Bh/multi arch builds 2 (#1532)

brian-hussey · crivetimihai · kevalmahajan · commit 779d1658ff0c · 2025-12-03T14:35:23.000+05:30
* feat: Add multiplatform container image support (amd64, arm64, s390x) Add comprehensive multiplatform Docker build support with: - New docker-multiplatform.yml workflow: - Parallel native builds for amd64 (ubuntu-latest) and arm64 (ubuntu-24.04-arm) - QEMU emulation for s390x on ubuntu-latest - Multiplatform manifest creation with buildx imagetools - Security scanning (Trivy, Grype, Syft SBOM) on amd64 - Cosign keyless signing for all architectures - Updated docker-release.yml: - Use buildx imagetools create for manifest handling - Preserves all architecture variants when tagging releases - Updated ibm-cloud-code-engine.yml: - Explicit --platform linux/amd64 flag for consistent builds - Updated Containerfile.lite for multiplatform compatibility: - Use ubi10-minimal as runtime base instead of scratch - Eliminates dnf --installroot which fails under QEMU emulation - Uses microdnf for runtime package installation - Maintains security scanning compatibility (RPM database preserved) - Enhanced Makefile targets: - container-build-multi: Build multiplatform image locally - container-inspect-manifest: Inspect multiplatform manifest in registry Closes #80 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Include missing Container.scratch file in MANIFEST.in (#1529) Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Update documentation for multi-architecture image use Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Revert unneeded changes in one part of the doc. Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Add recursive signing to cosign step. Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
diff --git a/.github/workflows/docker-multiplatform.yml b/.github/workflows/docker-multiplatform.yml
@@ -321,9 +321,10 @@ jobs:
           SHA=${{ github.sha }}
 
           echo "Signing ${IMAGE}:latest"
-          cosign sign --yes "${IMAGE}:latest"
+
+          cosign sign --recursive --yes "${IMAGE}:latest"
 
           echo "Signing ${IMAGE}:${SHA}"
-          cosign sign --yes "${IMAGE}:${SHA}"
+          cosign sign --recursive --yes "${IMAGE}:${SHA}"
 
           echo "Images signed successfully"
diff --git a/docs/docs/deployment/container.md b/docs/docs/deployment/container.md
@@ -30,6 +30,27 @@ docker logs mcpgateway
 
 You can now access the UI at [http://localhost:4444/admin](http://localhost:4444/admin)
 
+### Multi-architecture containers
+Note: the container build process creates container images for 'amd64', 'arm64' and 's390x' architectures. The version `ghcr.io/ibm/mcp-context-forge:VERSION` 
+not points to a manifest so that if all commands will pull the correct image for the architecture being used (whether that be locally or on Kubernetes or OpenShift).
+
+If the specific image is needed for one architecture on a different architecture use the appropriate arguments for your given container execution tool:
+
+With docker run: 
+```
+docker run [... all your options...] --platform linux/arm64 ghcr.io/ibm/mcp-context-forge:VERSION
+```
+
+With podman run:
+```
+podman run [... all your options...] --platform linux/arm64 ghcr.io/ibm/mcp-context-forge:VERSION
+```
+Or
+```
+podman run [... all your options...] --arch arm64 ghcr.io/ibm/mcp-context-forge:VERSION
+```
+
+
 ## 🐳 Build the Container
 
 ### Using Podman (recommended)
