address comments

2 weeks ago · dee2317cba
4 changed files with 89 additions and 50 deletions
--- a/.github/workflows/container_foundationdb_version.yml
+++ b/.github/workflows/container_foundationdb_version.yml
@ -33,7 +33,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0

@ -83,12 +83,9 @@ jobs:
          fi
          if [ -z "$tag" ]; then
            tag="foundationdb_${sanitized_version}_seaweedfs_${sanitized_seaweed}"
+          else
+            tag="$(sanitize "$tag")"
          fi
-          tag="${tag,,}"
-          tag="${tag// /-}"
-          tag="${tag//[^a-z0-9_.-]/-}"
-          tag="${tag#-}"
-          tag="${tag%-}"
          if [ -z "$tag" ]; then
            echo "Resulting Docker tag is empty." >&2
            exit 1
@ -98,13 +95,13 @@ jobs:
          echo "seaweedfs_ref=$seaweed" >> "$GITHUB_OUTPUT"

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v1
+        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v1
+        uses: docker/setup-buildx-action@v3

      - name: Login to Docker Hub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v1
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
@ -121,7 +118,7 @@ jobs:
          fi

      - name: Build and push image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v2
+        uses: docker/build-push-action@v6
        with:
          context: ./docker
          push: ${{ github.event_name != 'pull_request' }}
@ -129,6 +126,8 @@ jobs:
          build-args: |
            FDB_VERSION=${{ inputs.fdb_version || '7.4.5' }}
            BRANCH=${{ steps.branch.outputs.branch }}
+          # Note: ARM64 support requires FoundationDB ARM64 packages which are not available for all versions
+          # Currently only building for amd64. To enable ARM64, verify package availability and add checksums.
          platforms: linux/amd64
          tags: ${{ steps.tag.outputs.full_image || 'seaweedfs:foundationdb-test' }}
          labels: |
--- a/.github/workflows/container_release_foundationdb.yml
+++ b/.github/workflows/container_release_foundationdb.yml
@ -17,11 +17,11 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v2
+        uses: actions/checkout@v4
      -
        name: Docker meta
        id: docker_meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v3
+        uses: docker/metadata-action@v5
        with:
          images: |
            chrislusf/seaweedfs
@ -35,26 +35,36 @@ jobs:
            org.opencontainers.image.vendor=Chris Lu
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v1
+        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v1
+        uses: docker/setup-buildx-action@v3
      -
        name: Login to Docker Hub
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v1
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
+      -
+        name: Determine branch to build
+        id: branch
+        run: |
+          if [ "${{ github.event_name }}" = "push" ] && [ -n "${{ github.ref_name }}" ]; then
+            echo "branch=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+          else
+            echo "branch=master" >> "$GITHUB_OUTPUT"
+          fi
      -
        name: Build
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v2
+        uses: docker/build-push-action@v6
        with:
          context: ./docker
          push: ${{ github.event_name != 'pull_request' }}
          file: ./docker/Dockerfile.foundationdb_large
          build-args: |
-            BRANCH=${{ github.sha }}
+            BRANCH=${{ steps.branch.outputs.branch }}
+          # Note: ARM64 support requires FoundationDB ARM64 packages which are not available for all versions
          platforms: linux/amd64
          tags: ${{ steps.docker_meta.outputs.tags }}
          labels: ${{ steps.docker_meta.outputs.labels }}
--- a/docker/Dockerfile.foundationdb_large
+++ b/docker/Dockerfile.foundationdb_large
@ -5,42 +5,52 @@ RUN apt-get install -y build-essential wget ca-certificates

 ARG FDB_VERSION=7.4.5
 ENV FDB_VERSION=${FDB_VERSION}
+ARG TARGETARCH

 # Install FoundationDB client libraries with SHA256 checksum verification
 # Known SHA256 checksums for FoundationDB client packages (verified 2025-01-19)
 # To add checksums for new versions: run docker/get_fdb_checksum.sh <version>
 RUN cd /tmp && \
-    case "${FDB_VERSION}" in \
-        "7.4.5") \
+    case "${TARGETARCH}" in \
+        "amd64") FDB_ARCH="amd64" ;; \
+        "arm64") FDB_ARCH="arm64" ;; \
+        *) echo "Unsupported architecture: ${TARGETARCH}" >&2; exit 1 ;; \
+    esac && \
+    case "${FDB_VERSION}_${FDB_ARCH}" in \
+        "7.4.5_amd64") \
            EXPECTED_SHA256="eea6b98cf386a0848655b2e196d18633662a7440a7ee061c10e32153c7e7e112" ;; \
-        "7.3.43") \
+        "7.4.5_arm64") \
+            EXPECTED_SHA256="TBD_RUN_get_fdb_checksum_for_arm64" ;; \
+        "7.3.43_amd64") \
            EXPECTED_SHA256="c3fa0a59c7355b914a1455dac909238d5ea3b6c6bc7b530af8597e6487c1651a" ;; \
+        "7.3.43_arm64") \
+            EXPECTED_SHA256="TBD_RUN_get_fdb_checksum_for_arm64" ;; \
        *) \
-            echo "ERROR: No checksum available for FDB version ${FDB_VERSION}" >&2; \
+            echo "ERROR: No checksum available for FDB version ${FDB_VERSION} on ${FDB_ARCH}" >&2; \
            echo "This is a security requirement. To add verification:" >&2; \
-            echo "  1. Run: docker/get_fdb_checksum.sh ${FDB_VERSION}" >&2; \
+            echo "  1. Run: docker/get_fdb_checksum.sh ${FDB_VERSION} ${FDB_ARCH}" >&2; \
            echo "  2. Add the checksum to this Dockerfile" >&2; \
            echo "Refusing to proceed without checksum verification." >&2; \
            exit 1 ;; \
    esac && \
-    wget https://github.com/apple/foundationdb/releases/download/${FDB_VERSION}/foundationdb-clients_${FDB_VERSION}-1_amd64.deb && \
-    echo "${EXPECTED_SHA256}  foundationdb-clients_${FDB_VERSION}-1_amd64.deb" | sha256sum -c - || \
-        (echo "ERROR: Checksum verification failed for FoundationDB ${FDB_VERSION}" >&2; \
+    PACKAGE="foundationdb-clients_${FDB_VERSION}-1_${FDB_ARCH}.deb" && \
+    wget --timeout=30 --tries=3 https://github.com/apple/foundationdb/releases/download/${FDB_VERSION}/${PACKAGE} && \
+    echo "${EXPECTED_SHA256}  ${PACKAGE}" | sha256sum -c - || \
+        (echo "ERROR: Checksum verification failed for FoundationDB ${FDB_VERSION} (${FDB_ARCH})" >&2; \
         echo "Expected: ${EXPECTED_SHA256}" >&2; \
         echo "This indicates either a corrupted download or potential tampering." >&2; \
         exit 1) && \
-    dpkg -i foundationdb-clients_${FDB_VERSION}-1_amd64.deb && \
-    rm foundationdb-clients_${FDB_VERSION}-1_amd64.deb
+    dpkg -i ${PACKAGE} && \
+    rm ${PACKAGE}

 # Set up FoundationDB environment variables for CGO
 ENV CGO_CFLAGS="-I/usr/include/foundationdb"
 ENV CGO_LDFLAGS="-lfdb_c"

 # build SeaweedFS
-RUN mkdir -p /go/src/github.com/seaweedfs/
-RUN git clone https://github.com/seaweedfs/seaweedfs /go/src/github.com/seaweedfs/seaweedfs
 ARG BRANCH=master
-RUN cd /go/src/github.com/seaweedfs/seaweedfs && git checkout $BRANCH
+RUN mkdir -p /go/src/github.com/seaweedfs/ && \
+    git clone --depth 1 --branch ${BRANCH} https://github.com/seaweedfs/seaweedfs /go/src/github.com/seaweedfs/seaweedfs
 RUN cd /go/src/github.com/seaweedfs/seaweedfs/weed \
  && export LDFLAGS="-X github.com/seaweedfs/seaweedfs/weed/util/version.COMMIT=$(git rev-parse --short HEAD)" \
  && go install -tags "5BytesOffset foundationdb" -ldflags "${LDFLAGS}"
@ -59,22 +69,33 @@ RUN apt-get update && \

 # Install FoundationDB client library in runtime image with SHA256 checksum verification
 ARG FDB_VERSION=7.4.5
+ARG TARGETARCH
 RUN cd /tmp && \
-    case "${FDB_VERSION}" in \
-        "7.4.5") \
+    case "${TARGETARCH}" in \
+        "amd64") FDB_ARCH="amd64" ;; \
+        "arm64") FDB_ARCH="arm64" ;; \
+        *) echo "Unsupported architecture: ${TARGETARCH}" >&2; exit 1 ;; \
+    esac && \
+    case "${FDB_VERSION}_${FDB_ARCH}" in \
+        "7.4.5_amd64") \
            EXPECTED_SHA256="eea6b98cf386a0848655b2e196d18633662a7440a7ee061c10e32153c7e7e112" ;; \
-        "7.3.43") \
+        "7.4.5_arm64") \
+            EXPECTED_SHA256="TBD_RUN_get_fdb_checksum_for_arm64" ;; \
+        "7.3.43_amd64") \
            EXPECTED_SHA256="c3fa0a59c7355b914a1455dac909238d5ea3b6c6bc7b530af8597e6487c1651a" ;; \
+        "7.3.43_arm64") \
+            EXPECTED_SHA256="TBD_RUN_get_fdb_checksum_for_arm64" ;; \
        *) \
-            echo "ERROR: No checksum available for FDB version ${FDB_VERSION}" >&2; \
-            echo "Run docker/get_fdb_checksum.sh ${FDB_VERSION} to get the checksum" >&2; \
+            echo "ERROR: No checksum available for FDB version ${FDB_VERSION} on ${FDB_ARCH}" >&2; \
+            echo "Run docker/get_fdb_checksum.sh ${FDB_VERSION} ${FDB_ARCH} to get the checksum" >&2; \
            exit 1 ;; \
    esac && \
-    wget https://github.com/apple/foundationdb/releases/download/${FDB_VERSION}/foundationdb-clients_${FDB_VERSION}-1_amd64.deb && \
-    echo "${EXPECTED_SHA256}  foundationdb-clients_${FDB_VERSION}-1_amd64.deb" | sha256sum -c - || \
-        (echo "ERROR: Checksum verification failed for FoundationDB ${FDB_VERSION}" >&2; exit 1) && \
-    dpkg -i foundationdb-clients_${FDB_VERSION}-1_amd64.deb && \
-    rm foundationdb-clients_${FDB_VERSION}-1_amd64.deb
+    PACKAGE="foundationdb-clients_${FDB_VERSION}-1_${FDB_ARCH}.deb" && \
+    wget --timeout=30 --tries=3 https://github.com/apple/foundationdb/releases/download/${FDB_VERSION}/${PACKAGE} && \
+    echo "${EXPECTED_SHA256}  ${PACKAGE}" | sha256sum -c - || \
+        (echo "ERROR: Checksum verification failed for FoundationDB ${FDB_VERSION} (${FDB_ARCH})" >&2; exit 1) && \
+    dpkg -i ${PACKAGE} && \
+    rm ${PACKAGE}

 # Copy SeaweedFS binary and configuration
 COPY --from=builder /go/bin/weed /usr/bin/
--- a/docker/get_fdb_checksum.sh
+++ b/docker/get_fdb_checksum.sh
@ -1,30 +1,39 @@
 #!/bin/bash
 # Helper script to get SHA256 checksum for FoundationDB client package
-# Usage: ./get_fdb_checksum.sh <version>
-# Example: ./get_fdb_checksum.sh 7.4.5
+# Usage: ./get_fdb_checksum.sh <version> [arch]
+# Example: ./get_fdb_checksum.sh 7.4.5 amd64
+# Example: ./get_fdb_checksum.sh 7.4.5 arm64

 set -euo pipefail

-if [ $# -ne 1 ]; then
-    echo "Usage: $0 <fdb_version>" >&2
+if [ $# -lt 1 ] || [ $# -gt 2 ]; then
+    echo "Usage: $0 <fdb_version> [arch]" >&2
    echo "Example: $0 7.4.5" >&2
+    echo "Example: $0 7.4.5 arm64" >&2
    exit 1
 fi

 FDB_VERSION="$1"
-PACKAGE="foundationdb-clients_${FDB_VERSION}-1_amd64.deb"
+FDB_ARCH="${2:-amd64}"
+
+if [ "$FDB_ARCH" != "amd64" ] && [ "$FDB_ARCH" != "arm64" ]; then
+    echo "Error: Architecture must be 'amd64' or 'arm64'" >&2
+    exit 1
+fi
+
+PACKAGE="foundationdb-clients_${FDB_VERSION}-1_${FDB_ARCH}.deb"
 URL="https://github.com/apple/foundationdb/releases/download/${FDB_VERSION}/${PACKAGE}"

-echo "Downloading FoundationDB ${FDB_VERSION} client package..."
+echo "Downloading FoundationDB ${FDB_VERSION} client package for ${FDB_ARCH}..."
 echo "URL: ${URL}"
 echo ""

 # Download to temp directory
 TEMP_DIR=$(mktemp -d)
-trap "rm -rf ${TEMP_DIR}" EXIT
+trap 'rm -rf "${TEMP_DIR}"' EXIT

 cd "${TEMP_DIR}"
-if wget -q "${URL}"; then
+if wget --timeout=30 --tries=3 -q "${URL}"; then
    CHECKSUM=$(sha256sum "${PACKAGE}" | awk '{print $1}')
    echo "✓ Download successful"
    echo ""
@ -32,11 +41,11 @@ if wget -q "${URL}"; then
    echo "${CHECKSUM}"
    echo ""
    echo "Add this to Dockerfile.foundationdb_large:"
-    echo "    \"${FDB_VERSION}\") \\"
+    echo "    \"${FDB_VERSION}_${FDB_ARCH}\") \\"
    echo "        EXPECTED_SHA256=\"${CHECKSUM}\" ;; \\"
 else
    echo "✗ Failed to download package from ${URL}" >&2
-    echo "Please verify the version number and URL" >&2
+    echo "Please verify the version number, architecture, and URL" >&2
    exit 1
 fi