👷(docker) add arm64 platform support for image builds#554
Merged
Conversation
Signed-off-by: Stephan Meijer <me@stephanmeijer.com>
📝 WalkthroughWalkthroughThis change extends Docker image builds to support the ARM64 architecture alongside the existing AMD64 platform. The CI workflow is updated to configure QEMU and Docker Buildx, enabling multi-platform image construction. A corresponding changelog entry documents this new capability. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This was referenced Feb 19, 2026
Contributor
Author
This was referenced Feb 19, 2026
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (2)
.github/workflows/docker-publish.yml (2)
62-62: Expect significantly longer build times from QEMU-emulated ARM64.With
ubuntu-latest(AMD64), thelinux/arm64platform is built entirely under QEMU emulation, which typically runs 3–10× slower than native. For large or complex images this can substantially increase CI wall-clock time.Two mitigations to consider:
- GitHub Actions cache — add
cache-from/cache-toto the build-push step to avoid re-building unchanged layers:📦 Optional: add layer cache
- name: Build and push Docker image id: push uses: docker/build-push-action@v6 with: context: ${{ inputs.context }} target: ${{ inputs.target }} platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max
- Native ARM64 runner — if build time becomes unacceptable, a matrix strategy with
runs-on: [ubuntu-24.04-arm](GitHub-hosted ARM64 runner) can build each platform natively and merge manifests withdocker buildx imagetools create.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/docker-publish.yml at line 62, The workflow currently builds linux/arm64 under QEMU (platforms: linux/amd64,linux/arm64) which slows CI; update the build-push step to add Buildx layer cache (use cache-from and cache-to with the same registry/cache key) so unchanged layers are reused, and/or switch to a matrix that builds ARM64 natively by adding a job variant with runs-on: ubuntu-24.04-arm and then merge multi-arch manifests using docker buildx imagetools create; modify the job that references the platforms list and the build-push invocation to include these cache options or the matrix/manifest merge as appropriate.
37-40: LGTM — correct placement and standard approach for multi-platform builds.QEMU and Buildx are set up before login and the build step, which is the required order. Using
setup-qemu-action@v3+setup-buildx-action@v3is the canonical way to enable multi-architecture builds on GitHub Actions.Optionally, you can scope QEMU to only the platform(s) that actually need emulation (
linux/amd64is native on the runner):🔧 Optional: restrict QEMU to arm64 only
- - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: arm64🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/docker-publish.yml around lines 37 - 40, The workflow currently enables multi-arch via docker/setup-qemu-action@v3 and docker/setup-buildx-action@v3 which is correct; optionally narrow QEMU emulation to only the non-native platform(s) (e.g., arm64) by configuring the docker/setup-qemu-action invocation to target specific platforms instead of all platforms — update the setup step that references docker/setup-qemu-action@v3 to include a platforms option (targeting linux/arm64) so QEMU runs only where needed while leaving docker/setup-buildx-action@v3 unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/docker-publish.yml:
- Line 62: The workflow currently builds linux/arm64 under QEMU (platforms:
linux/amd64,linux/arm64) which slows CI; update the build-push step to add
Buildx layer cache (use cache-from and cache-to with the same registry/cache
key) so unchanged layers are reused, and/or switch to a matrix that builds ARM64
natively by adding a job variant with runs-on: ubuntu-24.04-arm and then merge
multi-arch manifests using docker buildx imagetools create; modify the job that
references the platforms list and the build-push invocation to include these
cache options or the matrix/manifest merge as appropriate.
- Around line 37-40: The workflow currently enables multi-arch via
docker/setup-qemu-action@v3 and docker/setup-buildx-action@v3 which is correct;
optionally narrow QEMU emulation to only the non-native platform(s) (e.g.,
arm64) by configuring the docker/setup-qemu-action invocation to target specific
platforms instead of all platforms — update the setup step that references
docker/setup-qemu-action@v3 to include a platforms option (targeting
linux/arm64) so QEMU runs only where needed while leaving
docker/setup-buildx-action@v3 unchanged.
Contributor
Author
|
Some executions of CI steps could show an error.
The allowed actions list is configured in the organization's GitHub Settings. As I am an external contributor, I do not have access to modify these. I request the reviewer of this pull request to contact one of the people in this list: https://github.com/orgs/suitenumerique/people This pull request introduces QEMU (for emulation) and buildx (for cross-platform docker builds). These are needed because GitHub Actions runners are
Without these, the You can read more about it on github.com/docker/build-push-action. |
Member
|
thanks! |
6 tasks
jbpenrath
added a commit
that referenced
this pull request
Feb 24, 2026
Added - Add configurable help center button in header #537 - Add outbound message recipients throttling #506 - Add webhook and logging for selfchecks, replacing pushgateway #550 - Add mailbox export in mbox format with labels #553 - Add PST import support and streaming for mbox #544 - Add denylist for personal mailbox prefixes #540 - Add multi-column layout block for signature editor #551 - Add celery task events for worker monitoring #549 - Add image block in template, signature and message composers - Add storage usage metrics API endpoint #538 - Add conditional outbox folder - Add stronger DNS checks with configurable records #522 - Add print button in messages context menu #518 - Add autofocus option to message, template and signature composers - Add arm64 platform support for Docker image builds #554 Changed - Replace queue-based save/send orchestration with async promise ref - Use display_name for labels and auto-unfold active parents #547 - Optimize MessageTemplate serialization and body handling #545 - Defer HTML/text body export to send/save time - Add composer tools (text color, side menu and drag block handle) - Improve outbox wording #539 - Replace nginx with Caddy for frontend reverse proxy and Scalingo deployment #556 - Replace MinIO with RustFS for object storage in development #556 - Migrate Python packaging from Poetry to uv #556 - Standardize and rename Makefile targets #556 - Remove Django i18n and backend translation catalogs #556 Fixed - Delete orphan attachments when removed from draft #532 - Fix cursor position when clicking in combobox input #534 - Close left panel when clicking active folder on mobile - Close thread after send only if needed Security - Prevent IDOR on ThreadAccess thread and mailbox fields #557 - Add defense in-depth for XSS vulnerabilities #520
jbpenrath
added a commit
that referenced
this pull request
Feb 24, 2026
Added - Add configurable help center button in header #537 - Add outbound message recipients throttling #506 - Add webhook and logging for selfchecks, replacing pushgateway #550 - Add mailbox export in mbox format with labels #553 - Add PST import support and streaming for mbox #544 - Add denylist for personal mailbox prefixes #540 - Add multi-column layout block for signature editor #551 - Add celery task events for worker monitoring #549 - Add image block in template, signature and message composers - Add storage usage metrics API endpoint #538 - Add conditional outbox folder - Add stronger DNS checks with configurable records #522 - Add print button in messages context menu #518 - Add autofocus option to message, template and signature composers - Add arm64 platform support for Docker image builds #554 Changed - Replace queue-based save/send orchestration with async promise ref - Use display_name for labels and auto-unfold active parents #547 - Optimize MessageTemplate serialization and body handling #545 - Defer HTML/text body export to send/save time - Add composer tools (text color, side menu and drag block handle) - Improve outbox wording #539 - Replace nginx with Caddy for frontend reverse proxy and Scalingo deployment #556 - Replace MinIO with RustFS for object storage in development #556 - Migrate Python packaging from Poetry to uv #556 - Standardize and rename Makefile targets #556 - Remove Django i18n and backend translation catalogs #556 Fixed - Delete orphan attachments when removed from draft #532 - Fix cursor position when clicking in combobox input #534 - Close left panel when clicking active folder on mobile - Close thread after send only if needed Security - Prevent IDOR on ThreadAccess thread and mailbox fields #557 - Add defense in-depth for XSS vulnerabilities #520
jbpenrath
added a commit
that referenced
this pull request
Feb 24, 2026
Added - Add configurable help center button in header #537 - Add outbound message recipients throttling #506 - Add webhook and logging for selfchecks, replacing pushgateway #550 - Add mailbox export in mbox format with labels #553 - Add PST import support and streaming for mbox #544 - Add denylist for personal mailbox prefixes #540 - Add multi-column layout block for signature editor #551 - Add celery task events for worker monitoring #549 - Add image block in template, signature and message composers - Add storage usage metrics API endpoint #538 - Add conditional outbox folder - Add stronger DNS checks with configurable records #522 - Add print button in messages context menu #518 - Add autofocus option to message, template and signature composers - Add arm64 platform support for Docker image builds #554 Changed - Replace queue-based save/send orchestration with async promise ref - Use display_name for labels and auto-unfold active parents #547 - Optimize MessageTemplate serialization and body handling #545 - Defer HTML/text body export to send/save time - Add composer tools (text color, side menu and drag block handle) - Improve outbox wording #539 - Replace nginx with Caddy for frontend reverse proxy and Scalingo deployment #556 - Replace MinIO with RustFS for object storage in development #556 - Migrate Python packaging from Poetry to uv #556 - Standardize and rename Makefile targets #556 - Remove Django i18n and backend translation catalogs #556 Fixed - Delete orphan attachments when removed from draft #532 - Fix cursor position when clicking in combobox input #534 - Close left panel when clicking active folder on mobile - Close thread after send only if needed Security - Prevent IDOR on ThreadAccess thread and mailbox fields #557 - Add defense in-depth for XSS vulnerabilities #520
jbpenrath
added a commit
that referenced
this pull request
Feb 24, 2026
Added - Add configurable help center button in header #537 - Add outbound message recipients throttling #506 - Add webhook and logging for selfchecks, replacing pushgateway #550 - Add mailbox export in mbox format with labels #553 - Add PST import support and streaming for mbox #544 - Add denylist for personal mailbox prefixes #540 - Add multi-column layout block for signature editor #551 - Add celery task events for worker monitoring #549 - Add image block in template, signature and message composers - Add storage usage metrics API endpoint #538 - Add conditional outbox folder - Add stronger DNS checks with configurable records #522 - Add print button in messages context menu #518 - Add autofocus option to message, template and signature composers - Add arm64 platform support for Docker image builds #554 Changed - Replace queue-based save/send orchestration with async promise ref - Use display_name for labels and auto-unfold active parents #547 - Optimize MessageTemplate serialization and body handling #545 - Defer HTML/text body export to send/save time - Add composer tools (text color, side menu and drag block handle) - Improve outbox wording #539 - Replace nginx with Caddy for frontend reverse proxy and Scalingo deployment #556 - Replace MinIO with RustFS for object storage in development #556 - Migrate Python packaging from Poetry to uv #556 - Standardize and rename Makefile targets #556 - Remove Django i18n and backend translation catalogs #556 Fixed - Delete orphan attachments when removed from draft #532 - Fix cursor position when clicking in combobox input #534 - Close left panel when clicking active folder on mobile - Close thread after send only if needed Security - Prevent IDOR on ThreadAccess thread and mailbox fields #557 - Add defense in-depth for XSS vulnerabilities #520
jbpenrath
added a commit
that referenced
this pull request
Feb 24, 2026
Added - Add configurable help center button in header #537 - Add outbound message recipients throttling #506 - Add webhook and logging for selfchecks, replacing pushgateway #550 - Add mailbox export in mbox format with labels #553 - Add PST import support and streaming for mbox #544 - Add denylist for personal mailbox prefixes #540 - Add multi-column layout block for signature editor #551 - Add celery task events for worker monitoring #549 - Add image block in template, signature and message composers - Add storage usage metrics API endpoint #538 - Add conditional outbox folder - Add stronger DNS checks with configurable records #522 - Add print button in messages context menu #518 - Add autofocus option to message, template and signature composers - Add arm64 platform support for Docker image builds #554 Changed - Replace queue-based save/send orchestration with async promise ref - Use display_name for labels and auto-unfold active parents #547 - Optimize MessageTemplate serialization and body handling #545 - Defer HTML/text body export to send/save time - Add composer tools (text color, side menu and drag block handle) - Improve outbox wording #539 - Replace nginx with Caddy for frontend reverse proxy and Scalingo deployment #556 - Replace MinIO with RustFS for object storage in development #556 - Migrate Python packaging from Poetry to uv #556 - Standardize and rename Makefile targets #556 - Remove Django i18n and backend translation catalogs #556 Fixed - Delete orphan attachments when removed from draft #532 - Fix cursor position when clicking in combobox input #534 - Close left panel when clicking active folder on mobile - Close thread after send only if needed Security - Prevent IDOR on ThreadAccess thread and mailbox fields #557 - Add defense in-depth for XSS vulnerabilities #520
jbpenrath
added a commit
that referenced
this pull request
Feb 24, 2026
Added - Add configurable help center button in header #537 - Add outbound message recipients throttling #506 - Add webhook and logging for selfchecks, replacing pushgateway #550 - Add mailbox export in mbox format with labels #553 - Add PST import support and streaming for mbox #544 - Add denylist for personal mailbox prefixes #540 - Add multi-column layout block for signature editor #551 - Add celery task events for worker monitoring #549 - Add image block in template, signature and message composers - Add storage usage metrics API endpoint #538 - Add conditional outbox folder - Add stronger DNS checks with configurable records #522 - Add print button in messages context menu #518 - Add autofocus option to message, template and signature composers - Add arm64 platform support for Docker image builds #554 Changed - Replace queue-based save/send orchestration with async promise ref - Use display_name for labels and auto-unfold active parents #547 - Optimize MessageTemplate serialization and body handling #545 - Defer HTML/text body export to send/save time - Add composer tools (text color, side menu and drag block handle) - Improve outbox wording #539 - Replace nginx with Caddy for frontend reverse proxy and Scalingo deployment #556 - Replace MinIO with RustFS for object storage in development #556 - Migrate Python packaging from Poetry to uv #556 - Standardize and rename Makefile targets #556 - Remove Django i18n and backend translation catalogs #556 Fixed - Delete orphan attachments when removed from draft #532 - Fix cursor position when clicking in combobox input #534 - Close left panel when clicking active folder on mobile - Close thread after send only if needed Security - Prevent IDOR on ThreadAccess thread and mailbox fields #557 - Add defense in-depth for XSS vulnerabilities #520
jbpenrath
added a commit
that referenced
this pull request
Feb 24, 2026
Added - Add configurable help center button in header #537 - Add outbound message recipients throttling #506 - Add webhook and logging for selfchecks, replacing pushgateway #550 - Add mailbox export in mbox format with labels #553 - Add PST import support and streaming for mbox #544 - Add denylist for personal mailbox prefixes #540 - Add multi-column layout block for signature editor #551 - Add celery task events for worker monitoring #549 - Add image block in template, signature and message composers - Add storage usage metrics API endpoint #538 - Add conditional outbox folder - Add stronger DNS checks with configurable records #522 - Add print button in messages context menu #518 - Add autofocus option to message, template and signature composers - Add arm64 platform support for Docker image builds #554 Changed - Replace queue-based save/send orchestration with async promise ref - Use display_name for labels and auto-unfold active parents #547 - Optimize MessageTemplate serialization and body handling #545 - Defer HTML/text body export to send/save time - Add composer tools (text color, side menu and drag block handle) - Improve outbox wording #539 - Replace nginx with Caddy for frontend reverse proxy and Scalingo deployment #556 - Replace MinIO with RustFS for object storage in development #556 - Migrate Python packaging from Poetry to uv #556 - Standardize and rename Makefile targets #556 - Remove Django i18n and backend translation catalogs #556 Fixed - Delete orphan attachments when removed from draft #532 - Fix cursor position when clicking in combobox input #534 - Close left panel when clicking active folder on mobile - Close thread after send only if needed Security - Prevent IDOR on ThreadAccess thread and mailbox fields #557 - Add defense in-depth for XSS vulnerabilities #520
jbpenrath
added a commit
that referenced
this pull request
Feb 25, 2026
Added - Add configurable help center button in header #537 - Add outbound message recipients throttling #506 - Add webhook and logging for selfchecks, replacing pushgateway #550 - Add mailbox export in mbox format with labels #553 - Add PST import support and streaming for mbox #544 - Add denylist for personal mailbox prefixes #540 - Add multi-column layout block for signature editor #551 - Add celery task events for worker monitoring #549 - Add image block in template, signature and message composers - Add storage usage metrics API endpoint #538 - Add conditional outbox folder - Add stronger DNS checks with configurable records #522 - Add print button in messages context menu #518 - Add autofocus option to message, template and signature composers - Add arm64 platform support for Docker image builds #554 Changed - Replace queue-based save/send orchestration with async promise ref - Use display_name for labels and auto-unfold active parents #547 - Optimize MessageTemplate serialization and body handling #545 - Defer HTML/text body export to send/save time - Add composer tools (text color, side menu and drag block handle) - Improve outbox wording #539 - Replace nginx with Caddy for frontend reverse proxy and Scalingo deployment #556 - Replace MinIO with RustFS for object storage in development #556 - Migrate Python packaging from Poetry to uv #556 - Standardize and rename Makefile targets #556 - Remove Django i18n and backend translation catalogs #556 Fixed - Delete orphan attachments when removed from draft #532 - Fix cursor position when clicking in combobox input #534 - Close left panel when clicking active folder on mobile - Close thread after send only if needed Security - Prevent IDOR on ThreadAccess thread and mailbox fields #557 - Add defense in-depth for XSS vulnerabilities #520
jbpenrath
added a commit
that referenced
this pull request
Feb 25, 2026
Added - Add configurable help center button in header #537 - Add outbound message recipients throttling #506 - Add webhook and logging for selfchecks, replacing pushgateway #550 - Add mailbox export in mbox format with labels #553 - Add PST import support and streaming for mbox #544 - Add denylist for personal mailbox prefixes #540 - Add multi-column layout block for signature editor #551 - Add celery task events for worker monitoring #549 - Add image block in template, signature and message composers - Add storage usage metrics API endpoint #538 - Add conditional outbox folder - Add stronger DNS checks with configurable records #522 - Add print button in messages context menu #518 - Add autofocus option to message, template and signature composers - Add arm64 platform support for Docker image builds #554 Changed - Replace queue-based save/send orchestration with async promise ref - Use display_name for labels and auto-unfold active parents #547 - Optimize MessageTemplate serialization and body handling #545 - Defer HTML/text body export to send/save time - Add composer tools (text color, side menu and drag block handle) - Improve outbox wording #539 - Replace nginx with Caddy for frontend reverse proxy and Scalingo deployment #556 - Replace MinIO with RustFS for object storage in development #556 - Migrate Python packaging from Poetry to uv #556 - Standardize and rename Makefile targets #556 - Remove Django i18n and backend translation catalogs #556 Fixed - Delete orphan attachments when removed from draft #532 - Fix cursor position when clicking in combobox input #534 - Close left panel when clicking active folder on mobile - Close thread after send only if needed Security - Prevent IDOR on ThreadAccess thread and mailbox fields #557 - Add defense in-depth for XSS vulnerabilities #520
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose / Proposal
Adding support for
linux/arm64when building Docker images.This is important because:
External contributions
git commit --signoff(DCO compliance)git commit -S)<gitmoji>(type) title description## [Unreleased]section (if noticeable change)Testing happens when GitHub Workflows are being executed.
Summary by CodeRabbit