diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2708aae99..032cdeaf8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -126,16 +126,19 @@ jobs: type=ref,event=pr type=ref,event=tag type=sha,format=long + - name: Set up QEMU + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + with: + platforms: linux/amd64,linux/arm64 - name: Build (and push if needed) uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . file: Dockerfile.build-image + platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} push: ${{ github.ref == 'refs/heads/main' }} - # Only load on PR builds - load: ${{ github.ref != 'refs/heads/main' }} - name: Run container image vulnerability scanner uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 with: diff --git a/Dockerfile.build-image b/Dockerfile.build-image index 5c97d6f1e..923577938 100644 --- a/Dockerfile.build-image +++ b/Dockerfile.build-image @@ -25,13 +25,20 @@ RUN apt-get update && \ ENV USER=root ARG NIX_VERSION=2.25.0 -RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-x86_64-linux.tar.xz && \ - tar xf nix-${NIX_VERSION}-x86_64-linux.tar.xz && \ + +RUN \ + if [ "$TARGETARCH" = "amd64" ]; then \ + export ARCH=x86_64; \ + else \ + export ARCH=aarch64; \ + fi && \ + wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-${ARCH}-linux.tar.xz && \ + tar xf nix-${NIX_VERSION}-${ARCH}-linux.tar.xz && \ groupadd -r -g 30000 nixbld && \ for i in $(seq 1 30); do useradd -rM -u $((30000 + i)) -G nixbld nixbld$i ; done && \ mkdir -m 0755 /etc/nix /nix && \ printf "sandbox = false\nfilter-syscalls = false\n" > /etc/nix/nix.conf && \ - nix-${NIX_VERSION}-x86_64-linux/install && \ + nix-${NIX_VERSION}-${ARCH}-linux/install && \ ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d && \ rm -rf nix-*