feat(docker): native multi-arch builds with ARM runners

# Build Stage

docker-build-push:

.docker-build:

  stage: build

  image: docker:29

  needs: []

    DOCKER_HOST: tcp://docker:2375

    DOCKER_TLS_CERTDIR: ""

    IMAGE_NAME: gkg

  rules:

    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

  script:

    - ./scripts/docker-build.sh "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:develop-${ARCH}"

docker-build-amd64:

  extends: .docker-build

  tags:

    - saas-linux-large-amd64

  variables:

    ARCH: amd64

docker-build-arm64:

  extends: .docker-build

  tags:

    - saas-linux-large-arm64

  variables:

    ARCH: arm64

docker-manifest:

  stage: build

  image: docker:29

  tags:

    - saas-linux-small-amd64

  needs:

    - docker-build-amd64

    - docker-build-arm64

  variables:

    IMAGE_NAME: gkg

  rules:

    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

  before_script:

    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"

  script:

    - ./scripts/docker-build.sh "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:develop"

    - docker manifest create "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:develop"

        "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:develop-amd64"

        "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:develop-arm64"

    - docker manifest push "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:develop"

# Deploy Stage - Helm Charts

  stage: release

  image: node:lts

  tags:

    - saas-linux-large-amd64

  services:

    - docker:29-dind

    - saas-linux-small-amd64

  variables:

    DOCKER_HOST: tcp://docker:2375

    DOCKER_TLS_CERTDIR: ""

    GIT_STRATEGY: clone

    IMAGE_NAME: gkg

  needs: []

  rules:

    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

      when: manual

  before_script:

    - npm install -g semantic-release @semantic-release/gitlab @semantic-release/exec @semantic-release/git @semantic-release/commit-analyzer @semantic-release/release-notes-generator @semantic-release/changelog conventional-changelog-conventionalcommits semantic-release-slack-bot

    - apt-get update

    - apt-get install -y ca-certificates curl

    - install -m 0755 -d /etc/apt/keyrings

    - curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc

    - chmod a+r /etc/apt/keyrings/docker.asc

    - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list

    - apt-get update

    - apt-get install -y docker-ce-cli

    - npm install -g semantic-release @semantic-release/gitlab @semantic-release/git @semantic-release/commit-analyzer @semantic-release/release-notes-generator @semantic-release/changelog conventional-changelog-conventionalcommits semantic-release-slack-bot

  script:

    - npx semantic-release

.docker-release:

  stage: build

  image: docker:29

  services:

    - docker:29-dind

  variables:

    DOCKER_HOST: tcp://docker:2375

    DOCKER_TLS_CERTDIR: ""

    IMAGE_NAME: gkg

  rules:

    - if: $CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+/

  script:

    - export GKG_VERSION="${CI_COMMIT_TAG#v}"

    - ./scripts/docker-build.sh "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GKG_VERSION}-${ARCH}"

release-build-amd64:

  extends: .docker-release

  tags:

    - saas-linux-large-amd64

  variables:

    ARCH: amd64

release-build-arm64:

  extends: .docker-release

  tags:

    - saas-linux-large-arm64

  variables:

    ARCH: arm64

release-manifest:

  stage: build

  image: docker:29

  tags:

    - saas-linux-small-amd64

  needs:

    - release-build-amd64

    - release-build-arm64

  variables:

    IMAGE_NAME: gkg

  rules:

    - if: $CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+/

  before_script:

    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"

  script:

    - VERSION="${CI_COMMIT_TAG#v}"

    - docker manifest create "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${VERSION}"

        "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${VERSION}-amd64"

        "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${VERSION}-arm64"

    - docker manifest push "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${VERSION}"

    - docker manifest create "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:latest"

        "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${VERSION}-amd64"

        "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${VERSION}-arm64"

    - docker manifest push "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:latest"

    ],

    "@semantic-release/changelog",

    "@semantic-release/gitlab",

    [

      "@semantic-release/exec",

      {

        "publishCmd": "GKG_VERSION=${nextRelease.version} ./scripts/docker-build.sh ${process.env.CI_REGISTRY_IMAGE}/${process.env.IMAGE_NAME}:${nextRelease.version} ${process.env.CI_REGISTRY_IMAGE}/${process.env.IMAGE_NAME}:latest"

      }

    ],

    [

      "@semantic-release/git",

      {

FROM --platform=$BUILDPLATFORM registry.gitlab.com/gitlab-org/orbit/build-images/rust-builder:latest AS builder

FROM registry.gitlab.com/gitlab-org/orbit/build-images/rust-builder:latest AS builder

ARG TARGETARCH

ARG GKG_VERSION=dev

RUN <<EOF

  set -e

  case "$TARGETARCH" in

    arm64) RUST_TARGET=aarch64-unknown-linux-gnu ;;

    amd64) RUST_TARGET=x86_64-unknown-linux-gnu ;;

    *)     echo "unsupported arch: $TARGETARCH" && exit 1 ;;

  esac

  rustup target add "$RUST_TARGET"

  if [ "$TARGETARCH" = "arm64" ]; then

    apt-get update && apt-get install -y --no-install-recommends gcc-aarch64-linux-gnu && rm -rf /var/lib/apt/lists/*

  fi

EOF

WORKDIR /build

COPY . .

ENV GKG_VERSION=$GKG_VERSION

ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc

RUN <<EOF

  set -e

  case "$TARGETARCH" in

    arm64) RUST_TARGET=aarch64-unknown-linux-gnu ;;

    *)     RUST_TARGET=x86_64-unknown-linux-gnu ;;

  esac

  cargo build --release --target "$RUST_TARGET" --package gkg-server

  cp "target/$RUST_TARGET/release/gkg-server" /gkg-server

EOF

RUN cargo build --release --package gkg-server && \

    cp target/release/gkg-server /gkg-server

FROM registry.access.redhat.com/ubi9/ubi-micro:latest

  exit 1

fi

TAGS=""

for tag in "$@"; do

  TAGS="$TAGS -t $tag"

done

if [ -n "$CI_REGISTRY_USER" ] && [ -n "$CI_REGISTRY_PASSWORD" ] && [ -n "$CI_REGISTRY" ]; then

  echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"

fi

docker buildx create --use 2>/dev/null || true

BUILD_ARGS=""

if [ -n "$GKG_VERSION" ]; then

  BUILD_ARGS="--build-arg GKG_VERSION=$GKG_VERSION"

fi

echo "Building and pushing:$TAGS"

ARCH=$(uname -m)

case "$ARCH" in

  aarch64) PLATFORM="linux/arm64" ;;

  *)       PLATFORM="linux/amd64" ;;

esac

TAGS=""

for tag in "$@"; do

  TAGS="$TAGS -t $tag"

done

echo "Building for ${PLATFORM}:$TAGS"

docker buildx create --use 2>/dev/null || true

docker buildx build \

  --platform linux/amd64,linux/arm64 \

  --platform "$PLATFORM" \

  --push \

  --cache-from type=registry,ref=${CI_REGISTRY_IMAGE}/cache/${IMAGE_NAME}:develop \

  --cache-to   type=registry,mode=max,compression=zstd,oci-mediatypes=true,ref=${CI_REGISTRY_IMAGE}/cache/${IMAGE_NAME}:develop \

  --cache-from "type=registry,ref=${CI_REGISTRY_IMAGE}/cache/${IMAGE_NAME}:${PLATFORM##*/}" \

  --cache-to   "type=registry,mode=max,compression=zstd,oci-mediatypes=true,ref=${CI_REGISTRY_IMAGE}/cache/${IMAGE_NAME}:${PLATFORM##*/}" \

  --label "com.gitlab/ci-pipeline-url=${CI_PIPELINE_URL}" \

  --label "com.gitlab/ci-job-url=${CI_JOB_URL}" \

  --label "com.gitlab/commit-sha=${CI_COMMIT_SHA}" \