[CI] Build multi-arch images on native runners#133
Merged
galt-tr merged 1 commit intoMay 7, 2026
Conversation
Replace QEMU-based multi-arch image build with a matrix that runs on
native amd64 and arm64 GitHub-hosted runners, then composes the
multi-arch manifest with `docker buildx imagetools create`. This
re-enables linux/arm64 publishing (previously disabled) without paying
QEMU's emulation overhead and reliability cost.
The Dockerfile drops its in-container Go builder stage; each runner
cross-compiles the binary natively into dist/${TARGETOS}-${TARGETARCH}/
and the runtime image just copies it in. ca-certificates is retained:
arcade is an outbound HTTPS client across teranode, merkle service,
datahub, and webhook delivery, and TLS handshakes need the system CA
bundle.
A `make docker-build` target preserves a one-shot local build flow
that mirrors the CI layout.
Signed-off-by: Jason Benedicic <48251655+jabenedicic@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
github-actions
Bot
added
fork-pr
👋 Thanks, @jabenedicic!This pull request comes from a fork. For security, our CI runs in a restricted mode.
Thanks for contributing to bsv-blockchain/arcade! 🚀 |
galt-tr
approved these changes
May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What Changed
ubuntu-24.04(amd64) andubuntu-24.04-arm(arm64) runners.merge-manifestjob that composes the per-arch digests into the final multi-arch manifest tagged:<sha>and:<latest|git-tag>viadocker buildx imagetools create. Published tag scheme is unchanged sodeploy/*.yamlconsumers are unaffected.linux/arm64publishing — both architectures now ship.Dockerfileto a runtime-only image. The in-container Go builder stage is gone; each runner cross-compiles the binary natively intodist/${TARGETOS}-${TARGETARCH}/arcadeand the Dockerfile just copies it in.ca-certificatesis retained because arcade is an outbound HTTPS client (teranode, merkle, datahub, webhook delivery) and TLS handshakes need the system CA bundle.make docker-buildtarget that mirrors the CI layout for one-shot local image builds, taggingarcade:local..dockerignoreto allowdist/linux-amd64/anddist/linux-arm64/through (replacing the stale!dist/linux/carve-out left over from a goreleaser path that's no longer used —.goreleaser.ymlhasskip: true).docker/setup-qemu-action— no longer needed.tech-conventions/github-workflows.md.Why It Was Necessary
linux/arm64was previously disabled because building the Go binary inside the container under QEMU emulation was slow and unreliable. Running each architecture on a native GitHub-hosted runner removes QEMU from the picture entirely:apk add ca-certificateson real siliconubuntu-24.04-armrunners are GA for public repositories and free, which makes this approach a clean fit for arcade specifically.The gating chain (
gofortress-gate→get_tag→ build → publish) is preserved exactly as it was, so the F-041 / arcade#99 publishing-gate guarantees still apply.Testing Performed
get_tagdeployment-tag logic preserved; PR builds still verify (push: false) per arch with no login and no digest export; non-PR builds push by digest only and the merge job composes the final manifest.push by digestper arch, thenimagetools create) is the Docker-recommended idiom for cross-runner multi-arch builds.make docker-buildexercised end-to-end on Apple Silicon (linux/arm64): cross-compiles intodist/linux-arm64/arcade, builds and tagsarcade:local.Impact / Risk
ghcr.io/bsv-blockchain/arcade:<sha>and:<latest|git-tag>. Thedeploy/*.yamlmanifests pull:latestand continue to work unchanged.disabled, now it's a parallel native job.docker build .in a clean checkout no longer works because the Dockerfile expects a pre-built binary in the dist tree.make docker-buildis the new one-shot. Documented inline in the Dockerfile header comment.ubuntu-24.04-armfree-tier runners have separate concurrency limits from amd64. Under heavy CI load arm64 could backlog. Falling back to QEMU is a one-file change if this becomes an issue in practice.