feat: arm64

Author: senshinya

.github/workflows/docker-build.yml

@@ -17,6 +17,11 @@ on:
         required: true
         default: true
         type: boolean
+      build_arm64:
+        description: '构建 ARM64 架构 (较慢)'
+        required: true
+        default: false
+        type: boolean
 
 env:
   REGISTRY: ghcr.io
@@ -28,13 +33,24 @@ jobs:
     permissions:
       contents: read
       packages: write
+    strategy:
+      matrix:
+        include:
+          - platform: linux/amd64
+            arch: amd64
+          - platform: linux/arm64
+            arch: arm64
 
     steps:
     - name: 检出代码
       uses: actions/checkout@v4
 
     - name: 设置 Docker Buildx
       uses: docker/setup-buildx-action@v3
+      with:
+        driver-opts: |
+          image=moby/buildkit:buildx-stable-1
+          network=host
 
     - name: 登录到 GitHub Container Registry
       uses: docker/login-action@v3
@@ -57,26 +73,36 @@ jobs:
           type=raw,value=latest,enable={{is_default_branch}}
           type=raw,value=${{ github.event.inputs.tag }},enable=${{ github.event_name == 'workflow_dispatch' }}
 
-    - name: 构建并推送 Docker 镜像
+    - name: 构建并推送 Docker 镜像 (${{ matrix.arch }})
+      if: matrix.arch == 'amd64' || (matrix.arch == 'arm64' && (github.event_name != 'workflow_dispatch' || github.event.inputs.build_arm64 == 'true'))
       uses: docker/build-push-action@v5
       with:
         context: .
-        platforms: linux/amd64,linux/arm64
+        file: ${{ matrix.arch == 'arm64' && 'Dockerfile.arm64' || 'Dockerfile' }}
+        platforms: ${{ matrix.platform }}
         push: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true' }}
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
+        cache-from: type=gha,scope=${{ matrix.arch }}
+        cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
+        build-args: |
+          BUILDPLATFORM=${{ matrix.platform }}
+          TARGETPLATFORM=${{ matrix.platform }}
+        outputs: type=registry
+        provenance: false
+        sbom: false
 
     - name: 生成摘要
       if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
       run: |
         echo "## 🐳 Docker 镜像构建完成" >> $GITHUB_STEP_SUMMARY
         echo "" >> $GITHUB_STEP_SUMMARY
         echo "**触发方式:** ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
+        echo "**构建架构:** ${{ matrix.arch }}" >> $GITHUB_STEP_SUMMARY
         if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
           echo "**自定义标签:** ${{ github.event.inputs.tag }}" >> $GITHUB_STEP_SUMMARY
           echo "**推送到注册表:** ${{ github.event.inputs.push_to_registry }}" >> $GITHUB_STEP_SUMMARY
+          echo "**构建 ARM64:** ${{ github.event.inputs.build_arm64 }}" >> $GITHUB_STEP_SUMMARY
         fi
         echo "" >> $GITHUB_STEP_SUMMARY
         echo "**镜像标签:**" >> $GITHUB_STEP_SUMMARY

Dockerfile.arm64

@@ -0,0 +1,62 @@
+# ARM64 优化版本的 Dockerfile
+# 使用官方 Go 镜像作为构建阶段
+FROM --platform=linux/arm64 golang:1.23.7-alpine AS builder
+
+# 设置工作目录
+WORKDIR /app
+
+# 安装必要的系统依赖
+RUN apk add --no-cache git gcc musl-dev sqlite-dev
+
+# 复制 go mod 文件
+COPY go.mod go.sum ./
+
+# 下载依赖
+RUN go mod download
+
+# 复制源代码
+COPY . .
+
+# 构建应用程序 - ARM64 优化
+RUN CGO_ENABLED=1 GOOS=linux GOARCH=arm64 go build \
+    -a -installsuffix cgo \
+    -ldflags="-w -s" \
+    -o main .
+
+# 使用轻量级的 Alpine 镜像作为运行阶段
+FROM --platform=linux/arm64 alpine:latest
+
+# 安装运行时依赖
+RUN apk --no-cache add ca-certificates sqlite
+
+# 创建非 root 用户
+RUN addgroup -g 1001 -S appgroup && \
+    adduser -u 1001 -S appuser -G appgroup
+
+# 设置工作目录
+WORKDIR /app
+
+# 从构建阶段复制二进制文件
+COPY --from=builder /app/main .
+
+# 创建数据目录并设置权限
+RUN mkdir -p /data && \
+    chown -R appuser:appgroup /app /data
+
+# 切换到非 root 用户
+USER appuser
+
+# 暴露端口
+EXPOSE 8080
+
+# 设置环境变量默认值
+ENV USERNAME=your_username
+ENV PASSWORD=your_password
+ENV SUBSCRIPTION_URL=https://your_subscription_url.com
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/api/login || exit 1
+
+# 启动应用程序
+CMD ["./main"]