fix(ci): replace QEMU with native ARM64 runners for aarch64 RPM builds#12
Conversation
📝 WalkthroughWalkthroughAarch64 RPM CI jobs were converted from QEMU-based emulation to native ARM64 GitHub runners ( Changes
Sequence Diagram(s)sequenceDiagram
participant GitHubActions
participant ARM_Runner as "ubuntu-24.04-arm\n(runner)"
participant Container as "Fedora 42\ncontainer"
participant Mock as "mock"
participant ArtifactStore as "Actions Artifacts"
GitHubActions->>ARM_Runner: schedule aarch64 job
ARM_Runner->>Container: start privileged container
Container->>Container: install deps (dnf: mock, createrepo_c, rpmdevtools)
Container->>Container: checkout repository
Container->>Container: run packaging/build-srpm.sh (produce .src.rpm)
Container->>Mock: mock --rebuild packaging/srpms/*.src.rpm
Mock-->>Container: write RPMs to packaging/rpms/ (workspace-local)
Container->>Container: prepare repo (copy rpms -> repo/, run createrepo_c)
Container->>ArtifactStore: upload `rpms/` and `repo/` artifacts
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (2)
.github/workflows/ci.yml (1)
386-398: Make the shell explicit for theshoptloop.This step uses
shopt, which is a bash builtin. GitHub documents thatrunsteps insidecontainerjobs default tosh, notbash, so this relies on the image's/bin/shbehavior instead of the workflow definition. Addshell: bashhere or rewrite the loop to be POSIX-safe. (docs.github.com)Suggested diff
- name: Build RPMs via mock + shell: bash run: | shopt -s nullglob mkdir -p packaging/rpms for srpm in packaging/srpms/*.src.rpm; do🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yml around lines 386 - 398, The workflow step uses the bash builtin shopt and a for-loop that may run under /bin/sh in container jobs; update the step that contains "shopt -s nullglob" and the for srpm loop to either set shell: bash for that run step or rewrite the loop to be POSIX-safe (remove shopt usage and handle empty globbing explicitly) so it does not rely on bash-only behavior; modify the step containing the mock invocation/for srpm loop accordingly (add shell: bash above the run block or replace shopt+for with a POSIX-compatible pattern)..github/workflows/rpm-repo.yml (1)
147-150: Consider extracting themockbootstrap into a shared action.Lines 147-150 and Lines 158-175 are now effectively the same flow as
.github/workflows/rpm-repo.ymlLines 83-115 and.github/workflows/ci.ymlLines 375-398. A reusable workflow or composite action would keep dependency lists,mockflags, and failure handling aligned across the RPM paths.Also applies to: 158-175
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/rpm-repo.yml around lines 147 - 150, Extract the repeated "Install build dependencies" step (the block that runs "dnf install -y --setopt=install_weak_deps=False mock createrepo_c" and "usermod -a -G mock root") into a shared reusable workflow or composite action, then replace the inline blocks in the three occurrences (the "Install build dependencies" step used in the RPM paths and the matching step in CI) with calls to that shared action; ensure the composite action exposes inputs for package list and mock flags (so flags like --setopt=install_weak_deps can be kept configurable), preserves the usermod behavior, and update the callers to pass any environment/permissions needed and to use the same failure handling as before.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 386-398: The workflow step uses the bash builtin shopt and a
for-loop that may run under /bin/sh in container jobs; update the step that
contains "shopt -s nullglob" and the for srpm loop to either set shell: bash for
that run step or rewrite the loop to be POSIX-safe (remove shopt usage and
handle empty globbing explicitly) so it does not rely on bash-only behavior;
modify the step containing the mock invocation/for srpm loop accordingly (add
shell: bash above the run block or replace shopt+for with a POSIX-compatible
pattern).
In @.github/workflows/rpm-repo.yml:
- Around line 147-150: Extract the repeated "Install build dependencies" step
(the block that runs "dnf install -y --setopt=install_weak_deps=False mock
createrepo_c" and "usermod -a -G mock root") into a shared reusable workflow or
composite action, then replace the inline blocks in the three occurrences (the
"Install build dependencies" step used in the RPM paths and the matching step in
CI) with calls to that shared action; ensure the composite action exposes inputs
for package list and mock flags (so flags like --setopt=install_weak_deps can be
kept configurable), preserves the usermod behavior, and update the callers to
pass any environment/permissions needed and to use the same failure handling as
before.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: df9ca9e6-82bd-4539-af1b-3ae51c875b12
📒 Files selected for processing (2)
.github/workflows/ci.yml.github/workflows/rpm-repo.yml
… RPM builds GitHub now provides free native ARM64 runners (ubuntu-24.04-arm) for public repos. Switch from uraimo/run-on-arch-action QEMU emulation to native runners with a Fedora 42 container, matching the x86_64 job structure. Eliminates ~10-30x emulation overhead. Signed-off-by: Adam Miller <admiller@redhat.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/rpm-repo.yml (1)
129-132: Consider using a consistent CI image for both architectures.The x86_64 job uses the custom CI image (
${{ vars.CI_IMAGE || 'ghcr.io/lobstertrap/puzzlepod/ci:fedora42' }}) with pre-installed dependencies, while this aarch64 job uses vanillafedora:42and installs dependencies at runtime. This works correctly but introduces potential for environment drift between architectures.For now this is fine since native ARM64 builds are a significant improvement over QEMU. A future enhancement could be building a multi-arch CI image to ensure identical build environments.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/rpm-repo.yml around lines 129 - 132, The aarch64 job uses a vanilla fedora:42 container while the x86_64 job uses the custom CI image variable, causing environment drift; update the aarch64 job's container.image (the value currently "fedora:42") to use the same CI image variable expression used by the x86 job (e.g. the "${{ vars.CI_IMAGE || 'ghcr.io/lobstertrap/puzzlepod/ci:fedora42' }}" pattern) so both architectures run in the same preconfigured CI image and avoid divergent runtime installs.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/rpm-repo.yml:
- Around line 129-132: The aarch64 job uses a vanilla fedora:42 container while
the x86_64 job uses the custom CI image variable, causing environment drift;
update the aarch64 job's container.image (the value currently "fedora:42") to
use the same CI image variable expression used by the x86 job (e.g. the "${{
vars.CI_IMAGE || 'ghcr.io/lobstertrap/puzzlepod/ci:fedora42' }}" pattern) so
both architectures run in the same preconfigured CI image and avoid divergent
runtime installs.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: eb1e72f0-cc68-4a72-b8ad-56cc1d1979a4
📒 Files selected for processing (2)
.github/workflows/ci.yml.github/workflows/rpm-repo.yml
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/ci.yml
Summary
uraimo/run-on-arch-actionQEMU emulation with GitHub's nativeubuntu-24.04-armrunners for all aarch64 RPM build jobsci.yml(validation builds) andrpm-repo.yml(publish pipeline)fedora:42container on native ARM64 runners, matching the x86_64 job structureMotivation
GitHub now provides free native ARM64 hosted runners for public repos (GA Aug 2025). QEMU-emulated Rust compiles were taking 45+ minutes and burning API rate limits during monitoring. Native builds should complete in ~5 minutes.
Test plan
ubuntu-24.04-armwithout errors🤖 Generated with Claude Code
Summary by CodeRabbit