Feat: supervisor ARM builds (#2046)

* v4 worker multi-arch builds

* v4-beta tag for webapp

* add oidc permission

* deps fetcher needs python

* node-gyp needs complete toolchain

* fix headers

* bust pnpm cache

* add setuptools

* switch back to old cache id

* push worker images

* pass the correct tags

Author: nicktrn

.github/workflows/publish-webapp.yml

@@ -43,9 +43,10 @@ jobs:
           ref_without_tag=ghcr.io/triggerdotdev/trigger.dev
           image_tags=$ref_without_tag:${{ steps.get_tag.outputs.tag }}
 
-          # if tag is a semver, also tag it as v3
+          # if tag is a semver, also tag it as v4
           if [[ "${{ steps.get_tag.outputs.is_semver }}" == true ]]; then
-            image_tags=$image_tags,$ref_without_tag:v3
+            # TODO: switch to v4 tag on GA
+            image_tags=$image_tags,$ref_without_tag:v4-beta
           fi
 
           echo "image_tags=${image_tags}" >> "$GITHUB_OUTPUT"

.github/workflows/publish-worker-v4.yml

@@ -14,6 +14,7 @@ on:
       - "re2-prod-*"
 
 permissions:
+  id-token: write
   packages: write
   contents: read
 
@@ -35,6 +36,9 @@ jobs:
     env:
       DOCKER_BUILDKIT: "1"
     steps:
+      - name: 🏭 Setup Depot CLI
+        uses: depot/setup-action@v1
+
       - name: ⬇️ Checkout git repo
         uses: actions/checkout@v4
 
@@ -49,47 +53,37 @@ jobs:
           fi
           echo "repo=${repo}" >> "$GITHUB_OUTPUT"
 
-      - id: get_tag
+      - name: "#️⃣ Get image tag"
+        id: get_tag
         uses: ./.github/actions/get-image-tag
         with:
           tag: ${{ inputs.image_tag }}
 
-      - name: 🐋 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: 📛 Set tags to push
+        id: set_tags
+        run: |
+          ref_without_tag=ghcr.io/triggerdotdev/${{ steps.get_repository.outputs.repo }}
+          image_tags=$ref_without_tag:${{ steps.get_tag.outputs.tag }}
 
-      # ..to avoid rate limits when pulling images
-      - name: 🐳 Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          # if tag is a semver, also tag it as v4
+          if [[ "${{ steps.get_tag.outputs.is_semver }}" == true ]]; then
+            # TODO: switch to v4 tag on GA
+            image_tags=$image_tags,$ref_without_tag:v4-beta
+          fi
 
-      - name: 🚢 Build Container Image
-        run: |
-          docker build -t infra_image -f ./apps/${{ matrix.package }}/Containerfile .
+          echo "image_tags=${image_tags}" >> "$GITHUB_OUTPUT"
 
-      # ..to push image
       - name: 🐙 Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: 🐙 Push to GitHub Container Registry
-        run: |
-          docker tag infra_image "$REGISTRY/$REPOSITORY:$IMAGE_TAG"
-          docker push "$REGISTRY/$REPOSITORY:$IMAGE_TAG"
-        env:
-          REGISTRY: ghcr.io/triggerdotdev
-          REPOSITORY: ${{ steps.get_repository.outputs.repo }}
-          IMAGE_TAG: ${{ steps.get_tag.outputs.tag }}
-
-      # - name: 🐙 Push 'v3' tag to GitHub Container Registry
-      #   if: steps.get_tag.outputs.is_semver == 'true'
-      #   run: |
-      #     docker tag infra_image "$REGISTRY/$REPOSITORY:v3"
-      #     docker push "$REGISTRY/$REPOSITORY:v3"
-      #   env:
-      #     REGISTRY: ghcr.io/triggerdotdev
-      #     REPOSITORY: ${{ steps.get_repository.outputs.repo }}
+      - name: 🐳 Build image and push to GitHub Container Registry
+        uses: depot/build-push-action@v1
+        with:
+          file: ./apps/${{ matrix.package }}/Containerfile
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.set_tags.outputs.image_tags }}
+          push: true

apps/supervisor/Containerfile

@@ -19,6 +19,7 @@ COPY --from=pruner --chown=node:node /app/out/pnpm-workspace.yaml ./pnpm-workspa
 RUN corepack enable && corepack prepare --activate
 
 FROM base AS deps-fetcher
+RUN apk add --no-cache python3-dev py3-setuptools make g++ gcc linux-headers
 RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store pnpm fetch --frozen-lockfile
 
 FROM deps-fetcher AS dev-deps