1. Patchew
  2. Xen
  3. View series

[XEN PATCH] CI: use --platform on `docker build` and `push`

Anthony PERARD posted 1 patch 5 days, 20 hours ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/1777466900.8631fc262581453bbf619ec5b2062170.19dd9487f12000f373@vates.tech
automation/build/Makefile | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
[XEN PATCH] CI: use --platform on `docker build` and `push`
Posted by Anthony PERARD 5 days, 20 hours ago 
Without --platform, it seems recent versions of docker ignores the
platform of the image when pushing, and it's pushed as the platform of
the runner.

If we happen to build an arm64 image on x86, with recent version of
docker, the image will be push as if it was an x86 image, then
`docker run --platform=linux/arm64 ...` fails. Even if it would
work without --platform, gitlab-runner will not be able to use the
image.

To go back to the previous behavior, we will extract --platform from
the dockerfiles, and use it on the command line.

--platform= is needed on both docker-build and docker-push. The first
one so that the image is tagged with the right platform, and the
second one so that we can push a "generic" image without been tagged
to a particular platform. --platform on docker-push allow to easly use
the container on any arch, without having to use --platform on
docker-pull or docker-run.

`docker push --platform` seem to have been added to 1.46, according to
the [doc], and doesn't exist on Podman. So we need to check that we
are using `docker` and that the API version is new enough.

[doc] https://docs.docker.com/reference/cli/docker/image/push/

Also, introduce the $img variable, to make the lines a bit shorter.

Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>
---
 automation/build/Makefile | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/automation/build/Makefile b/automation/build/Makefile
index fedf7524dacd..d578cd347615 100644
--- a/automation/build/Makefile
+++ b/automation/build/Makefile
@@ -15,10 +15,28 @@ help:
 
 include yocto/yocto.inc
 
+# Find out if we are running Podman, if not is likely docker.
+is-docker = $(if $(filter Podman,$(shell $(DOCKER_CMD) version)),,1)
+
+# Find out the docker API version is at least 1.46. We exploit `sort -V` to
+# compare the versions at it can sort by version.
+docker-api-version = $(shell $(DOCKER_CMD) version -f '{{.Client.APIVersion}}')
+docker-min-version = $(firstword $(shell printf "1.46\n$(docker-api-version)" | sort -V))
+docker-have-push-platform = $(if $(filter 1.46,$(docker-min-version)),1)
+
+# check if we can use `X push --platform`.
+# `podman push` doesn't support --platform.
+# `docker` only have it on recent version.
+builder-have-push-platform = $(and $(is-docker),$(docker-have-push-platform))
+
 %: %.dockerfile ## Builds containers
-	$(DOCKER_CMD) build --pull -t $(REGISTRY)/$(@D):$(@F) -f $< $(<D)
-	@if [ ! -z $${PUSH+x} ]; then \
-		$(DOCKER_CMD) push $(REGISTRY)/$(@D):$(@F); \
+	set -xe; \
+	$(if $(builder-have-push-platform), \
+	    platform=$$(sed -n '/^FROM/{s/.*\(--platform=[^ ]*\) .*/\1/p;q}' $<); ) \
+	img="$(REGISTRY)/$(@D):$(@F)"; \
+	$(DOCKER_CMD) build --pull $$platform -t $$img -f $< $(<D); \
+	if [ ! -z $${PUSH+x} ]; then \
+		$(DOCKER_CMD) push $$platform $$img; \
 	fi
 
 .PHONY: all clean


-- 
 | Vates 

XCP-ng & Xen Orchestra - Vates solutions

web: https://vates.tech
Re: [XEN PATCH] CI: use --platform on `docker build` and `push`
Posted by Andrew Cooper 4 days, 19 hours ago 
On 29/04/2026 1:48 pm, Anthony PERARD wrote:
> Without --platform, it seems recent versions of docker ignores the
> platform of the image when pushing, and it's pushed as the platform of
> the runner.
>
> If we happen to build an arm64 image on x86, with recent version of
> docker, the image will be push as if it was an x86 image, then
> `docker run --platform=linux/arm64 ...` fails. Even if it would
> work without --platform, gitlab-runner will not be able to use the
> image.
>
> To go back to the previous behavior, we will extract --platform from
> the dockerfiles, and use it on the command line.
>
> --platform= is needed on both docker-build and docker-push. The first
> one so that the image is tagged with the right platform, and the
> second one so that we can push a "generic" image without been tagged
> to a particular platform. --platform on docker-push allow to easly use
> the container on any arch, without having to use --platform on
> docker-pull or docker-run.
>
> `docker push --platform` seem to have been added to 1.46, according to
> the [doc], and doesn't exist on Podman. So we need to check that we
> are using `docker` and that the API version is new enough.
>
> [doc] https://docs.docker.com/reference/cli/docker/image/push/
>
> Also, introduce the $img variable, to make the lines a bit shorter.
>
> Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>

For the code changes, Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

> ---
>  automation/build/Makefile | 24 +++++++++++++++++++++---

There's another docker push in automation/tests-artifacts/Makefile

However, this fix should allow me to finish the work to purge
test-artefacts/* so the problem sorts itself.

~Andrew

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.