Add multi-arch support (amd64 + arm64) for all image variants

Build per-arch apko tarballs separately, then use buildx with QEMU and TARGETARCH to produce a proper multi-platform OCI image index. Each platform gets its correct native rootfs from apko. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 10:50:27 -05:00 · 2026-02-02 10:50:27 -05:00 · 81b219fedc
commit 81b219fedc
parent 70fc24a7e6
3 changed files with 54 additions and 18 deletions
--- a/.gitea/workflows/publish.yaml
+++ b/.gitea/workflows/publish.yaml
@ -52,6 +52,9 @@ jobs:
          tar xzf /tmp/apko.tar.gz --strip-components=1 -C /usr/local/bin
          rm /tmp/apko.tar.gz

+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

@ -110,20 +113,29 @@ jobs:
          echo "version_tag=${VERSION_TAG}" >> "$GITHUB_OUTPUT"
          echo "Next version tag: ${VERSION_TAG}"

-      - name: Build apko image tarball
+      - name: Build per-arch apko tarballs
        run: |
-          apko build ${{ matrix.config }} \
+          mkdir -p /tmp/build-amd64 /tmp/build-arm64
+          apko build --arch x86_64 ${{ matrix.config }} \
            ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-${{ steps.tag.outputs.suffix }} \
-            /tmp/image.tar
-          echo 'FROM scratch' > /tmp/Dockerfile
-          echo 'ADD image.tar /' >> /tmp/Dockerfile
-          echo 'USER 65532' >> /tmp/Dockerfile
+            /tmp/build-amd64/image.tar
+          apko build --arch aarch64 ${{ matrix.config }} \
+            ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-${{ steps.tag.outputs.suffix }} \
+            /tmp/build-arm64/image.tar
+          cat > /tmp/Dockerfile <<'EOF'
+          FROM scratch
+          ARG TARGETARCH
+          ADD build-${TARGETARCH}/image.tar /
+          USER 65532
+          EOF
+          sed -i 's/^          //' /tmp/Dockerfile

      - name: Build and push with buildx (SBOM + provenance)
        uses: docker/build-push-action@v5
        with:
          context: /tmp
          file: /tmp/Dockerfile
+          platforms: linux/amd64,linux/arm64
          push: true
          sbom: true
          provenance: mode=max
--- a/.gitea/workflows/rebuild.yaml
+++ b/.gitea/workflows/rebuild.yaml
@ -44,6 +44,9 @@ jobs:
          tar xzf /tmp/apko.tar.gz --strip-components=1 -C /usr/local/bin
          rm /tmp/apko.tar.gz

+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

@ -102,20 +105,29 @@ jobs:
          echo "version_tag=${VERSION_TAG}" >> "$GITHUB_OUTPUT"
          echo "Next version tag: ${VERSION_TAG}"

-      - name: Build apko image tarball
+      - name: Build per-arch apko tarballs
        run: |
-          apko build ${{ matrix.config }} \
+          mkdir -p /tmp/build-amd64 /tmp/build-arm64
+          apko build --arch x86_64 ${{ matrix.config }} \
            ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest \
-            /tmp/image.tar
-          echo 'FROM scratch' > /tmp/Dockerfile
-          echo 'ADD image.tar /' >> /tmp/Dockerfile
-          echo 'USER 65532' >> /tmp/Dockerfile
+            /tmp/build-amd64/image.tar
+          apko build --arch aarch64 ${{ matrix.config }} \
+            ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest \
+            /tmp/build-arm64/image.tar
+          cat > /tmp/Dockerfile <<'EOF'
+          FROM scratch
+          ARG TARGETARCH
+          ADD build-${TARGETARCH}/image.tar /
+          USER 65532
+          EOF
+          sed -i 's/^          //' /tmp/Dockerfile

      - name: Build and push with buildx (SBOM + provenance)
        uses: docker/build-push-action@v5
        with:
          context: /tmp
          file: /tmp/Dockerfile
+          platforms: linux/amd64,linux/arm64
          push: true
          sbom: true
          provenance: mode=max
--- a/.gitea/workflows/update-check.yaml
+++ b/.gitea/workflows/update-check.yaml
@ -133,6 +133,9 @@ jobs:
          tar xzf /tmp/apko.tar.gz --strip-components=1 -C /usr/local/bin
          rm /tmp/apko.tar.gz

+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

@ -191,20 +194,29 @@ jobs:
          echo "version_tag=${VERSION_TAG}" >> "$GITHUB_OUTPUT"
          echo "Next version tag: ${VERSION_TAG}"

-      - name: Build apko image tarball
+      - name: Build per-arch apko tarballs
        run: |
-          apko build ${{ matrix.config }} \
+          mkdir -p /tmp/build-amd64 /tmp/build-arm64
+          apko build --arch x86_64 ${{ matrix.config }} \
            ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest \
-            /tmp/image.tar
-          echo 'FROM scratch' > /tmp/Dockerfile
-          echo 'ADD image.tar /' >> /tmp/Dockerfile
-          echo 'USER 65532' >> /tmp/Dockerfile
+            /tmp/build-amd64/image.tar
+          apko build --arch aarch64 ${{ matrix.config }} \
+            ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest \
+            /tmp/build-arm64/image.tar
+          cat > /tmp/Dockerfile <<'EOF'
+          FROM scratch
+          ARG TARGETARCH
+          ADD build-${TARGETARCH}/image.tar /
+          USER 65532
+          EOF
+          sed -i 's/^          //' /tmp/Dockerfile

      - name: Build and push with buildx (SBOM + provenance)
        uses: docker/build-push-action@v5
        with:
          context: /tmp
          file: /tmp/Dockerfile
+          platforms: linux/amd64,linux/arm64
          push: true
          sbom: true
          provenance: mode=max