Add multi-arch Docker build & GHCR publishing (#1278)

# Summary This PR addresses failures to run Yggdrasil on ARM systems. The root cause was the lack of ARM artifacts/images, which led to exec format error and similar issues. ## What’s added: - ```Dockerfile.multiarch``` — multi-stage Go build that correctly propagates GOOS/GOARCH for linux/amd64, linux/arm64, linux/armhf and linux/armel platform. - ```entrypoint.sh``` - Introduced ENV **ALLOW_IPV6_FORWARDING**. When set to a truthy value (e.g., true), the entrypoint executes: ```sysctl -w net.ipv6.conf.all.forwarding=1```. - GitHub Action for multi-arch builds and publishing to GHCR — triggered via ```workflow_dispatch```, push to ```master``` and release via tags (with docker semantic tags e.g. v0.5.12 → 0.5.12, 0.5, 0). Example published images: [https://github.com/Forne/yggdrasil-go/pkgs/container/yggdrasil-go](https://github.com/Forne/yggdrasil-go/pkgs/container/yggdrasil-go) ## Testing ✅ Ubuntu (24.04, amd64) — image runs correctly. ✅ macOS (Apple Silicon, arm64) — image runs correctly. ✅ MikroTik RouterOS (arm64) — image runs under the RouterOS container package.
2025-10-13 00:15:06 +03:00 · 2025-10-04 14:51:43 +05:00 · 2025-10-04 14:51:43 +05:00 · 284894fe40
commit 284894fe40
parent 89a3718d59
3 changed files with 96 additions and 0 deletions
--- a/contrib/docker/Dockerfile.multiarch
+++ b/contrib/docker/Dockerfile.multiarch
@ -0,0 +1,29 @@
+# syntax=docker/dockerfile:1
+FROM --platform=$BUILDPLATFORM docker.io/golang:alpine as builder
+
+COPY . /src
+WORKDIR /src
+
+ARG TARGETOS
+ARG TARGETARCH
+ENV CGO_ENABLED=0
+ENV GOOS=${TARGETOS} GOARCH=${TARGETARCH}
+
+RUN apk add git && ./build && go build -o /src/genkeys cmd/genkeys/main.go
+
+FROM docker.io/alpine
+
+COPY --from=builder /src/yggdrasil /usr/bin/yggdrasil
+COPY --from=builder /src/yggdrasilctl /usr/bin/yggdrasilctl
+COPY --from=builder /src/genkeys /usr/bin/genkeys
+COPY contrib/docker/entrypoint.sh /usr/bin/entrypoint.sh
+
+# RUN addgroup -g 1000 -S yggdrasil-network \
+#  && adduser -u 1000 -S -g 1000 --home /etc/yggdrasil-network yggdrasil-network
+#
+# USER yggdrasil-network
+# TODO: Make running unprivileged work
+
+VOLUME [ "/etc/yggdrasil-network" ]
+
+ENTRYPOINT [ "/usr/bin/entrypoint.sh" ]
--- a/contrib/docker/entrypoint.sh
+++ b/contrib/docker/entrypoint.sh
@ -9,5 +9,10 @@ if [ ! -f "$CONF_DIR/config.conf" ]; then
  yggdrasil --genconf > "$CONF_DIR/config.conf"
 fi

+if [ -n "$ALLOW_IPV6_FORWARDING" ]; then
+  echo "set sysctl -w net.ipv6.conf.all.forwarding=1"
+  sysctl -w net.ipv6.conf.all.forwarding=1
+fi
+
 yggdrasil --useconf < "$CONF_DIR/config.conf"
 exit $?