feat(ci): allow for supporting multi-arch images to be built and shipped#787
Open
knechtionscoding wants to merge 1 commit intokelos-dev:mainfrom
Open
feat(ci): allow for supporting multi-arch images to be built and shipped#787knechtionscoding wants to merge 1 commit intokelos-dev:mainfrom
knechtionscoding wants to merge 1 commit intokelos-dev:mainfrom
Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
4 issues found across 9 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="cursor/Dockerfile">
<violation number="1" location="cursor/Dockerfile:1">
P2: Builder toolchain is decoupled from `GO_VERSION` and uses a floating Go tag, reducing build reproducibility and risking version drift.</violation>
</file>
<file name="cmd/kelos-spawner/Dockerfile">
<violation number="1" location="cmd/kelos-spawner/Dockerfile:1">
P2: New builder base image uses a floating tag (`golang:1.25`), which can cause non-reproducible builds and external version drift.</violation>
</file>
<file name="gemini/Dockerfile">
<violation number="1" location="gemini/Dockerfile:1">
P2: Builder stage uses a floating Go image tag, making release artifacts non-reproducible across rebuilds.</violation>
</file>
<file name="claude-code/Dockerfile">
<violation number="1" location="claude-code/Dockerfile:1">
P2: New builder stage uses an unpinned `golang` image tag, making shipped binary builds non-deterministic and vulnerable to upstream image drift.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| @@ -1,3 +1,10 @@ | |||
| FROM golang:1.25 AS builder | |||
There was a problem hiding this comment.
P2: Builder toolchain is decoupled from GO_VERSION and uses a floating Go tag, reducing build reproducibility and risking version drift.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At cursor/Dockerfile, line 1:
<comment>Builder toolchain is decoupled from `GO_VERSION` and uses a floating Go tag, reducing build reproducibility and risking version drift.</comment>
<file context>
@@ -1,3 +1,10 @@
+FROM golang:1.25 AS builder
+WORKDIR /workspace
+COPY go.mod go.sum ./
</file context>
| @@ -1,5 +1,12 @@ | |||
| FROM golang:1.25 AS builder | |||
There was a problem hiding this comment.
P2: New builder base image uses a floating tag (golang:1.25), which can cause non-reproducible builds and external version drift.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At cmd/kelos-spawner/Dockerfile, line 1:
<comment>New builder base image uses a floating tag (`golang:1.25`), which can cause non-reproducible builds and external version drift.</comment>
<file context>
@@ -1,5 +1,12 @@
+FROM golang:1.25 AS builder
+WORKDIR /workspace
+COPY go.mod go.sum ./
</file context>
Suggested change
| FROM golang:1.25 AS builder | |
| FROM golang:1.25.0 AS builder |
| @@ -1,3 +1,10 @@ | |||
| FROM golang:1.25 AS builder | |||
There was a problem hiding this comment.
P2: Builder stage uses a floating Go image tag, making release artifacts non-reproducible across rebuilds.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At gemini/Dockerfile, line 1:
<comment>Builder stage uses a floating Go image tag, making release artifacts non-reproducible across rebuilds.</comment>
<file context>
@@ -1,3 +1,10 @@
+FROM golang:1.25 AS builder
+WORKDIR /workspace
+COPY go.mod go.sum ./
</file context>
Suggested change
| FROM golang:1.25 AS builder | |
| FROM golang:1.25.0 AS builder |
| @@ -1,3 +1,10 @@ | |||
| FROM golang:1.25 AS builder | |||
There was a problem hiding this comment.
P2: New builder stage uses an unpinned golang image tag, making shipped binary builds non-deterministic and vulnerable to upstream image drift.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At claude-code/Dockerfile, line 1:
<comment>New builder stage uses an unpinned `golang` image tag, making shipped binary builds non-deterministic and vulnerable to upstream image drift.</comment>
<file context>
@@ -1,3 +1,10 @@
+FROM golang:1.25 AS builder
+WORKDIR /workspace
+COPY go.mod go.sum ./
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind feature
What this PR does / why we need it:
We want to run Kelos on our ARM nodes as well as AMD. Seeing as this is primarily an interface with k8s and llm APIs and not doing ML work locally this is relatively easy to allow.
Updates the dockerfiles to build the binary as a multi-stage build and then publish all the images properly
Which issue(s) this PR is related to:
N/A
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Summary by cubic
Enable multi-arch Docker images (linux/amd64, linux/arm64) so Kelos runs on ARM and x86 nodes. Updates Dockerfiles, Makefile, and release workflow to build and push multi-arch images.
make push-multiarchusingdocker buildx buildwithDOCKER_PLATFORMS=linux/amd64,linux/arm64.docker/setup-buildx-action@v3and pushes multi-arch tags (versioned andlateston releases).kelos-controller,kelos-spawner, andkelos-captureinside Docker for reproducible cross-arch builds.Written for commit 93a11cd. Summary will update on new commits.