Skip to content

fix(ci): replace QEMU with native ARM64 runners for aarch64 RPM builds#12

Merged
maxamillion merged 1 commit into
mainfrom
rpm
Mar 30, 2026
Merged

fix(ci): replace QEMU with native ARM64 runners for aarch64 RPM builds#12
maxamillion merged 1 commit into
mainfrom
rpm

Conversation

@maxamillion

@maxamillion maxamillion commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Replace uraimo/run-on-arch-action QEMU emulation with GitHub's native ubuntu-24.04-arm runners for all aarch64 RPM build jobs
  • Applies to both ci.yml (validation builds) and rpm-repo.yml (publish pipeline)
  • Uses fedora:42 container on native ARM64 runners, matching the x86_64 job structure

Motivation

GitHub now provides free native ARM64 hosted runners for public repos (GA Aug 2025). QEMU-emulated Rust compiles were taking 45+ minutes and burning API rate limits during monitoring. Native builds should complete in ~5 minutes.

Test plan

  • CI aarch64 RPM build jobs run on ubuntu-24.04-arm without errors
  • RPM Repository aarch64 build + publish jobs complete successfully
  • Built aarch64 RPMs are correctly placed in repo artifacts
  • x86_64 jobs remain unaffected

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Migrated aarch64 RPM builds from emulation to native ARM64 runners for faster, more reliable builds.
    • Split the build into separate SRPM-generation and RPM-rebuild stages and added an explicit dependency-install step.
    • Standardized artifact/repo output locations and updated repo preparation for consistent packaging and uploads.

@coderabbitai

coderabbitai Bot commented Mar 30, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Aarch64 RPM CI jobs were converted from QEMU-based emulation to native ARM64 GitHub runners (ubuntu-24.04-arm) running Fedora 42 containers; dependency installation, SRPM generation, and mock --rebuild RPM builds were split into explicit steps and artifact paths moved to workspace-local locations.

Changes

Cohort / File(s) Summary
CI workflow updates (aarch64 builds)
.github/workflows/ci.yml, .github/workflows/rpm-repo.yml
Replaced uraimo/run-on-arch-action QEMU emulation with native ubuntu-24.04-arm runners + Fedora 42 containers. Moved dependency installation into dedicated steps, split SRPM generation and mock --rebuild into explicit steps, added usermod -a -G mock root, adjusted mock invocation to use workspace paths, updated artifact upload paths to packaging/rpms/, rpms/, and repo/, and removed emulation-specific container/volume wiring.

Sequence Diagram(s)

sequenceDiagram
  participant GitHubActions
  participant ARM_Runner as "ubuntu-24.04-arm\n(runner)"
  participant Container as "Fedora 42\ncontainer"
  participant Mock as "mock"
  participant ArtifactStore as "Actions Artifacts"

  GitHubActions->>ARM_Runner: schedule aarch64 job
  ARM_Runner->>Container: start privileged container
  Container->>Container: install deps (dnf: mock, createrepo_c, rpmdevtools)
  Container->>Container: checkout repository
  Container->>Container: run packaging/build-srpm.sh (produce .src.rpm)
  Container->>Mock: mock --rebuild packaging/srpms/*.src.rpm
  Mock-->>Container: write RPMs to packaging/rpms/ (workspace-local)
  Container->>Container: prepare repo (copy rpms -> repo/, run createrepo_c)
  Container->>ArtifactStore: upload `rpms/` and `repo/` artifacts
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Poem

🐰
From QEMU burrows I hopped outside,
To ARM's green meadow, swift and wide.
I chased the deps and built with glee,
SRPMs, RPMs — a hopping spree.
Tiny paws, big packages — hooray!

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and clearly describes the main change: replacing QEMU-based emulation with native ARM64 runners for aarch64 RPM builds, which is exactly what both modified files accomplish.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch rpm

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
.github/workflows/ci.yml (1)

386-398: Make the shell explicit for the shopt loop.

This step uses shopt, which is a bash builtin. GitHub documents that run steps inside container jobs default to sh, not bash, so this relies on the image's /bin/sh behavior instead of the workflow definition. Add shell: bash here or rewrite the loop to be POSIX-safe. (docs.github.com)

Suggested diff
       - name: Build RPMs via mock
+        shell: bash
         run: |
           shopt -s nullglob
           mkdir -p packaging/rpms
           for srpm in packaging/srpms/*.src.rpm; do
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 386 - 398, The workflow step uses the
bash builtin shopt and a for-loop that may run under /bin/sh in container jobs;
update the step that contains "shopt -s nullglob" and the for srpm loop to
either set shell: bash for that run step or rewrite the loop to be POSIX-safe
(remove shopt usage and handle empty globbing explicitly) so it does not rely on
bash-only behavior; modify the step containing the mock invocation/for srpm loop
accordingly (add shell: bash above the run block or replace shopt+for with a
POSIX-compatible pattern).
.github/workflows/rpm-repo.yml (1)

147-150: Consider extracting the mock bootstrap into a shared action.

Lines 147-150 and Lines 158-175 are now effectively the same flow as .github/workflows/rpm-repo.yml Lines 83-115 and .github/workflows/ci.yml Lines 375-398. A reusable workflow or composite action would keep dependency lists, mock flags, and failure handling aligned across the RPM paths.

Also applies to: 158-175

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/rpm-repo.yml around lines 147 - 150, Extract the repeated
"Install build dependencies" step (the block that runs "dnf install -y
--setopt=install_weak_deps=False mock createrepo_c" and "usermod -a -G mock
root") into a shared reusable workflow or composite action, then replace the
inline blocks in the three occurrences (the "Install build dependencies" step
used in the RPM paths and the matching step in CI) with calls to that shared
action; ensure the composite action exposes inputs for package list and mock
flags (so flags like --setopt=install_weak_deps can be kept configurable),
preserves the usermod behavior, and update the callers to pass any
environment/permissions needed and to use the same failure handling as before.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 386-398: The workflow step uses the bash builtin shopt and a
for-loop that may run under /bin/sh in container jobs; update the step that
contains "shopt -s nullglob" and the for srpm loop to either set shell: bash for
that run step or rewrite the loop to be POSIX-safe (remove shopt usage and
handle empty globbing explicitly) so it does not rely on bash-only behavior;
modify the step containing the mock invocation/for srpm loop accordingly (add
shell: bash above the run block or replace shopt+for with a POSIX-compatible
pattern).

In @.github/workflows/rpm-repo.yml:
- Around line 147-150: Extract the repeated "Install build dependencies" step
(the block that runs "dnf install -y --setopt=install_weak_deps=False mock
createrepo_c" and "usermod -a -G mock root") into a shared reusable workflow or
composite action, then replace the inline blocks in the three occurrences (the
"Install build dependencies" step used in the RPM paths and the matching step in
CI) with calls to that shared action; ensure the composite action exposes inputs
for package list and mock flags (so flags like --setopt=install_weak_deps can be
kept configurable), preserves the usermod behavior, and update the callers to
pass any environment/permissions needed and to use the same failure handling as
before.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: df9ca9e6-82bd-4539-af1b-3ae51c875b12

📥 Commits

Reviewing files that changed from the base of the PR and between d9e1b88 and 8e667e0.

📒 Files selected for processing (2)
  • .github/workflows/ci.yml
  • .github/workflows/rpm-repo.yml

… RPM builds

GitHub now provides free native ARM64 runners (ubuntu-24.04-arm) for
public repos. Switch from uraimo/run-on-arch-action QEMU emulation to
native runners with a Fedora 42 container, matching the x86_64 job
structure. Eliminates ~10-30x emulation overhead.

Signed-off-by: Adam Miller <admiller@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/rpm-repo.yml (1)

129-132: Consider using a consistent CI image for both architectures.

The x86_64 job uses the custom CI image (${{ vars.CI_IMAGE || 'ghcr.io/lobstertrap/puzzlepod/ci:fedora42' }}) with pre-installed dependencies, while this aarch64 job uses vanilla fedora:42 and installs dependencies at runtime. This works correctly but introduces potential for environment drift between architectures.

For now this is fine since native ARM64 builds are a significant improvement over QEMU. A future enhancement could be building a multi-arch CI image to ensure identical build environments.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/rpm-repo.yml around lines 129 - 132, The aarch64 job uses
a vanilla fedora:42 container while the x86_64 job uses the custom CI image
variable, causing environment drift; update the aarch64 job's container.image
(the value currently "fedora:42") to use the same CI image variable expression
used by the x86 job (e.g. the "${{ vars.CI_IMAGE ||
'ghcr.io/lobstertrap/puzzlepod/ci:fedora42' }}" pattern) so both architectures
run in the same preconfigured CI image and avoid divergent runtime installs.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/rpm-repo.yml:
- Around line 129-132: The aarch64 job uses a vanilla fedora:42 container while
the x86_64 job uses the custom CI image variable, causing environment drift;
update the aarch64 job's container.image (the value currently "fedora:42") to
use the same CI image variable expression used by the x86 job (e.g. the "${{
vars.CI_IMAGE || 'ghcr.io/lobstertrap/puzzlepod/ci:fedora42' }}" pattern) so
both architectures run in the same preconfigured CI image and avoid divergent
runtime installs.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eb1e72f0-cc68-4a72-b8ad-56cc1d1979a4

📥 Commits

Reviewing files that changed from the base of the PR and between 2209109 and c3aa77e.

📒 Files selected for processing (2)
  • .github/workflows/ci.yml
  • .github/workflows/rpm-repo.yml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/ci.yml

@maxamillion maxamillion merged commit 7fa351d into main Mar 30, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant