feat: add ARM64 kernel build support

.github/workflows/fc-kernels.yml

@@ -8,8 +8,30 @@ permissions:
   contents: write
 
 jobs:
+  build:
+    name: Build kernels (${{ matrix.arch }})
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        arch: [x86_64, arm64]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build kernels
+        run: sudo TARGET_ARCH=${{ matrix.arch }} make build
+
+      - name: Upload kernels as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: kernels-${{ matrix.arch }}-${{ github.run_id }}
+          path: ./builds
+          retention-days: 7
+
   publish:
-    name: Upload kernels
+    name: Publish kernels
+    needs: build
+    if: github.ref_name == 'main'
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repository
@@ -38,28 +60,19 @@ jobs:
           result=$(echo ${version} | awk -F. -v OFS=. '{$NF += 1 ; print}')
           echo "version=$result" >> $GITHUB_OUTPUT
 
-      - name: Test next version
-        run: echo "Next version is ${{ steps.get-version.outputs.version }}"
+      - name: Download all build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: ./builds
+          merge-multiple: true
 
       - name: Setup Service Account
         uses: google-github-actions/auth@v1
         with:
           workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
           service_account: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
 
-      - name: Build kernels
-        run: sudo make build
-
-      - name: Upload kernels as artifact
-        if: github.ref_name != 'main'
-        uses: actions/upload-artifact@v4
-        with:
-          name: kernels-${{ github.run_id }}
-          path: ./builds
-          retention-days: 7
-
-      - name: Upload kernels
-        if: github.ref_name == 'main'
+      - name: Upload kernels to GCS
         uses: "google-github-actions/upload-cloud-storage@v1"
         with:
           path: "./builds"
@@ -68,7 +81,6 @@ jobs:
           parent: false
 
       - name: Create Git tag
-        if: github.ref_name == 'main'
         run: |
           git config user.name "github-actions"
           git config user.email "github-actions@github.com"
@@ -78,23 +90,29 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Prepare release assets
-        if: github.ref_name == 'main'
         run: |
           mkdir -p release-assets
           for dir in ./builds/*/; do
             name=$(basename "$dir")
-            cp "$dir/vmlinux.bin" "release-assets/${name}.bin"
+            # Legacy x86_64 (no arch subdir)
+            if [ -f "$dir/vmlinux.bin" ]; then
+              cp "$dir/vmlinux.bin" "release-assets/${name}.bin"
+            fi
+            # Per-arch binaries
+            for archdir in "$dir"/*/; do
+              [ -d "$archdir" ] || continue
+              arch=$(basename "$archdir")
+              if [ -f "$archdir/vmlinux.bin" ]; then
+                cp "$archdir/vmlinux.bin" "release-assets/${name}-${arch}.bin"
+              fi
+            done
           done
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Upload Release Asset
-        if: github.ref_name == 'main'
         uses: softprops/action-gh-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           name: Kernels ${{ steps.get-version.outputs.version }}
           tag_name: ${{ steps.get-version.outputs.version }}
           files: "./release-assets/*"
-

Makefile

@@ -1,3 +1,7 @@
 .PHONY: build
 build:
 	./build.sh
+
+.PHONY: build-arm64
+build-arm64:
+	TARGET_ARCH=arm64 ./build.sh

build.sh

@@ -3,20 +3,22 @@
 
 set -euo pipefail
 
+# TARGET_ARCH: x86_64 (default) or arm64
+TARGET_ARCH="${TARGET_ARCH:-x86_64}"
+HOST_ARCH="$(uname -m)"
+
 function install_dependencies {
     apt update
-    apt install -y bc flex bison gcc make libelf-dev libssl-dev squashfs-tools busybox-static tree cpio curl patch
+    local packages="bc flex bison gcc make libelf-dev libssl-dev squashfs-tools busybox-static tree cpio curl patch"
+
+    if [[ "$TARGET_ARCH" == "arm64" && "$HOST_ARCH" != "aarch64" ]]; then
+        packages="$packages gcc-aarch64-linux-gnu"
+    fi
+
+    apt install -y $packages
 }
 
-# From above mentioned script
 # prints the git tag corresponding to the newest and best matching the provided kernel version $1
-# this means that if a microvm kernel exists, the tag returned will be of the form
-#
-#    microvm-kernel-$1.<patch number>.amzn2[023]
-#
-# otherwise choose the newest tag matching
-#
-#    kernel-$1.<patch number>.amzn2[023]
 function get_tag {
     local KERNEL_VERSION=$1
 
@@ -27,23 +29,40 @@ function get_tag {
 
 function build_version {
   local version=$1
-  echo "Starting build for kernel version: $version"
+  echo "Starting build for kernel version: $version (${TARGET_ARCH})"
 
-  cp ../configs/"${version}.config" .config
+  # Configs live in configs/{arch}/
+  cp ../configs/"${TARGET_ARCH}/${version}.config" .config
 
   echo "Checking out repo for kernel at version: $version"
   git checkout "$(get_tag "$version")"
 
+  # Set up cross-compilation if building arm64 on x86_64
+  local make_opts=""
+  if [[ "$TARGET_ARCH" == "arm64" ]]; then
+    if [[ "$HOST_ARCH" != "aarch64" ]]; then
+      make_opts="ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu-"
+    else
+      make_opts="ARCH=arm64"
+    fi
+  fi
+
   echo "Building kernel version: $version"
-  make olddefconfig
-  make vmlinux -j "$(nproc)"
+  make $make_opts olddefconfig
+  make $make_opts vmlinux -j "$(nproc)"
 
   echo "Copying finished build to builds directory"
-  mkdir -p "../builds/vmlinux-${version}"
-  cp vmlinux "../builds/vmlinux-${version}/vmlinux.bin"
+  # Always output to {arch}/ subdirectory
+  mkdir -p "../builds/vmlinux-${version}/${TARGET_ARCH}"
+  cp vmlinux "../builds/vmlinux-${version}/${TARGET_ARCH}/vmlinux.bin"
+
+  # x86_64: also copy to legacy path (no arch subdir) for backwards compat
+  if [[ "$TARGET_ARCH" == "x86_64" ]]; then
+    cp vmlinux "../builds/vmlinux-${version}/vmlinux.bin"
+  fi
 }
 
-echo "Cloning the linux kernel repository"
+echo "Building kernels for ${TARGET_ARCH}"
 
 install_dependencies