feat(docker): add arm64 images

.github/workflows/docker-build.yml

@@ -1,11 +1,11 @@
-name: Docker
+name: CI and Docker Deploy
 
 on:
   push:
-    branches: [ 'main', 'dev', 'staging' ]
-    tags: [ 'v*.*.*' ]
+    branches: ['main', 'dev', 'staging']
+    tags: ['v*.*.*']
   pull_request:
-    branches: [ 'main', 'dev', 'staging' ]
+    branches: ['main', 'dev', 'staging']
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -14,26 +14,10 @@ concurrency:
 env:
   # github.repository as <account>/<repo>
   IMAGE_NAME: mnestix-browser
-  IMAGE_TAG: latest
   # Update the version manually
   IMAGE_TAG_VERSION: 1.4.0
-  REGISTRY_USER: ${{ secrets.DOCKER_USERNAME }}
-  REGISTRY_PASS: ${{ secrets.DOCKER_API_TOKEN }}
 
 jobs:
-  unit-tests:
-    name: Unit Tests
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: Run unit tests
-        id: test_units
-        run: yarn install && npx jest
-
   build-browser-image:
     name: Build browser image
     runs-on: ubuntu-latest
@@ -45,9 +29,19 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Build image
-        id: build
-        run: docker compose build mnestix-browser
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64
+          context: '.'
+          cache-to: type=gha,scope=amd64,mode=max
+          target: production
+          push: false
+          tags: mnestix/mnestix-browser:latest
+          load: true
 
       - name: Save mnestix-browser image
         run: docker save mnestix/mnestix-browser:latest -o mnestix-browser.tar
@@ -62,14 +56,14 @@ jobs:
   e2e-tests:
     name: e2e test matrix
     runs-on: ubuntu-latest
-    needs: [ 'build-browser-image' ]
+    needs: ['build-browser-image']
     permissions:
       contents: read
     strategy:
       fail-fast: false
       matrix:
         # add more containers to run more tests in parallel
-        containers: [ 1, 2, 3, 4 ]
+        containers: [1, 2, 3, 4]
 
     steps:
       - name: Checkout repository
@@ -81,16 +75,21 @@ jobs:
           name: mnestix-browser
 
       # image too big to be reused
-      - name: prepare tests
-        run: |
-          docker compose -f compose.yml -f docker-compose/compose.test.yml --profile tests build cypress-test
-          docker compose -f compose.yml -f docker-compose/compose.test.yml --profile tests pull
+      - name: Build test image
+        run: docker compose -f compose.yml -f docker-compose/compose.test.yml --profile tests build cypress-test
+
+      - name: Pull images
+        run: docker compose -f compose.yml -f docker-compose/compose.test.yml --profile tests pull
 
+      # overwrite the pulled image with the new image
       - name: Load mnestix-browser image
         run: docker load -i mnestix-browser.tar
 
       - name: Run e2e tests
-        id: test
+        # 18-minute timeout to speed up failing tests that are retried too long.
+        # If the timeout is reached under normal test conditions, consider increasing
+        # the number of containers to run more tests in parallel.
+        timeout-minutes: 18
         run: |
           docker compose -f compose.yml -f docker-compose/compose.test.yml --profile tests up -d &&
           docker compose -f compose.yml -f docker-compose/compose.test.yml attach cypress-test
@@ -101,62 +100,99 @@ jobs:
           TEST_USER_PASSWORD: ${{ secrets.TEST_USER_PASSWORD }}
 
       - name: E2E test collect artifact
-        id: test_artifact
+        if: always()
         uses: actions/upload-artifact@v4
         with:
           name: cypress-artifacts-${{ matrix.containers }}
           path: cypress-artifacts/
 
-      - name: Fail if e2e tests failed
-        if: ${{ failure() }}
-        run: exit 1
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Install dependencies
+        run: yarn install
+      - name: Run unit tests
+        run: npx jest
+
+  # Target for PR Merge Check
+  ci-success:
+    name: Successful build and tests
+    runs-on: ubuntu-latest
+    needs: ['unit-tests', 'e2e-tests']
+    steps:
+      - name: Success
+        run: echo "Success"
+
+  # It takes 22 minutes to build the arm64 image in amd64-QEMU so we build a cache on the arm64 runner
+  # Github Issues point to a yarn problem
+  # https://github.com/docker/build-push-action/issues/471
+  # https://github.com/nodejs/docker-node/issues/1335
+  build-arm-cache:
+    name: Build arm image cache
+    runs-on: ubuntu-24.04-arm
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/arm64
+          context: '.'
+          cache-to: type=gha,scope=arm64,mode=max
+          target: production
+          push: false
 
   push-image:
     name: Push image to registry
-    needs: [ 'build-browser-image', 'unit-tests', 'e2e-tests' ]
+    needs: ['ci-success', 'build-arm-cache']
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/dev'
+    if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/dev')
     permissions:
       contents: read
       packages: write
 
     steps:
-      - name: Extract branch name
-        id: extract_branch
-        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
-
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Download mnestix-browser artifact
-        uses: actions/download-artifact@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
         with:
-          name: mnestix-browser
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
 
-      - name: Load mnestix-browser image
-        run: docker load -i mnestix-browser.tar
+      - name: Extract branch name
+        id: extract_branch
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
 
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into docker hub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
+      - name: Build and push docker images
+        uses: docker/build-push-action@v6
         with:
-          username: ${{ env.REGISTRY_USER }}
-          password: ${{ env.REGISTRY_PASS }}
-
-      - name: Push Image to Production
-        id: push-prod
-        if: github.ref == 'refs/heads/main'
-        run: docker tag mnestix/$IMAGE_NAME mnestix/$IMAGE_NAME:$IMAGE_TAG &&
-          docker tag mnestix/$IMAGE_NAME mnestix/$IMAGE_NAME:$IMAGE_TAG_VERSION &&
-          docker push mnestix/$IMAGE_NAME:$IMAGE_TAG &&
-          docker push mnestix/$IMAGE_NAME:$IMAGE_TAG_VERSION
-
-      - name: Push Image to development
-        id: push-dev
-        if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/staging'
-        env:
-          BRANCH_NAME: ${{ steps.extract_branch.outputs.branch }}
-        run: docker tag mnestix/$IMAGE_NAME mnestix/$IMAGE_NAME:$BRANCH_NAME &&
-          docker push mnestix/$IMAGE_NAME:$BRANCH_NAME
+          platforms: linux/amd64,linux/arm64
+          context: '.'
+          cache-from: |
+            type=gha,scope=amd64
+            type=gha,scope=arm64
+          target: production
+          push: true
+          tags: |
+            ${{ github.ref == 'refs/heads/main' && format('mnestix/{0}:{1}', env.IMAGE_NAME, env.IMAGE_TAG_VERSION) || '' }}
+            ${{ github.ref == 'refs/heads/main' && format('mnestix/{0}:latest', env.IMAGE_NAME) || '' }}
+            ${{ github.ref != 'refs/heads/main' && format('mnestix/{0}:{1}', env.IMAGE_NAME, steps.extract_branch.outputs.branch) || '' }}

Dockerfile

@@ -4,7 +4,16 @@ RUN apk update && apk add --no-cache openssl
 FROM base AS deps
 WORKDIR /app
 COPY package*.json yarn.lock* ./
-RUN yarn install --frozen-lockfile --production
+# This is a workaround for yarn QEMU support
+# https://github.com/docker/build-push-action/issues/471
+# https://github.com/nodejs/docker-node/issues/1335
+RUN ARCH=$(uname -m); \
+    if [ "$ARCH" = "aarch64" ]; then \
+        yarn install --frozen-lockfile --production --network-timeout 1000000; \
+    else \
+        yarn install --frozen-lockfile --production; \
+    fi
+RUN apk update && apk add --no-cache openssl
 
 # Next.js collects completely anonymous telemetry data about general usage. Learn more here: https://nextjs.org/telemetry
 # Comment the following line to enable telemetry at run time
@@ -28,7 +37,7 @@ RUN addgroup -g 1001 -S nodejs
 RUN adduser -S nextjs -u 1001
 USER nextjs
 EXPOSE 3000
-ENV PORT 3000
+ENV PORT=3000
 
 COPY --from=builder /app/public ./public
 COPY --from=builder --chown=nextjs:nodejs /app/prisma/database/mnestix-database.db ./prisma/database/mnestix-database.db

compose.yml

@@ -10,7 +10,7 @@ services:
   mnestix-browser:
     container_name: mnestix-browser
     image: mnestix/mnestix-browser:latest
-    profiles: [ "", "frontend", "tests" ]
+    profiles: ['', 'frontend', 'tests']
     build:
       dockerfile: Dockerfile
       target: production
@@ -24,14 +24,14 @@ services:
       SUBMODEL_REPO_API_URL: 'http://mnestix-api:5064/repo'
       MNESTIX_BACKEND_API_URL: 'http://mnestix-api:5064'
       MNESTIX_BACKEND_API_KEY: ${MNESTIX_BACKEND_API_KEY:-verySecureApiKey}
-      AAS_LIST_FEATURE_FLAG: "true"
-      TRANSFER_FEATURE_FLAG: "false"
-      COMPARISON_FEATURE_FLAG: "true"
-      AUTHENTICATION_FEATURE_FLAG: "false"
-      LOCK_TIMESERIES_PERIOD_FEATURE_FLAG: "true"
+      AAS_LIST_FEATURE_FLAG: 'true'
+      TRANSFER_FEATURE_FLAG: 'false'
+      COMPARISON_FEATURE_FLAG: 'true'
+      AUTHENTICATION_FEATURE_FLAG: 'false'
+      LOCK_TIMESERIES_PERIOD_FEATURE_FLAG: 'true'
       NEXTAUTH_SECRET: ${NEXTAUTH_SECRET:-verySecureNextAuthSecret}
-      IMPRINT_URL: ""
-      DATA_PRIVACY_URL: ""
+      IMPRINT_URL: ''
+      DATA_PRIVACY_URL: ''
     depends_on:
       aas-environment:
         condition: service_healthy # only after the healthcheck in aas is successful, the mnestix container is being created
@@ -43,7 +43,7 @@ services:
   mnestix-api:
     image: mnestix/mnestix-api:1.3.0
     container_name: mnestix-api
-    profiles: [ "", "backend", "tests" ]
+    profiles: ['', 'backend', 'tests']
     ports:
       - '5064:5064'
     environment:
@@ -54,10 +54,10 @@ services:
       ReverseProxy__Clusters__submodelRepoCluster__Destinations__destination1__Address: 'http://aas-environment:8081/'
       ReverseProxy__Clusters__discoveryCluster__Destinations__destination1__Address: 'http://aas-discovery:8081/'
       # Features Configuration
-      Features__AasRegistryMiddleware: "true"
-      Features__UseMongoDbBasedAasIdStorage: "true"
-      Features__AllowRetrievingAllShellsAndSubmodels: "true"
-      Features__UseAuthentication: "false"
+      Features__AasRegistryMiddleware: 'true'
+      Features__UseMongoDbBasedAasIdStorage: 'true'
+      Features__AllowRetrievingAllShellsAndSubmodels: 'true'
+      Features__UseAuthentication: 'false'
       # InfluxDB Configuration
       # URL to specify the host and port where InfluxDB is running:
       ReverseProxy__Clusters__influxCluster__Destinations__destination1__Address: 'http://example/'
@@ -83,7 +83,7 @@ services:
   mongodb:
     image: mongo:5
     container_name: mongodb
-    profiles: [ "", "basyx", "tests" ]
+    profiles: ['', 'basyx', 'tests']
     environment:
       MONGO_INITDB_ROOT_USERNAME: mongoAdmin
       MONGO_INITDB_ROOT_PASSWORD: mongoPassword
@@ -104,7 +104,7 @@ services:
   aas-environment:
     image: eclipsebasyx/aas-environment:2.0.0-milestone-03.1
     container_name: aas-environment
-    profiles: [ "", "basyx", "tests" ]
+    profiles: ['', 'basyx', 'tests']
     depends_on:
       - mongodb
     environment:
@@ -122,7 +122,7 @@ services:
       BASYX_CORS_ALLOWED-METHODS: GET,POST,PATCH,DELETE,PUT,OPTIONS,HEAD
     healthcheck: # check the endpoint for a valid response (service ready)
       test: curl -f http://localhost:8081/actuator/health
-      interval: 30s
+      interval: 10s
       timeout: 10s
       retries: 6
     logging:
@@ -136,7 +136,7 @@ services:
   aas-discovery:
     image: eclipsebasyx/aas-discovery:2.0.0-milestone-03.1
     container_name: aas-discovery
-    profiles: [ "", "basyx", "tests" ]
+    profiles: ['', 'basyx', 'tests']
     depends_on:
       - mongodb
     environment:
@@ -164,7 +164,7 @@ services:
   aas-registry:
     image: eclipsebasyx/aas-registry-log-mongodb:2.0.0-milestone-03.1
     container_name: aas-registry
-    profiles: [ "", "basyx" ]
+    profiles: ['', 'basyx']
     ports:
       - '8083:8080'
     depends_on:
@@ -184,7 +184,7 @@ services:
   submodel-registry:
     image: eclipsebasyx/submodel-registry-log-mongodb:2.0.0-milestone-03.1
     container_name: submodel-registry
-    profiles: [ "", "basyx" ]
+    profiles: ['', 'basyx']
     ports:
       - '8084:8080'
     depends_on:
@@ -195,7 +195,7 @@ services:
       BASYX__CORS__ALLOWED-METHODS: GET,POST,PATCH,DELETE,PUT,OPTIONS,HEAD
     healthcheck: # check the endpoint for a valid response (service ready)
       test: curl -f http://localhost:8080/actuator/health
-      interval: 30s
+      interval: 10s
       timeout: 10s
       retries: 6
     networks: