ci: fix arm64 build (v0.14.x)

.github/workflows/codeql.yml

@@ -10,7 +10,6 @@
 # supported CodeQL languages.
 #
 name: "CodeQL"
-
 on:
   workflow_dispatch:
   push:

.github/workflows/conventional-pr-title.yml

@@ -0,0 +1,64 @@
+name: "Conventional PR Title"
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: write
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          types: |
+              feat
+              fix
+              build
+              chore
+              ci
+              docs
+              refactor
+              perf
+              test
+              revert
+              spec
+              merge
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        # When the previous steps fails, the workflow would stop. By adding this
+        # condition you can continue the execution with the populated error message.
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
+
+            Details:
+
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+
+            General format: `type(scope): msg`
+            Breaking change: `type(scope)!: msg`
+            Multi-scope change: `type: msg`
+            Types:  `feat`, `fix`, `build`, `chore`, `ci`, `docs`, `refactor`, `perf`, `test`, `revert`, `spec`, `merge`.
+            Example: `fix(cmd/cometbft/commands/debug): execute p.Signal only when p is not nil`
+
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-title-lint-error
+          delete: true

.github/workflows/docker.yml

@@ -1,71 +1,90 @@
-# This workflow builds and pushes a new version of the build container image
-# when the tools directory changes on main. Edit tools/Dockerfile.
-#
-# This workflow does not push a new image until it is merged, so tests that
-# depend on changes in this image will not pass until this workflow succeeds.
-# For that reason, changes here should be done in a separate PR in advance of
-# work that depends on them.
-#
-# To build the test image locally, run:
-#   make docker-test-image
-
-name: Docker testing image
+name: Build Docker Image
 on:
   workflow_dispatch:
     inputs:
-      refName:
-        description: 'Git ref name'
+      tag:
+        description: "The tag of the image to build"
         required: true
-        default: 'v0.14.x'
-  push:
-    branches:
-      - main
-    tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"               # Push events to matching v*, i.e. v1.0, v20.15.10
-      - "v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+"  # e.g. v0.37.0-alpha.1, v0.38.0-alpha.10
-      - "v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+"   # e.g. v0.37.0-beta.1, v0.38.0-beta.10
-      - "v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+"      # e.g. v0.37.0-rc1, v0.38.0-rc10
+        type: string
+      is_latest:
+        description: "Push as latest?"
+        required: false
+        default: false
+        type: boolean
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+env:
+  ORG: cometbft
+  IMAGE_NAME: cometbft-db-testing
+  GIT_TAG: "${{ inputs.tag }}"
 
 jobs:
-  build:
-    runs-on: ubuntu-latest
+  build-image-at-tag:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-24.04
+            platform: linux/amd64
+          - os: ubuntu-24.04-arm
+            platform: linux/arm64
+    runs-on: ${{ matrix.os }}
+    outputs:
+      digest-${{ matrix.platform }}: ${{ steps.build.outputs.digest }}
     steps:
       - uses: actions/checkout@v4
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=cometbft/cometbft-db-testing
-          VERSION=noop
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          elif [[ $GITHUB_REF == refs/heads/* ]]; then
-            VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
-            if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-              VERSION=latest
-            fi
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:${VERSION}"
-          fi
-          echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+        with:
+          ref: "${{ env.GIT_TAG }}"
+          fetch-depth: 0
 
-      - name: Set up Docker Build
-        uses: docker/setup-buildx-action@v3.6.1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
-        uses: docker/[email protected]
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Publish to Docker Hub
+      - name: Build and push image
+        id: build
         uses: docker/build-push-action@v6
         with:
-          context: ./tools
+          platforms: ${{ matrix.platform }}
           file: ./tools/Dockerfile
-          platforms: linux/amd64
-          push: ${{ github.event_name != 'pull_request' }}
           tags: |
-            ${{ steps.prep.outputs.tags }}
-            cometbft/cometbft-db-testing:${{ github.event.inputs.refName }}
+            ${{ env.ORG }}/${{ env.IMAGE_NAME }}:${{ env.GIT_TAG }}
+          push: true
+
+  merge:
+    runs-on: ubuntu-latest
+    needs: build-image-at-tag
+    steps:
+      - name: Get sanitized Docker tag
+        run: echo "DOCKER_TAG=$(echo $GIT_TAG | sed 's/[^a-zA-Z0-9\.]/-/g')" >> $GITHUB_ENV
+
+      - name: Login to DockerHub
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Create Multi-Arch Manifest
+        run: |
+          docker buildx imagetools create \
+            --tag ${{ env.ORG }}/${{ env.IMAGE_NAME }}:${{ env.DOCKER_TAG }} \
+            ${{ env.ORG }}/${{ env.IMAGE_NAME }}@${{ needs.build-image-at-tag.outputs.digest-linux/amd64 }} \
+            ${{ env.ORG }}/${{ env.IMAGE_NAME }}@${{ needs.build-image-at-tag.outputs.digest-linux/arm64 }}
+
+      - name: Tag and Push Latest (if applicable)
+        if: ${{ inputs.is_latest == true }}
+        run: |
+          docker buildx imagetools create \
+            --tag ${{ env.ORG }}/${{ env.IMAGE_NAME }}:latest \
+            ${{ env.ORG }}/${{ env.IMAGE_NAME }}@${{ needs.build-image-at-tag.outputs.digest-linux/amd64 }} \
+            ${{ env.ORG }}/${{ env.IMAGE_NAME }}@${{ needs.build-image-at-tag.outputs.digest-linux/arm64 }}

.github/workflows/lint.yml

@@ -6,24 +6,31 @@ on:
   pull_request:
   merge_group:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+env:
+  ORG: cometbft
+  IMAGE_NAME: cometbft-db-testing
+
 jobs:
   golangci:
-    # We need to run the linter on the same image we use for building, since it
-    # needs the C libraries installed for the dependencies to typecheck.
     runs-on: ubuntu-latest
-    container: cometbft/cometbft-db-testing
     steps:
       - uses: actions/checkout@v4
 
-      - name: Load Go version
-        run: echo "GO_VERSION=$(cat .github/workflows/go-version.env | grep GO_VERSION | cut -d '=' -f2)" >> $GITHUB_ENV
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-      - uses: actions/setup-go@v5
+      - name: Build and load
+        uses: docker/build-push-action@v6
         with:
-          go-version: ${{ env.GO_VERSION }}
+          platforms: linux/amd64
+          file: ./tools/Dockerfile
+          tags: "${{ env.ORG }}/${{ env.IMAGE_NAME }}:latest"
+          load: true
 
-      - uses: golangci/[email protected]
-        with:
-          args: --timeout 10m
-          version: latest
-          github-token: ${{ secrets.github_token }}
+      - name: lint
+        run: |
+          NON_INTERACTIVE=1 make docker-lint

.github/workflows/test.yml

@@ -0,0 +1,48 @@
+name: Test
+on:
+  pull_request:
+  merge_group:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+env:
+  ORG: cometbft
+  IMAGE_NAME: cometbft-db-testing
+
+jobs:
+  test:
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - os: ubuntu-24.04
+            platform: linux/amd64
+          - os: ubuntu-24.04-arm
+            platform: linux/arm64
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and load
+        uses: docker/build-push-action@v6
+        with:
+          platforms: ${{ matrix.platform }}
+          file: ./tools/Dockerfile
+          tags: "${{ env.ORG }}/${{ env.IMAGE_NAME }}:latest"
+          load: true
+
+      - name: test & coverage report creation
+        run: |
+          NON_INTERACTIVE=1 make docker-test
+
+      - uses: codecov/codecov-action@v4
+        with:
+          file: ./coverage.txt