfault. |
| 43 | +# - Therefore: a version passing this sweep is necessary but NOT sufficient. |
| 44 | +# Always verify with an actual release build before merging a pin change. |
| 45 | +# |
| 46 | +# Relevant upstream issues: |
24 | 47 | # - https://github.com/tonistiigi/binfmt/issues/215 |
25 | 48 | # - https://github.com/tonistiigi/binfmt/issues/240 |
26 | 49 | # - https://github.com/tonistiigi/binfmt/issues/245 |
27 | 50 | # - https://github.com/actions/runner-images/issues/11662 |
28 | 51 | # |
29 | | -# The pinned version in release-serverless-init.yml should be updated to the |
30 | | -# newest version that passes here AND succeeds in a real build. Note that this |
31 | | -# test workflow may not catch all failures — the real build's parallel multi-stage |
32 | | -# Dockerfile (Go compilation + compresser running concurrently under QEMU) can |
33 | | -# trigger segfaults that simpler tests miss (as seen with v10.2.1). |
34 | | -# |
35 | | -# Usage: dispatch this workflow from the Actions tab, then check which versions |
36 | | -# pass/fail. Use the newest passing version as the pin in release-serverless-init.yml, |
37 | | -# and verify with an actual release build before merging. |
| 52 | +# Usage: |
| 53 | +# 1. Dispatch this workflow from the Actions tab to sweep all versions. |
| 54 | +# 2. Run it twice to check for flakiness. |
| 55 | +# 3. Pick the newest consistently passing version. |
| 56 | +# 4. Update the pin in release-serverless-init.yml. |
| 57 | +# 5. Do a real serverless-init release build to confirm before merging. |
38 | 58 |
|
39 | 59 | name: Test QEMU versions for arm64 emulation |
40 | 60 |
|
|
77 | 97 | uses: docker/setup-buildx-action@v3 |
78 | 98 |
|
79 | 99 | # Simple docker run tests — catches deterministically broken versions |
80 | | - # (e.g. v9.2.0, v8.1.5, v8.1.4 all fail here). |
| 100 | + # (v9.2.0 and v8.1.5 consistently fail here). |
81 | 101 | - name: "Test: docker run - ubuntu:22.04 apt-get (simple)" |
82 | 102 | run: | |
83 | 103 | docker run --rm --platform linux/arm64 ubuntu:22.04 \ |
|
0 commit comments