Skip to content

👷(docker) add arm64 platform support for image builds#1901

Merged
AntoLC merged 1 commit into
suitenumerique:mainfrom
StephanMeijer:feature/docker-arm64
Feb 20, 2026
Merged

👷(docker) add arm64 platform support for image builds#1901
AntoLC merged 1 commit into
suitenumerique:mainfrom
StephanMeijer:feature/docker-arm64

Conversation

@StephanMeijer
Copy link
Copy Markdown
Collaborator

@StephanMeijer StephanMeijer commented Feb 19, 2026

Purpose / Proposal

Adding support for linux/arm64 when building Docker images.

This is important because:

  1. It enables to run La Suite on devices like the Raspberry Pi and Mac Mini. It will also make it easier for developers to contribute, as many are using Apple MacBooks with arm64 chips.
  2. More and more providers (such as Hetzner) for infrastructure are offering arm64 support.
  3. Sustainability is a point of interest (and sometimes condition) for organizations, commercially but specifically also governments, when they are buying infrastructure.

External contributions

  • I have read and followed the contributing guidelines
  • I have read and agreed to the Code of Conduct
  • I have signed off my commits with git commit --signoff (DCO compliance)
  • I have signed my commits with my SSH or GPG key (git commit -S)
  • My commit messages follow the required format: <gitmoji>(type) title description
  • I have added a changelog entry under ## [Unreleased] section (if noticeable change)
  • I have added corresponding tests for new features or bug fixes (if applicable)

Testing happens when GitHub Workflows are being executed.

@StephanMeijer
👷(docker) add arm64 platform support for image builds
d0b7565 
Signed-off-by: Stephan Meijer <me@stephanmeijer.com>
This was referenced Feb 19, 2026
Closed
Open
@StephanMeijer
Copy link
Copy Markdown
Collaborator Author

StephanMeijer commented Feb 19, 2026

This PR relates to other PR's, namely:

This was referenced Feb 19, 2026
Open
Merged
Open
Merged
Merged
Open
Closed
Merged
Open
@StephanMeijer
Copy link
Copy Markdown
Collaborator Author

StephanMeijer commented Feb 19, 2026
edited
Loading

Some executions of CI steps could show an error.

The actions docker/setup-qemu-action@v3 and docker/setup-buildx-action@v3 are not allowed in suitenumerique/people because all actions must be from a repository owned by suitenumerique, created by GitHub, or match one of the patterns: actions/cache@v4, actions/checkout@v4, actions/deploy-pages@*, actions/setup-node@v4, actions/setup-python@v3, actions/setup-python@v5, actions/setup-python@v6, actions/upload-artifact@v4, aquasecurity/setup-trivy@v0.2.2, aquasecurity/trivy-action@0.29.0, astral-sh/setup-uv@v6, azure/setup-helm@v4, crowdin/github-action@v2, docker/build-push-action@v6, docker/login-action@v3, docker/metadata-action@v5, jsdaniell/create-json@v1.2.3, numerique-gouv/action-argocd-webhook-notification@main, numerique-gouv/action-trivy-cache@main, numerique-gouv/helm-gh-pages@add-overwrite-option, peter-evans/create-pull-request@v7.

The allowed actions list is configured in the organization's GitHub Settings. As I am an external contributor, I do not have access to modify these. I request the reviewer of this pull request to contact one of the people in this list: https://github.com/orgs/suitenumerique/people

This pull request introduces QEMU (for emulation) and buildx (for cross-platform docker builds). These are needed because GitHub Actions runners are linux/amd64. To build Docker images for linux/arm64 on an amd64 runner:

  1. QEMU (docker/setup-qemu-action) provides CPU emulation so the runner can execute arm64 instructions
  2. Buildx (docker/setup-buildx-action) extends Docker with multi-platform build support, using QEMU under the hood

Without these, the platforms: linux/amd64,linux/arm64 parameter on docker/build-push-action would fail. Therefore docker/setup-qemu-action@v3 and docker/setup-buildx-action@v3 should be whitelisted on organizational level before merging this pull request.

You can read more about it on github.com/docker/build-push-action.

@StephanMeijer StephanMeijer mentioned this pull request Feb 19, 2026
Merged
6 tasks
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Feb 19, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedeslint-config-next@​15.5.9991006598100
Addednext@​15.5.96882919770
Addedconvert-stream@​1.0.2691007575100
Addedjest@​30.2.01001006991100
Addedworkbox-webpack-plugin@​7.1.01001007386100
Addedlodash@​4.17.23761008688100
Addedcrisp-sdk-web@​1.0.271001007990100
Addedvitest@​4.0.17961007998100
Addedclsx@​2.1.11001009480100
Addedexpress-ws@​5.0.210010010080100
Addedpngjs@​7.0.010010010080100
Addedi18next-parser@​9.3.09910010081100
Addednodemon@​3.1.119710010081100
Addedcross-env@​10.1.010010010082100
Addedemoji-mart@​5.6.09910010082100
Addedstylelint-prettier@​5.0.310010010082100
Addedts-node@​10.9.29710010082100
Addedvitest-mock-extended@​3.1.010010010082100
Addedeslint-plugin-react@​7.37.59910010083100
Addedcanvg@​4.0.3971009583100
Addedtsc-alias@​1.8.169910010084100
Addeduuid@​13.0.010010010084100
Addedeslint-plugin-import@​2.32.09810010084100
Addedeslint-plugin-jsx-a11y@​6.10.29910010084100
Addedreact@​19.2.31001008497100
Addeduse-debounce@​10.1.09910010084100
Addedfetch-mock@​9.11.0921009484100
Addednode-fetch@​2.7.09910010085100
Addedluxon@​3.7.2961009085100
Addedreact-select@​5.10.29510010086100
Addedreact-intersection-observer@​10.0.210010010086100
Addedcopy-webpack-plugin@​13.0.19910010086100
Addedyargs@​18.0.09910010087100
See 31 more rows in the dashboard

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Feb 19, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm entities is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: ?npm/@blocknote/server-util@0.46.2npm/i18next-parser@9.3.0npm/entities@6.0.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@AntoLC AntoLC self-requested a review February 20, 2026 13:42
@AntoLC AntoLC merged commit d0b7565 into suitenumerique:main Feb 20, 2026
37 of 40 checks passed
@AntoLC AntoLC mentioned this pull request Mar 2, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AntoLC AntoLC AntoLC approved these changes

Assignees

No one assigned

Labels

CI docker

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@StephanMeijer @AntoLC