chore(ci): Add multi-architecture support to copilot-setup-steps binary downloads

[WilliamBerryiii]

Summary

The copilot-setup-steps.yml workflow hardcodes x86_64/amd64 binary URLs for all binary downloads (uv and actionlint). The devcontainer on-create.sh script already implements multi-architecture support via ARCH=$(uname -m) with if/elif/else branching for x86_64 and aarch64. This inconsistency creates a forward-looking risk: when GitHub ARM-based runners become available and the repo adopts them, hardcoded x86_64 downloads will silently install incompatible binaries or fail outright.

Context

PR #921 added uv installation to copilot-setup-steps.yml following the same single-architecture pattern already used by the actionlint step. This is internally consistent within the workflow, but diverges from the devcontainer's multi-arch approach.

The copilot-instructions.md Environment Synchronization section states: "When adding or removing tools in either environment, evaluate whether both need the change and update accordingly." The current gap is not a functional defect today — workflow instructions mandate ubuntu-latest (x86_64 only) — but it is a maintenance risk.

Affected Code: copilot-setup-steps.yml

actionlint step (lines 59–70) — hardcodes linux_amd64:

- name: Install actionlint
  env:
    ACTIONLINT_VERSION: '1.7.10'
    ACTIONLINT_SHA256: 'f4c76b71db5755a713e6055cbb0857ed07e103e028bda117817660ebadb4386f'
  run: |
    curl -sLO "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz"
    echo "${ACTIONLINT_SHA256}  actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz" | sha256sum -c -
    tar -xzf "actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz" actionlint
    sudo install actionlint /usr/local/bin/actionlint
    rm actionlint "actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz"
    actionlint --version

uv step (lines 78–89) — hardcodes x86_64-unknown-linux-gnu:

- name: Install uv package manager
  env:
    UV_VERSION: '0.10.8'
    UV_SHA256: 'f0c566b55683395a62fefb9261a060fa09824914b5682c3b9629fa154762ae2f'
  run: |
    curl -sSfL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" -o /tmp/uv.tar.gz
    echo "${UV_SHA256}  /tmp/uv.tar.gz" | sha256sum -c -
    sudo tar -xzf /tmp/uv.tar.gz -C /usr/local/bin --strip-components=1 uv-x86_64-unknown-linux-gnu/uv uv-x86_64-unknown-linux-gnu/uvx
    rm /tmp/uv.tar.gz

Reference Implementation: on-create.sh

The devcontainer script already implements the desired pattern for all three binary downloads (actionlint, gitleaks, uv). Example from the uv section (lines 72–92):

UV_VERSION="0.10.8"
if [[ "${ARCH}" == "x86_64" ]]; then
  UV_ARCH="x86_64-unknown-linux-gnu"
  UV_SHA256="f0c566b55683395a62fefb9261a060fa09824914b5682c3b9629fa154762ae2f"
elif [[ "${ARCH}" == "aarch64" ]]; then
  UV_ARCH="aarch64-unknown-linux-gnu"
  UV_SHA256="661860e954f87dcd823251191866af3486484d1a9df60eed56f4586ed7559e3d"
else
  echo "ERROR: Unsupported architecture for uv: ${ARCH}" >&2
  exit 1
fi
curl -sSfL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-${UV_ARCH}.tar.gz" -o /tmp/uv.tar.gz

The same if/elif/else pattern is used for actionlint (lines 20–34) and gitleaks (lines 50–65).

Changes Required

File	Change
.github/workflows/copilot-setup-steps.yml	Add ARCH=$(uname -m) detection to the actionlint install step with architecture-specific URL and SHA256
.github/workflows/copilot-setup-steps.yml	Add ARCH=$(uname -m) detection to the uv install step with architecture-specific URL and SHA256
.github/workflows/copilot-setup-steps.yml	Add aarch64 SHA256 checksums as env vars alongside existing x86_64 checksums

Implementation Notes

• The architecture detection block should use the same ARCH=$(uname -m) pattern as on-create.sh, with an else branch that prints an error and exits non-zero for unsupported architectures.
• Each tool needs two SHA256 checksums (one per architecture). The aarch64 checksums are already captured in on-create.sh:
  • actionlint 1.7.10 aarch64: cd3dfe5f66887ec6b987752d8d9614e59fd22f39415c5ad9f28374623f41773a
  • uv 0.10.8 aarch64: 661860e954f87dcd823251191866af3486484d1a9df60eed56f4586ed7559e3d
• Consider extracting the arch detection to a shared step or reusing ARCH across steps to avoid duplication.
• If workflows.instructions.md runner constraints change to allow ARM runners in the future, update the Environment Synchronization guidance accordingly.

Acceptance Criteria

• Both actionlint and uv install steps use ARCH=$(uname -m) with if/elif/else branching
• x86_64 and aarch64 SHA256 checksums are specified for both tools
• Unsupported architectures produce a clear error message and non-zero exit code
• The pattern mirrors the structure used in on-create.sh for consistency
• Existing x86_64 behavior is unchanged (no regression on ubuntu-latest)

Related

• feat(ci): Add uv and Python package sync to copilot-setup-steps #888 — Parent issue for PR feat(workflows): add uv and Python package sync to copilot-setup-steps #921 (uv installation added to copilot-setup-steps)
• feat(devcontainer): Add Python development extensions and uv package manager #887 — Devcontainer companion; already implements the multi-arch pattern being requested here
• PR feat(workflows): add uv and Python package sync to copilot-setup-steps #921 — The PR that introduced uv to copilot-setup-steps with x86_64 hardcoding