adding docker build workflow for arm64 images (#770)

* build: added arm64 docker build

* build: undo typo

* build: remove whitespace

* build: test workflow

* build: test workflow

* build: build arm first

* build: build arm first

* build: using nix arm64 base image

* build: set up qemu

* build: seccomp set to unconfined

* build: create nix config

* build: split arm workflow

* build: reset on release

* build: testing --extra-platforms flag

* build: testing --extra-platforms flag

* build: testing --extra-platforms flag

* build: reset on release

.github/workflows/docker-publish-arm.yml

@@ -0,0 +1,61 @@
+name: Publish Docker Image ARM
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to build and publish'
+        required: true
+        default: 'latest'
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: thesimplekid/cdk-mintd
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+            ${{ github.event.inputs.tag != '' && github.event.inputs.tag || '' }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          platforms: linux/arm64
+          file: ./Dockerfile.arm
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Dockerfile.arm

@@ -0,0 +1,43 @@
+# Use the official NixOS image as the base image
+FROM nixos/nix:latest AS builder
+
+# Set the working directory
+WORKDIR /usr/src/app
+
+# Copy workspace files and crates directory into the container
+COPY flake.nix ./flake.nix
+COPY Cargo.toml ./Cargo.toml
+COPY crates ./crates
+
+# Create a nix config file to disable syscall filtering
+RUN echo 'filter-syscalls = false' > /etc/nix/nix.conf
+
+# Start the Nix daemon and develop the environment
+RUN nix develop --extra-platforms aarch64-linux --extra-experimental-features nix-command --extra-experimental-features flakes --command cargo build --release --bin cdk-mintd --features redis
+
+# Create a runtime stage
+FROM debian:bookworm-slim
+
+# Set the working directory
+WORKDIR /usr/src/app
+
+# Install needed runtime dependencies (if any)
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends patchelf && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copy the built application from the build stage
+COPY --from=builder /usr/src/app/target/release/cdk-mintd /usr/local/bin/cdk-mintd
+
+# Detect the architecture and set the interpreter accordingly
+RUN ARCH=$(uname -m) && \
+    if [ "$ARCH" = "aarch64" ]; then \
+        patchelf --set-interpreter /lib/ld-linux-aarch64.so.1 /usr/local/bin/cdk-mintd; \
+    elif [ "$ARCH" = "x86_64" ]; then \
+        patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 /usr/local/bin/cdk-mintd; \
+    else \
+        echo "Unsupported architecture: $ARCH"; exit 1; \
+    fi
+
+# Set the entry point for the container
+CMD ["cdk-mintd"]