add arm64 and i386 images

mattip · mattip · commit c08a9e9eca6a · 2026-05-20T16:18:48.000+03:00
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -59,3 +59,97 @@ jobs:
           subject-name: ghcr.io/${{ github.repository_owner }}/buildworker_x86_64
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true
+
+  build-i686:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff9c2d871b165f9253f # v3.6.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+
+      - name: Log in to GHCR
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/buildworker_i686
+          tags: |
+            type=sha,format=long
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push
+        id: push
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        with:
+          context: docker
+          file: docker/Dockerfile.i686
+          platforms: linux/386
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          provenance: true
+          sbom: true
+
+      - name: Attest build provenance
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
+        with:
+          subject-name: ghcr.io/${{ github.repository_owner }}/buildworker_i686
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+
+  build-aarch64:
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+
+      - name: Log in to GHCR
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/buildworker_aarch64
+          tags: |
+            type=sha,format=long
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push
+        id: push
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        with:
+          context: docker
+          file: docker/Dockerfile.aarch64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          provenance: true
+          sbom: true
+
+      - name: Attest build provenance
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
+        with:
+          subject-name: ghcr.io/${{ github.repository_owner }}/buildworker_aarch64
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/docker/Dockerfile.aarch64 b/docker/Dockerfile.aarch64
@@ -0,0 +1,61 @@
+# Dockerfile based on manylinux_2_28_aarch64 (AlmaLinux 8, glibc 2.28, arm64)
+#
+# Build:
+#   docker build --pull -t buildworker_aarch64 \
+#     --build-arg BUILDWORKER_UID=1001 \
+#     -f docker/Dockerfile.aarch64 docker
+#
+# Run interactively:
+#   docker run -it --rm -v$(pwd):/build_dir buildworker_aarch64 /bin/bash
+
+FROM quay.io/pypa/manylinux_2_28_aarch64@sha256:dee559b640ecd6c8a3dacf8c7cad3ea339c7d1f505c52efdc57891f17f2c931b
+WORKDIR /root
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN yum -y update
+RUN yum install -y \
+    wget patch gdb vim perl texinfo \
+    zlib-devel glibc-devel \
+    libX11-devel libXt-devel libXft-devel tk-devel gdbm-devel \
+    xz-devel bzip2-devel \
+    openssl3-devel \
+    gc-devel \
+    ncurses-devel \
+    libunwind-devel \
+    perl-IPC-Cmd perl-Digest-SHA
+
+RUN yum clean packages
+
+# prefer our libraries in /usr/local/lib (for sqlite, libexpat, libffi built from source)
+ENV LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
+
+# sqlite: yum provides 3.26.0 which is too old; build 3.47.2 from source
+ADD install_sqlite.sh /root/install_sqlite.sh
+RUN sh /root/install_sqlite.sh 2>&1 | tee /root/install_sqlite.log
+
+# libexpat and libffi are baked into PyPy; use latest versions
+ADD install_libexpat.sh /root/install_libexpat.sh
+RUN sh /root/install_libexpat.sh 2>&1 | tee /root/install_libexpat.log
+
+ADD install_libffi.sh /root/install_libffi.sh
+RUN sh /root/install_libffi.sh 2>&1 | tee /root/install_libffi.log
+
+# get a pypy for translation and running tests
+RUN wget -q https://downloads.python.org/pypy/pypy2.7-v7.3.22-aarch64.tar.bz2 -O pypy2.7.tar.bz2
+RUN echo "49829ef97a36d50870b0a4a7d6d67c4817d98a0bbd936e7a86ac6ef615b07205  pypy2.7.tar.bz2" | sha256sum -c -
+RUN tar -C /opt -xj < pypy2.7.tar.bz2 && rm pypy2.7.tar.bz2
+RUN ln -s /opt/pypy2.7-v7.3.22-aarch64/bin/pypy /usr/local/bin/pypy
+RUN ln -s /opt/pypy2.7-v7.3.22-aarch64/bin/pypy /usr/local/bin/python
+RUN pypy -mensurepip
+RUN pypy -mpip install --upgrade pip==20.3.4
+RUN pypy -mpip install --upgrade setuptools wheel
+ADD requirements.txt /root/requirements.txt
+RUN pypy -mpip install --require-hashes -r /root/requirements.txt
+
+# Define a user
+ARG BUILDWORKER_UID=1001
+ARG PARALLEL_BUILDS=4
+RUN adduser buildworker --uid=$BUILDWORKER_UID
+RUN echo parallel_runs=$PARALLEL_BUILDS > /home/buildworker/machine_cfg.py
+ENV PYPY_LOCALBASE=/usr/local
+USER buildworker
diff --git a/docker/Dockerfile.i686 b/docker/Dockerfile.i686
@@ -0,0 +1,61 @@
+# Dockerfile based on manylinux_2_28_i686 (AlmaLinux 8, glibc 2.28, 32-bit)
+#
+# Build:
+#   docker build --pull -t buildworker_i686 \
+#     --build-arg BUILDWORKER_UID=1001 \
+#     -f docker/Dockerfile.i686 docker
+#
+# Run interactively:
+#   docker run -it --rm -v$(pwd):/build_dir buildworker_i686 /bin/bash
+
+FROM quay.io/pypa/manylinux_2_28_i686@sha256:817099eabdaf534fd802079ed185b62b97f1fc5e7027db9a14fd7540931819b9
+WORKDIR /root
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN yum -y update
+RUN yum install -y \
+    wget patch gdb vim perl texinfo \
+    zlib-devel glibc-devel \
+    libX11-devel libXt-devel libXft-devel tk-devel gdbm-devel \
+    xz-devel bzip2-devel \
+    openssl3-devel \
+    gc-devel \
+    ncurses-devel \
+    libunwind-devel \
+    perl-IPC-Cmd perl-Digest-SHA
+
+RUN yum clean packages
+
+# prefer our libraries in /usr/local/lib (for sqlite, libexpat, libffi built from source)
+ENV LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
+
+# sqlite: yum provides 3.26.0 which is too old; build 3.47.2 from source
+ADD install_sqlite.sh /root/install_sqlite.sh
+RUN sh /root/install_sqlite.sh m32 2>&1 | tee /root/install_sqlite.log
+
+# libexpat and libffi are baked into PyPy; use latest versions
+ADD install_libexpat.sh /root/install_libexpat.sh
+RUN sh /root/install_libexpat.sh m32 2>&1 | tee /root/install_libexpat.log
+
+ADD install_libffi.sh /root/install_libffi.sh
+RUN sh /root/install_libffi.sh m32 2>&1 | tee /root/install_libffi.log
+
+# get a pypy for translation and running tests
+RUN wget -q https://downloads.python.org/pypy/pypy2.7-v7.3.22-linux32.tar.bz2 -O pypy2.7.tar.bz2
+RUN echo "3512d44a9005b52611ad2d84e63c575c8b592fb1dd1a708a00f787b46e6ee07b  pypy2.7.tar.bz2" | sha256sum -c -
+RUN tar -C /opt -xj < pypy2.7.tar.bz2 && rm pypy2.7.tar.bz2
+RUN ln -s /opt/pypy2.7-v7.3.22-linux32/bin/pypy /usr/local/bin/pypy
+RUN ln -s /opt/pypy2.7-v7.3.22-linux32/bin/pypy /usr/local/bin/python
+RUN pypy -mensurepip
+RUN pypy -mpip install --upgrade pip==20.3.4
+RUN pypy -mpip install --upgrade setuptools wheel
+ADD requirements.txt /root/requirements.txt
+RUN pypy -mpip install --require-hashes -r /root/requirements.txt
+
+# Define a user
+ARG BUILDWORKER_UID=1001
+ARG PARALLEL_BUILDS=4
+RUN adduser buildworker --uid=$BUILDWORKER_UID
+RUN echo parallel_runs=$PARALLEL_BUILDS > /home/buildworker/machine_cfg.py
+ENV PYPY_LOCALBASE=/usr/local
+USER buildworker
