ci: parallel arm64/amd64 builds with manifest merge#47
Merged
PenguinzTech merged 7 commits intov2.1.xfrom Apr 22, 2026
Merged
Conversation
…ase workflows Build each platform independently in a matrix job, push by digest (no tag), then assemble the multi-arch manifest in a merge job. Cuts wall-clock build time roughly in half versus sequential QEMU emulation. - push.yml: split into generate-tag → build (matrix) → merge jobs - release.yml: split into build (matrix) → merge jobs - Both workflows: upgrade to upload-artifact@v7, download-artifact@v8 - build.yml: pin previously floating actions/checkout@v4 to commit SHA Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Reviewer's GuideRefactors the push and release GitHub Actions workflows to build amd64 and arm64 Docker images in parallel as per‑platform digest pushes, then assembles a multi‑arch manifest in a dedicated merge job, while upgrading/pinning core GitHub Actions dependencies to specific SHAs. Sequence diagram for parallel multi-arch push workflow with manifest mergesequenceDiagram
actor Developer
participant GitHub_Actions
participant Job_generate_tag
participant Job_build_amd64
participant Job_build_arm64
participant GitHub_Artifacts
participant GHCR
participant Job_merge
Developer->>GitHub_Actions: Push to branch v2.1.x
GitHub_Actions->>Job_generate_tag: Start generate-tag job
Job_generate_tag->>Job_generate_tag: Compute tag from ref
Job_generate_tag-->>GitHub_Actions: Output tag
GitHub_Actions->>Job_build_amd64: Start build job (linux/amd64)
GitHub_Actions->>Job_build_arm64: Start build job (linux/arm64)
par Parallel_platform_builds
Job_build_amd64->>GHCR: Push image by digest only
Job_build_amd64->>GitHub_Artifacts: Upload digest artifact (digest-linux-amd64)
Job_build_arm64->>GHCR: Push image by digest only
Job_build_arm64->>GitHub_Artifacts: Upload digest artifact (digest-linux-arm64)
end
GitHub_Actions->>Job_merge: Start merge job after generate-tag and build
Job_merge->>GitHub_Artifacts: Download all digest-* artifacts
Job_merge->>Job_merge: Set up buildx and login
Job_merge->>GHCR: docker buildx imagetools create
Note over Job_merge,GHCR: Create multi-arch manifest tagged IMAGE:tag
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The matrix build for linux/arm64 relies on cross-building but only sets up Buildx; consider adding docker/setup-qemu-action to ensure arm64 emulation is available and avoid architecture-specific build failures on GitHub-hosted runners.
- There is substantial duplication between push.yml and release.yml for the matrix, digest artifact, and merge logic; consider extracting this into a reusable workflow or composite action to keep the logic DRY and easier to maintain.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The matrix build for linux/arm64 relies on cross-building but only sets up Buildx; consider adding docker/setup-qemu-action to ensure arm64 emulation is available and avoid architecture-specific build failures on GitHub-hosted runners.
- There is substantial duplication between push.yml and release.yml for the matrix, digest artifact, and merge logic; consider extracting this into a reusable workflow or composite action to keep the logic DRY and easier to maintain.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
…ackage penguin-libs/packages/python-limiter no longer exists, causing pip install to fail on every CI run. Switch to the published flask-limiter>=4.1.1 and update app.py to use its API (Limiter + get_remote_address, storage_uri). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…d pattern to server-release and cron workflows python-ldap requires libldap2-dev/libsasl2-dev on the runner host to build its C extension. Add apt-get install step to build.yml and server-release.yml before pip install. Also stages hook-applied parallel build pattern updates to server-release.yml and cron.yml (same digest-based matrix + merge approach as push/release). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
debian:bookworm-slim and python:3.13-slim-bookworm digests in dns-server/Dockerfile, Dockerfile.dns-server, and Dockerfile.api were pointing to a deleted manifest. Updated to current digests. Also stages hook-applied parallel build updates to go-client-release.yml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
debian:bookworm-slim does not include python3.13 in its default apt repos. Using the official python:3.13-slim-bookworm image removes the need to manually install Python and pip, consolidates the two apt layers into one, and pins to a verified digest. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…-slim-bookworm debian:bookworm-slim does not carry python3.13 in its default apt repos; the python:3.13-slim-bookworm image ships Python 3.13, pip, and venv pre-installed. Consolidates the two RUN apt layers into one and removes the manual pip bootstrap. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
actions/checkout v4 → v5, actions/setup-python v5 → v6, codecov/codecov-action v4 → v6. Node.js 20 actions are deprecated and will be forced to Node.js 24 on June 2nd, 2026. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
push.ymlandrelease.ymlDocker builds into a matrix job (amd64 + arm64 run in parallel), followed by amergejob that assembles the multi-arch manifest viadocker buildx imagetools createactions/upload-artifact→ v7 andactions/download-artifact→ v8 (both pinned to verified commit SHAs)actions/checkout@v4to commit SHA inbuild.ymlTest plan
push.ymltriggers on push tov2.1.xand all three jobs (generate-tag,build×2,merge) passdocker buildx imagetools inspect ghcr.io/penguintechinc/squawk:<beta-tag>release.ymlproduces correct semver tags on a published release🤖 Generated with Claude Code
Summary by Sourcery
Make Docker image publishing workflows build architecture-specific images in parallel and assemble them into a single multi-arch manifest, while pinning GitHub Actions dependencies to specific versions.
Build: