support ARM64 with official Ruby + jemalloc

.github/workflows/release.yml

@@ -3,7 +3,7 @@ name: Build and Publish
 on:
   create:
     tags:
-    - '*'
+      - '*'
 
 jobs:
   build-and-push-docker-image:
@@ -12,24 +12,31 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: polydice/base
           tags: type=ref,event=tag
 
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Build image and push to Docker Hub
-        uses: docker/build-push-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v6
         with:
           push: true
           context: .
-          tags: ${{ steps.meta.outputs.tags }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}

Dockerfile

@@ -1,17 +1,33 @@
 ARG RUBY_VERSION=2.7.8
-ARG VARIANT=jemalloc-slim
-FROM quay.io/evl.ms/fullstaq-ruby:${RUBY_VERSION}-${VARIANT} as base
+FROM ruby:${RUBY_VERSION}-slim
 
-ARG BUNDLER_VERSION=2.4.20
+# jemalloc for better memory management
+RUN apt-get update && apt-get install -y --no-install-recommends libjemalloc2 \
+  && JEMALLOC_PATH=$(find /usr/lib -name "libjemalloc.so.2" | head -1) \
+  && [ -n "$JEMALLOC_PATH" ] || (echo "libjemalloc.so.2 not found" && exit 1) \
+  && ln -sf "$JEMALLOC_PATH" /usr/lib/libjemalloc.so.2 \
+  && rm -rf /var/lib/apt/lists/*
+ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2
+
+# 安裝 build tools 和 native extension 依賴
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    libpq-dev \
+    libffi-dev \
+  && rm -rf /var/lib/apt/lists/*
+
+ARG BUNDLER_VERSION=2.4.22
 RUN gem install -N bundler -v ${BUNDLER_VERSION}
 
 ARG NODE_VERSION=18.18.0
 ARG YARN_VERSION=1.22.22
 ARG PNPM_VERSION=9.9.0
-RUN curl https://get.volta.sh | bash
+RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certificates \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl https://get.volta.sh | bash
 ENV VOLTA_HOME /root/.volta
 ENV VOLTA_FEATURE_PNPM=1
 ENV PATH $VOLTA_HOME/bin:/usr/local/bin:$PATH
 RUN volta install node@${NODE_VERSION} && volta install yarn@${YARN_VERSION} && volta install pnpm@${PNPM_VERSION}
 
 RUN apt-get update \
@@ -23,28 +39,22 @@
     graphicsmagick \
     file \
     tar \
-    curl \
-    ca-certificates \
-    libmcrypt4 \
     shared-mime-info \
+    libmcrypt4 \
   && rm -rf /var/lib/apt/lists/*
 
+# Don't add g++/make to buildDeps, or purge will remove build-essential
 RUN set -ex \
-  \
   && buildDeps=' \
-    g++ \
-    make \
     cmake \
-    python \
+    python3 \
   ' \
   && apt-get update \
   && apt-get install -y --no-install-recommends $buildDeps \
   && rm -rf /var/lib/apt/lists/* \
-  \
   && curl -L https://github.com/BYVoid/OpenCC/archive/refs/tags/ver.1.1.9.tar.gz | tar -xz \
-  && cd OpenCC-ver.1.1.9 \ 
+  && cd OpenCC-ver.1.1.9 \
   && REL_BUILD_DOCUMENTATION=OFF make install \
-  \
   && apt-get purge -y --auto-remove $buildDeps \
   && cd ../ \
   && rm -rf OpenCC-ver.1.1.9

README.md

@@ -7,11 +7,37 @@ Polydice's base docker image for Rails applications.
 - `x.y.z` - Standard image for running on production
 - `x.y.z-testing` - Image for testing which includes additional packages.
 
+## Architectures
+
+- `linux/amd64` (x86_64)
+- `linux/arm64` (Graviton, Apple Silicon)
+
 ## Versions
 
-| Version | Ruby  | Node.js | Yarn    | Bundler | pnpm  |
-|---------|-------|---------|---------|---------|-------|
-| 0.31.2  | 2.7.8 | 18.18.0 | 1.22.22 | 2.4.20  | 9.9.0 |
-| 0.31.1  | 2.7.8 | 18.18.0 | 1.22.19 | 2.4.20  | 8.8.0 |
-| 0.31.0  | 2.7.7 | 18.18.0 | 1.22.19 | 2.4.5   | 8.8.0 |
-| 0.30.3  | 2.7.7 | 14.21.2 | 1.22.19 | 2.4.5   |       |
+| Version | Ruby  | Node.js | Yarn    | Bundler | pnpm  | ARM64 |
+|---------|-------|---------|---------|---------|-------|-------|
+| 0.32.0  | 2.7.8 | 18.18.0 | 1.22.22 | 2.4.20  | 9.9.0 | ✅    |
+| 0.31.2  | 2.7.8 | 18.18.0 | 1.22.22 | 2.4.20  | 9.9.0 | ❌    |
+| 0.31.1  | 2.7.8 | 18.18.0 | 1.22.19 | 2.4.20  | 8.8.0 | ❌    |
+| 0.31.0  | 2.7.7 | 18.18.0 | 1.22.19 | 2.4.5   | 8.8.0 | ❌    |
+| 0.30.3  | 2.7.7 | 14.21.2 | 1.22.19 | 2.4.5   |       | ❌    |
+
+## Release
+
+1. Update version in README.md
+2. Commit and push tag:
+   ```bash
+   git tag <version>
+   git push origin <version>
+   ```
+3. Wait for GitHub Actions to build and push to DockerHub
+4. Sync to ECR Public:
+   ```bash
+   ./sync-to-ecr.sh <version>
+   ```
+
+## Changes in 0.32.0
+
+- Switched from fullstaq-ruby to official Ruby image
+- Added jemalloc via `LD_PRELOAD`
+- Added ARM64 (linux/arm64) support

sync-to-ecr.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+set -e
+
+VERSION=${1:?Usage: ./sync-to-ecr.sh <version>}
+SOURCE="polydice/base"
+TARGET="public.ecr.aws/z1n0q3w1/base"
+
+# Check AWS permissions
+if ! aws ecr-public get-authorization-token --region us-east-1 &>/dev/null; then
+  echo "❌ No permission to push to ECR Public. Run 'aws configure' first."
+  exit 1
+fi
+
+# Login to ECR Public
+aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
+
+# Sync multi-arch image
+echo "🔄 Syncing ${VERSION}..."
+docker buildx imagetools create \
+  --tag ${TARGET}:${VERSION} \
+  ${SOURCE}:${VERSION}
+
+echo "✅ Done syncing to ECR Public"