workflows/build-ci-container: Add an arm64 container

[tstellar]

This also changes the container version numbers in the tag from unix timestamps to the abbreviated commit hash for the workflow. This ensures that the amd64 and arm64 containers have the same tag.

For amd64 we now generate 4 tags:

• ghcr.io/llvm/ci-ubuntu-22.04:latest
• ghcr.io/llvm/ci-ubuntu-22.04:$GITHUB_SHA
• ghcr.io/llvm/amd64/ci-ubuntu-22.04:latest
• ghcr.io/llvm/amd64/ci-ubuntu-22.04:$GITHUB_SHA

For arm64 we generate 2 tags:

• ghcr.io/tstellar/arm64v8/ci-ubuntu-22.04:latest
• ghcr.io/tstellar/arm64v8/ci-ubuntu-22.04:$GITHUB_SHA

[llvmbot]

@llvm/pr-subscribers-github-workflow

Author: Tom Stellard (tstellar)

Changes

This also changes the container version numbers in the tag from unix timestamps to the github run_id and run_attempt for the workflow. This ensures that the amd64 and arm64 containers have the same version number.

For amd64 we now generate 4 tags:

• ghcr.io/llvm/ci-ubuntu-22.04:$run_id:latest
• ghcr.io/llvm/ci-ubuntu-22.04:$run_id.$run_attempt
• ghcr.io/llvm/amd64/ci-ubuntu-22.04:latest
• ghcr.io/llvm/amd64/ci-ubuntu-22.04:$run_id.$run_attempt

For arm64 we generate 2 tags:

• ghcr.io/tstellar/arm64v8/ci-ubuntu-22.04:latest
• ghcr.io/tstellar/arm64v8/ci-ubuntu-22.04:$run_id.$run_attempt

---

Full diff: https://github.com/llvm/llvm-project/pull/120828.diff

1 Files Affected:

• (modified) .github/workflows/build-ci-container.yml (+35-14)

diff --git a/.github/workflows/build-ci-container.yml b/.github/workflows/build-ci-container.yml
index 50729e0173506e..28ba9c21fefc48 100644
--- a/.github/workflows/build-ci-container.yml
+++ b/.github/workflows/build-ci-container.yml
@@ -20,11 +20,16 @@ on:
 jobs:
   build-ci-container:
     if: github.repository_owner == 'llvm'
-    runs-on: depot-ubuntu-22.04-16
-    outputs:
-      container-name: ${{ steps.vars.outputs.container-name }}
-      container-name-tag: ${{ steps.vars.outputs.container-name-tag }}
-      container-filename: ${{ steps.vars.outputs.container-filename }}
+    runs-on: ${{ matrix.runs-on }}
+    strategy:
+      matrix:
+        include:
+          # The arch names should match the names used on dockerhub.
+          # See https://github.com/docker-library/official-images#architectures-other-than-amd64
+          - arch: amd64
+            runs-on: depot-ubuntu-22.04-16
+          - arch: arm64v8
+            runs-on: depot-ubuntu-22.04-arm-16
     steps:
       - name: Checkout LLVM
         uses: actions/checkout@v4
@@ -33,8 +38,8 @@ jobs:
       - name: Write Variables
         id: vars
         run: |
-          tag=`date +%s`
-          container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/ci-ubuntu-22.04"
+          tag="${{ github.run_id}}.${{ github.run_attempt }}"
+          container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/${{ matrix.arch }}/ci-ubuntu-22.04"
           echo "container-name=$container_name" >> $GITHUB_OUTPUT
           echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT
           echo "container-filename=$(echo $container_name:$tag  | sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT
@@ -53,7 +58,7 @@ jobs:
       - name: Upload container image
         uses: actions/upload-artifact@v4
         with:
-          name: container
+          name: container-${{ matrix.arch }}
           path: ${{ steps.vars.outputs.container-filename }}
           retention-days: 14
 
@@ -75,13 +80,29 @@ jobs:
     steps:
       - name: Download container
         uses: actions/download-artifact@v4
-        with:
-          name: container
 
       - name: Push Container
         run: |
-          podman load -i ${{ needs.build-ci-container.outputs.container-filename }}
-          podman tag ${{ needs.build-ci-container.outputs.container-name-tag }} ${{ needs.build-ci-container.outputs.container-name }}:latest
+          function push_container {
+            image_name=$1
+            latest_name=$(echo $image_name | sed 's/:[.0-9]\+$/:latest/g')
+            podman tag $image_name $latest_name
+            echo "Pushing $image_name ..."
+            podman push $image_name
+            echo "Pushing $latest_name ..."
+            podman push $latest_name
+          }
+
           podman login -u ${{ github.actor }} -p $GITHUB_TOKEN ghcr.io
-          podman push ${{ needs.build-ci-container.outputs.container-name-tag }}
-          podman push ${{ needs.build-ci-container.outputs.container-name }}:latest
+          for f in $(find . -iname *.tar); do
+            image_name=$(podman load -q -i $f | sed 's/Loaded image: //g')
+            push_container $image_name
+
+            if echo $image_name | grep '/amd64/'; then
+              # For amd64, create an alias with the arch component removed.
+              # This matches the convention used on dockerhub.
+              default_image_name=$(echo $(dirname $(dirname $image_name))/$(basename $image_name))
+              podman tag $image_name $default_image_name
+              push_container $default_image_name
+            fi
+          done

[tstellar]

This test failures should be fixed by #120827

[boomanaiden154]

LGTM.

[boomanaiden154]

Can we use something better than this? Maybe the short commit SHA suffixed with the arch?

[tstellar]

We could use the short commit SHA.

I'm not sure about the arch suffix. For Fedora containers we have the arch suffix:
registry.fedoraproject.org/fedora:41-aarch64

But for ubuntu there is no suffix and the arch is in the namespace: docker.io/arm64v8/ubuntu:22.04

I really have no preference, I just want to be consistent with whatever the convention is.

[boomanaiden154]

Ah, okay.

I think the short commit SHA would be better here given it makes things more easily searchable. Keeping the arch in the namespace sounds reasonable enough to me.