Use arm64 runner

[lucacome]

Summary by CodeRabbit

Release Notes

• Chores
  • Introduced dedicated ARM architecture build pipeline with support for multiple OS variants to improve cross-platform compatibility.
  • Enhanced local Docker development workflow by enabling automatic image loading into Docker daemon.

[coderabbitai]

Warning

Rate limit exceeded

@lucacome has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 9 minutes and 55 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 69b2d4c and 5f78c8a.

📒 Files selected for processing (2)

• .github/workflows/docker.yml (3 hunks)
• Makefile (1 hunks)

Walkthrough

The workflow refactors Docker image building by splitting ARM64 builds into a dedicated job with OS-based matrix strategy (debian, alpine), while narrowing the main build to arm, ppc64le, and s390x platforms. The Makefile adds a --load flag to the docker-image target to load built images into the local Docker daemon.

Changes

Cohort / File(s)	Summary
CI/CD Workflow Restructuring \.github/workflows/docker.yml	Separated ARM Docker image builds into dedicated job with OS matrix. Main job now excludes arm64 platform. New build-docker-arm job includes Docker Buildx setup, multi-registry authentication, OS-based metadata flavoring, and manifest inspection steps.
Local Build Configuration Makefile	Added --load flag to docker build command in docker-image target to load built image into local Docker daemon.

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions
    participant Main as Main Job
    participant ARM as ARM Job (Matrix)
    participant Registry as Docker Registries

    Note over GHA: Workflow triggered
    GHA->>Main: Run (arm, ppc64le, s390x)
    GHA->>ARM: Run (debian matrix)<br/>(linux/arm64)
    
    par Main Build
        Main->>Main: Build & Push multi-platform<br/>(excludes arm64)
        Main->>Registry: Push to registries
    and ARM Build
        ARM->>ARM: Build (debian)
        ARM->>ARM: Authenticate & Generate metadata
        ARM->>ARM: Build & Push (linux/arm64, SBOM)
        ARM->>ARM: Append architecture to manifest
        ARM->>ARM: Inspect final manifest
        ARM->>Registry: Push to registries
    end
    
    Note over Registry: Multi-registry images available

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Requires verification of matrix strategy syntax and variable usage across debian/alpine OS variants
• Platform separation logic between main and ARM jobs needs validation to ensure no build gaps
• Docker Buildx configuration and authentication flow (skipped on PRs) should be reviewed for correctness
• Manifest manipulation steps in new ARM job require understanding of Docker multi-arch image handling

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title Check	❓ Inconclusive	The title "Use arm64 runner" is vague and does not clearly communicate the main changes in this pull request. While it does reference arm64, which is relevant to the changeset, it fails to convey what is actually being changed. The term "runner" is ambiguous—it could suggest using an arm64 machine to execute something, but the actual changes involve separating ARM64 Docker image builds into a dedicated workflow job and adding a --load flag to the Makefile's docker build command. A teammate scanning the git history would not understand from this title alone that the PR restructures the Docker build workflow for ARM64 images.	The title should be more specific and descriptive about the actual changes. Consider a title like "Separate ARM64 Docker builds into dedicated workflow job" or "Add dedicated workflow job for ARM64 image builds" that clearly explains the main objective. This would help other developers quickly understand the purpose of the changes without needing to review the PR details.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/docker.yml (1)

133-219: Consider consolidating duplicated workflow steps via YAML anchors or composite actions.

The build-docker-arm job duplicates ~80% of the build-docker job (checkout, variable extraction, Docker setup, auth, metadata, build, scan). While some duplication is acceptable for distinct runners/platforms, using YAML anchors or GitHub composite actions could reduce maintenance burden and ensure consistency across future updates.

For example, extract common steps into a composite action or use YAML anchors to define reusable step blocks. This is optional but would improve maintainability if the workflow scales to additional platforms/runners.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b85e9d and 69b2d4c.

📒 Files selected for processing (2)

• .github/workflows/docker.yml (3 hunks)
• Makefile (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Build Binaries (1.23.4)
• GitHub Check: Build Binaries (1.27.1)
• GitHub Check: Build Docker Image
• GitHub Check: Build Docker Image (debian)
• GitHub Check: Build Docker Image (alpine)
• GitHub Check: Analyze (go)

🔇 Additional comments (4)

Makefile (1)

5-5: Add --load flag for local image loading.

The --load flag aligns with the separate ARM runner strategy, ensuring single-platform builds load into the local Docker daemon. Consistent with existing patterns in the test target (lines 16–18).

.github/workflows/docker.yml (3)

86-86: Step ID added correctly for manifest reference.

The id: build addition enables the downstream manifest manipulation step (line 215) to reference steps.build.outputs.digest.

---

135-135: Verify ubuntu-24.04-arm runner is available.

The job references a custom ARM runner (ubuntu-24.04-arm). Confirm this runner is provisioned and accessible in the GitHub Actions environment.

---

212-219: Remove commented-out condition and clarify manifest operation intent.

Line 213 contains a commented-out if: github.event_name != 'pull_request' condition, suggesting incomplete work or debugging. Clarify whether this step should be gated by event type (e.g., skip on PRs) or if the comment should be removed.

If the step should only run on releases/pushes, apply this diff:

      - name: Apend architecture to image manifest
-        # if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request'
         run: |

Otherwise, remove the commented condition entirely.