Skip to content

Add ARM64 Docker Build Support to DataEngine CI Pipeline #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mm-kgi merged 9 commits into from
Jun 22, 2026
Merged

Add ARM64 Docker Build Support to DataEngine CI Pipeline #135

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
a75a6be
Enhance Docker workflow to support ARM64 multi-arch builds and add Tr…
mm-kgi Jun 10, 2026
a02ff86
Update QEMU setup action to use specific version for ARM64 cross-comp…
mm-kgi Jun 10, 2026
06913ad
Enhance Docker workflow to include ARM64 builds for main, develop, an…
mm-kgi Jun 11, 2026
1aeddb0
Merge branch 'develop' into 1042-arm64-docker-image
mm-hsh Jun 12, 2026
70de2f2
Update .github/workflows/docker-publish.yml
mm-kgi Jun 18, 2026
ef7441a
Update .github/workflows/docker-publish.yml
mm-kgi Jun 18, 2026
ec147e1
Update .github/workflows/docker-publish.yml
mm-kgi Jun 18, 2026
949fc66
Update .github/workflows/docker-publish.yml
mm-kgi Jun 18, 2026
c3ce6d2
Merge branch 'develop' into 1042-arm64-docker-image
mm-kgi Jun 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 44 additions & 1 deletion .github/workflows/docker-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,14 @@ name: Docker

on:
workflow_dispatch:
inputs:
build_arm64:
description: 'Build and publish ARM64 image (multi-arch manifest)'
type: boolean
default: false
push:
branches:
- 'main'
- 'develop'
- 'release/**'
- 'hotfix/**'
Expand Down Expand Up @@ -44,12 +50,33 @@ jobs:
- name: Checkout repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

# Set up QEMU for ARM64 cross-compilation on AMD64 runners
- name: Set up QEMU
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0

# ARM64 is included for main, develop, hotfix, release branches, version tags, and manual trigger.
# Pull requests (e.g. feature → develop) build AMD64 only; ARM64 is built on merge (push event).
- name: Determine build platforms
id: platforms
run: |
PLATFORMS="linux/amd64"
if [[ "${{ github.ref }}" == refs/heads/main ]] || \
[[ "${{ github.ref }}" == refs/heads/develop ]] || \
[[ "${{ github.ref }}" == refs/heads/hotfix/* ]] || \
[[ "${{ github.ref }}" == refs/heads/release/* ]] || \
[[ "${{ github.ref }}" == refs/tags/v* ]] || \
Comment thread
mm-psy marked this conversation as resolved.
[[ "${{ inputs.build_arm64 }}" == "true" ]]; then
PLATFORMS="linux/amd64,linux/arm64"
fi
echo "platforms=$PLATFORMS" >> $GITHUB_OUTPUT
echo "include_arm64=$([ "$PLATFORMS" = "linux/amd64,linux/arm64" ] && echo 'true' || echo 'false')" >> $GITHUB_OUTPUT

# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
Expand Down Expand Up @@ -89,6 +116,7 @@ jobs:
provenance: mode=max
context: ${{ env.BUILD_CONTEXT }}
file: ${{ env.DOCKERFILE_PATH }}
platforms: ${{ steps.platforms.outputs.platforms }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
Expand Down Expand Up @@ -119,13 +147,28 @@ jobs:
- name: Run Trivy in GitHub SBOM mode to generate CycloneDX SBOM for container
if: ${{ github.event_name != 'pull_request' }}
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0
env:
TRIVY_PLATFORM: linux/amd64
with:
scan-type: 'image'
format: 'cyclonedx'
output: 'sbom-output/sbom_container.cyclonedx.json'
output: 'sbom-output/sbom_container_amd64.cyclonedx.json'
image-ref: ${{ steps.highest-priority-tag.outputs.value }}
skip-dirs: '/App' # Skip the /app directory as we handle the content of the application in a separate SBOM for easier vulnerability management and because trivy misses important fields

# Scan ARM64 image separately when a multi-arch build was produced
- name: Run Trivy scan for ARM64 image
if: ${{ github.event_name != 'pull_request' && steps.platforms.outputs.include_arm64 == 'true' }}
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0
env:
TRIVY_PLATFORM: linux/arm64
with:
scan-type: 'image'
format: 'cyclonedx'
output: 'sbom-output/sbom_container_arm64.cyclonedx.json'
image-ref: ${{ steps.highest-priority-tag.outputs.value }}
skip-dirs: '/App'

- name: Upload trivy/container AND application SBOMs as a Github artifact
if: ${{ github.event_name != 'pull_request' }}
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
Expand Down
Loading