fix(ci): add QEMU setup for multi-architecture Docker builds

[aWN4Y25pa2EK]

Summary

• Add docker/setup-qemu-action step to enable cross-platform Docker builds
• Fixes the workflow to properly build images for both AMD64 and ARM64 architectures

Changes

• Added QEMU setup step before Docker Buildx in the Docker workflow
• Configured QEMU to support linux/amd64 and linux/arm64 platforms

Why This Fix?

The workflow was configured to build multi-arch images for main/releases but was missing the QEMU emulation setup required for cross-platform builds. Without QEMU, the workflow could only build for the runner's native architecture.

Test Plan

• Verify workflow syntax is correct
• Test PR build (should build AMD64 only as configured)
• After merge, verify main branch builds both AMD64 and ARM64 images

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features
  • Added complete Helm chart for arda-ingest service deployment with configurable replicas and ingress
  • Multi-architecture Docker build support (amd64, arm64)
  • AWS IAM Roles for Service Accounts (IRSA) integration
  • External Secrets configuration for secure credential management
  • Enhanced deployment workflows with improved service account handling

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request introduces a complete Helm chart for the ARDA Ingest service alongside GitHub Actions workflow updates. It adds QEMU multi-architecture support to Docker builds, updates Helm lint and release workflows to reflect new image and IRSA configurations, and includes Helm chart manifests for Deployment, Service, Ingress, ConfigMap, Secret, ExternalSecret, ServiceAccount resources with comprehensive default values.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Updates .github/workflows/docker.yml	Adds "Set up QEMU" step (docker/setup-qemu-action@v3) for multi-architecture builds targeting linux/amd64 and linux/arm64, positioned after Hadolint and before Docker Buildx setup.
GitHub Actions Workflow Updates .github/workflows/helm-lint.yml	Replaces chatAgent and cors configuration with image-related and IRSA-related values; changes ingress host from chat.test.example.com to ingest.test.example.com; replaces reverse proxy validation with IRSA validation; updates chart output filename from arda-chat-bot-*.tgz to arda-ingest-*.tgz; configures External Secrets settings.
GitHub Actions Workflow Updates .github/workflows/helm-release.yml	Updates Helm release documentation: namespace changed from dynamic chart name to fixed "arda"; replaces chatAgent/cors settings with image repository/tag and AWS secret placeholders; updates health check port-forward from 3003:80 to 5678:80 and target URL accordingly.
Helm Chart Initialization helm/.helmignore, helm/Chart.yaml	Adds .helmignore with standard VCS, backup, and IDE file patterns; adds Chart.yaml descriptor defining arda-ingest chart (v2 API, version 0.1.0, type: application) with arda, ingestion, document-processing keywords.
Helm Chart Templates & Configuration helm/templates/_helpers.tpl	Defines six template helpers: name, fullname, chart, labels, selectorLabels, and serviceAccountName for consistent resource naming and labeling across chart manifests.
Helm Chart Templates & Configuration helm/templates/deployment.yaml, helm/templates/service.yaml, helm/templates/serviceaccount.yaml	Adds Deployment template with replicas, image pullSecrets, security contexts, health probes, and resource configuration; Service template exposing http port with TCP protocol; ServiceAccount template with conditional creation and annotation support.
Helm Chart Templates & Configuration helm/templates/configmap.yaml, helm/templates/secret.yaml, helm/templates/externalsecret.yaml	Adds ConfigMap template iterating over environment variables; Secret template (type: Opaque) with stringData credentials when external secrets disabled; ExternalSecret template (external-secrets.io/v1beta1) with refreshInterval and secretStoreRef configuration when enabled.
Helm Chart Templates & Configuration helm/templates/ingress.yaml	Adds Ingress template with conditional rendering, optional ingressClassName, TLS support, host rules, and backend service integration sourcing port from values.
Helm Chart Templates & Configuration helm/values.yaml	Introduces comprehensive values file with default configurations for replicaCount, image settings, service (type, port), ingress (hosts, TLS), resource limits/requests, health probe specifications, environment variables (AWS region, S3, SurrealDB, OpenRouter endpoints), secrets placeholders, external secrets configuration, and pod affinity/node selector templates.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–30 minutes

Areas requiring attention:

• Verify consistency of template helper naming and usage across all Helm manifests (e.g., arda-ingest.fullname, arda-ingest.labels)
• Confirm external secrets and secret manifest conditional logic (.Values.externalSecrets.enabled gates) aligns with deployment expectations
• Validate that workflow changes (namespace change to "arda", port-forward update to 5678, image configuration) match intended deployment architecture
• Check that all environment variable keys in values.yaml are correctly referenced in ConfigMap and Deployment templates
• Review ingress host and TLS configuration pathType and backend service port resolution

Poem

🐰 A chart takes shape in the Helm's gentle care,
With templates and values, deployment's declared,
QEMU builds wide, from arm64 to amd,
Secrets and configs aligned for the win,
The ingestion pipeline, now containerized bright! 📦✨

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Free

📥 Commits

Reviewing files that changed from the base of the PR and between 95571c4 and fc43c08.

📒 Files selected for processing (14)

• .github/workflows/docker.yml (1 hunks)
• .github/workflows/helm-lint.yml (2 hunks)
• .github/workflows/helm-release.yml (1 hunks)
• helm/.helmignore (1 hunks)
• helm/Chart.yaml (1 hunks)
• helm/templates/_helpers.tpl (1 hunks)
• helm/templates/configmap.yaml (1 hunks)
• helm/templates/deployment.yaml (1 hunks)
• helm/templates/externalsecret.yaml (1 hunks)
• helm/templates/ingress.yaml (1 hunks)
• helm/templates/secret.yaml (1 hunks)
• helm/templates/service.yaml (1 hunks)
• helm/templates/serviceaccount.yaml (1 hunks)
• helm/values.yaml (1 hunks)

---

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}