Skip to content

ci: switch to StageX reproducible builds without QEMU#595

Open
ConYel wants to merge 2 commits into
jpillora:masterfrom
ConYel:stagex-builds
Open

ci: switch to StageX reproducible builds without QEMU#595
ConYel wants to merge 2 commits into
jpillora:masterfrom
ConYel:stagex-builds

Conversation

@ConYel

@ConYel ConYel commented Jul 1, 2026

Copy link
Copy Markdown

Replaces the current golang:alpine Dockerfile with StageX — pinned
SHA256 base images, multi-stage quality gates (go vet, go test), hermetic
build with --network=none, deterministic timestamps, and native
cross-compilation via GOARCH build arg.

Key changes:

  • .github/Dockerfile — StageX multi-stage, no QEMU, 13 architectures
  • .github/workflows/ci.yml — per-arch shell loop, manifest annotation,
    no setup-qemu-action, no setup-buildx-action
  • .github/verify-binary.sh — post-build ELF arch + version verification

Why:

  • QEMU is ~20% slower and only builds 7 arches (StageX: 13)
  • Current golang:alpine is a floating tag — not reproducible
  • Current build installs git via apk, adds network, skips lint/test
  • Go cross-compiles natively — no reason to use QEMU for building

Ref: #594

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant