feat: Add multiplatform container image support (amd64, arm64, s390x) by crivetimihai · Pull Request #1520 · IBM/mcp-context-forge

crivetimihai · 2025-11-29T09:05:28Z

Add comprehensive multiplatform Docker build support with:

New docker-multiplatform.yml workflow:
- Parallel native builds for amd64 (ubuntu-latest) and arm64 (ubuntu-24.04-arm)
- QEMU emulation for s390x on ubuntu-latest
- Multiplatform manifest creation with buildx imagetools
- Security scanning (Trivy, Grype, Syft SBOM) on amd64
- Cosign keyless signing for all architectures
Updated docker-release.yml:
- Use buildx imagetools create for manifest handling
- Preserves all architecture variants when tagging releases
Updated ibm-cloud-code-engine.yml:
- Explicit --platform linux/amd64 flag for consistent builds
Updated Containerfile.lite for multiplatform compatibility:
- Use ubi10-minimal as runtime base instead of scratch
- Eliminates dnf --installroot which fails under QEMU emulation
- Uses microdnf for runtime package installation
- Maintains security scanning compatibility (RPM database preserved)
Enhanced Makefile targets:
- container-build-multi: Build multiplatform image locally
- container-inspect-manifest: Inspect multiplatform manifest in registry

Closes #80

github-advanced-security · 2025-11-29T09:05:44Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

Containerfile.lite

Add comprehensive multiplatform Docker build support with: - New docker-multiplatform.yml workflow: - Parallel native builds for amd64 (ubuntu-latest) and arm64 (ubuntu-24.04-arm) - QEMU emulation for s390x on ubuntu-latest - Multiplatform manifest creation with buildx imagetools - Security scanning (Trivy, Grype, Syft SBOM) on amd64 - Cosign keyless signing for all architectures - Updated docker-release.yml: - Use buildx imagetools create for manifest handling - Preserves all architecture variants when tagging releases - Updated ibm-cloud-code-engine.yml: - Explicit --platform linux/amd64 flag for consistent builds - Updated Containerfile.lite for multiplatform compatibility: - Use ubi10-minimal as runtime base instead of scratch - Eliminates dnf --installroot which fails under QEMU emulation - Uses microdnf for runtime package installation - Maintains security scanning compatibility (RPM database preserved) - Enhanced Makefile targets: - container-build-multi: Build multiplatform image locally - container-inspect-manifest: Inspect multiplatform manifest in registry Closes #80 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com>

* feat: Add multiplatform container image support (amd64, arm64, s390x) Add comprehensive multiplatform Docker build support with: - New docker-multiplatform.yml workflow: - Parallel native builds for amd64 (ubuntu-latest) and arm64 (ubuntu-24.04-arm) - QEMU emulation for s390x on ubuntu-latest - Multiplatform manifest creation with buildx imagetools - Security scanning (Trivy, Grype, Syft SBOM) on amd64 - Cosign keyless signing for all architectures - Updated docker-release.yml: - Use buildx imagetools create for manifest handling - Preserves all architecture variants when tagging releases - Updated ibm-cloud-code-engine.yml: - Explicit --platform linux/amd64 flag for consistent builds - Updated Containerfile.lite for multiplatform compatibility: - Use ubi10-minimal as runtime base instead of scratch - Eliminates dnf --installroot which fails under QEMU emulation - Uses microdnf for runtime package installation - Maintains security scanning compatibility (RPM database preserved) - Enhanced Makefile targets: - container-build-multi: Build multiplatform image locally - container-inspect-manifest: Inspect multiplatform manifest in registry Closes #80 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Include missing Container.scratch file in MANIFEST.in (#1529) Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Update documentation for multi-architecture image use Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Revert unneeded changes in one part of the doc. Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Add recursive signing to cosign step. Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

…IBM#1520) * feat: Add multiplatform container image support (amd64, arm64, s390x) Add comprehensive multiplatform Docker build support with: - New docker-multiplatform.yml workflow: - Parallel native builds for amd64 (ubuntu-latest) and arm64 (ubuntu-24.04-arm) - QEMU emulation for s390x on ubuntu-latest - Multiplatform manifest creation with buildx imagetools - Security scanning (Trivy, Grype, Syft SBOM) on amd64 - Cosign keyless signing for all architectures - Updated docker-release.yml: - Use buildx imagetools create for manifest handling - Preserves all architecture variants when tagging releases - Updated ibm-cloud-code-engine.yml: - Explicit --platform linux/amd64 flag for consistent builds - Updated Containerfile.lite for multiplatform compatibility: - Use ubi10-minimal as runtime base instead of scratch - Eliminates dnf --installroot which fails under QEMU emulation - Uses microdnf for runtime package installation - Maintains security scanning compatibility (RPM database preserved) - Enhanced Makefile targets: - container-build-multi: Build multiplatform image locally - container-inspect-manifest: Inspect multiplatform manifest in registry Closes IBM#80 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Include missing Container.scratch file in MANIFEST.in (IBM#1529) Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Bh/multi arch builds 2 (IBM#1532) * feat: Add multiplatform container image support (amd64, arm64, s390x) Add comprehensive multiplatform Docker build support with: - New docker-multiplatform.yml workflow: - Parallel native builds for amd64 (ubuntu-latest) and arm64 (ubuntu-24.04-arm) - QEMU emulation for s390x on ubuntu-latest - Multiplatform manifest creation with buildx imagetools - Security scanning (Trivy, Grype, Syft SBOM) on amd64 - Cosign keyless signing for all architectures - Updated docker-release.yml: - Use buildx imagetools create for manifest handling - Preserves all architecture variants when tagging releases - Updated ibm-cloud-code-engine.yml: - Explicit --platform linux/amd64 flag for consistent builds - Updated Containerfile.lite for multiplatform compatibility: - Use ubi10-minimal as runtime base instead of scratch - Eliminates dnf --installroot which fails under QEMU emulation - Uses microdnf for runtime package installation - Maintains security scanning compatibility (RPM database preserved) - Enhanced Makefile targets: - container-build-multi: Build multiplatform image locally - container-inspect-manifest: Inspect multiplatform manifest in registry Closes IBM#80 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Include missing Container.scratch file in MANIFEST.in (IBM#1529) Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Update documentation for multi-architecture image use Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Revert unneeded changes in one part of the doc. Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Add recursive signing to cosign step. Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> Co-authored-by: Brian Hussey <brian.hussey@ie.ibm.com>

github-advanced-security bot found potential problems Nov 29, 2025

View reviewed changes

Containerfile.lite Dismissed Show dismissed Hide dismissed

kevalmahajan force-pushed the multi-arch-builds branch from 07e1433 to ffb2bf2 Compare December 2, 2025 06:11

crivetimihai and others added 3 commits December 3, 2025 14:35

Include missing Container.scratch file in MANIFEST.in (#1529)

0c5f811

Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com>

kevalmahajan force-pushed the multi-arch-builds branch from fe85b3c to 779d165 Compare December 3, 2025 09:06

kevalmahajan self-requested a review December 3, 2025 09:09

kevalmahajan marked this pull request as ready for review December 3, 2025 09:16

kevalmahajan approved these changes Dec 3, 2025

View reviewed changes

kevalmahajan merged commit 4d15916 into main Dec 3, 2025
52 checks passed

kevalmahajan deleted the multi-arch-builds branch December 3, 2025 09:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Add multiplatform container image support (amd64, arm64, s390x)#1520

feat: Add multiplatform container image support (amd64, arm64, s390x)#1520
kevalmahajan merged 3 commits intomainfrom
multi-arch-builds

crivetimihai commented Nov 29, 2025

Uh oh!

github-advanced-security bot commented Nov 29, 2025

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

crivetimihai commented Nov 29, 2025

Uh oh!

github-advanced-security bot commented Nov 29, 2025

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants