feat: add ARM64 support for multi-arch Docker builds#1
Merged
Conversation
Add QEMU emulation and multi-platform support to both CI workflows: - test.yml: add platform matrix dimension (amd64 + arm64) for full cross-arch testing - publish.yml: build and push multi-arch manifests (linux/amd64,linux/arm64)
There was a problem hiding this comment.
Pull request overview
Adds ARM64 support to the project’s Docker-based CI by enabling QEMU emulation and multi-platform Buildx builds, so tests run against both amd64 and arm64 and published images become multi-arch manifests.
Changes:
- Expand the test workflow matrix to run PostgreSQL extension tests across
linux/amd64andlinux/arm64. - Add QEMU setup to both workflows and pass target platforms into Buildx builds.
- Publish multi-arch images (
linux/amd64,linux/arm64) to GHCR.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/workflows/test.yml |
Adds a platform axis to the matrix, sets up QEMU, and builds/runs images per target architecture. |
.github/workflows/publish.yml |
Sets up QEMU and publishes multi-arch images by building for both amd64 and arm64. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Replace QEMU-based ARM testing with GitHub's native ubuntu-24.04-arm runners for significantly faster builds. Each runner builds natively for its own architecture, eliminating emulation overhead.
The type=ref,event=tag metadata generates the same tag (e.g. v1.0.0) for all matrix entries. Restrict it to the latest entry only, matching how the 'latest' tag is already handled.
Split publish into build + merge jobs: - build: matrix of PG version × runner (ubuntu-latest, ubuntu-24.04-arm), each pushes a single-platform image by digest - merge: downloads digests per PG version and creates multi-arch manifests Eliminates QEMU emulation overhead for ARM builds.
Dockerfile: - Remove redundant apt-get install of already-installed build tools - Add --depth 1 to pgvector git clone - Purge lsb-release and gnupg in cleanup step Workflows (shared): - Add versions.json as single source of truth for version matrix - Both workflows read from versions.json via load-versions job - Add fail-fast: false to all matrix strategies - Add timeout-minutes to all jobs - Add GHA build cache with per-version per-runner scoping test.yml: - Replace sleep 15 with pg_isready health check polling - Add PostGIS functional test (ST_Point) - Add version assertions (verify installed matches requested) - Simplify container cleanup to docker rm -f publish.yml: - Add explicit platform field mapped from runner - Add name= to push-by-digest output for unambiguous registry reference - Add imagetools inspect verification after manifest creation
Matrix correctness:
- Fix broken include for runner-to-platform mapping by pre-building
the full matrix in load-versions job using jq
- Iterate versions.json entries directly instead of cross-product of
unique arrays (prevents invalid combos if versions diverge)
Dockerfile:
- Collapse 4 RUN layers into single layer (~150-300MB image savings)
- Preserve ca-certificates at runtime via apt-mark manual
- Add HEALTHCHECK instruction
- Add .dockerignore to reduce build context
Security:
- Add top-level permissions: contents: read to test.yml
- Pass all ${{ }} values through env vars in run blocks
- Add provenance and SBOM attestations to published images
- Remove cache-to from publish (test workflow warms the cache)
…file publish.yml: - Set provenance: false and sbom: false in per-platform build jobs (provenance with push-by-digest produces index digests that break the multi-arch manifest merge) - Remove redundant push: true (already set in outputs) Dockerfile: - Remove redundant apt-mark manual ca-certificates (already manual from explicit install) - Clean up PGDG source list and keyring after build - Remove redundant || exit 1 from HEALTHCHECK
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
linux/amd64andlinux/arm64(8 jobs total)docker pullauto-selects the correct architectureTest plan