fix: address critical multi-arch and CI/CD issues

Critical fixes from expert review:
- Fix multi-arch builds: s6-overlay now selects correct architecture
  (x86_64 for amd64, aarch64 for arm64, arm for arm/v7)
- Fix GitHub Actions SBOM generation image reference
- Fix GitHub Actions Trivy security scan image reference
- Fix resource limits: use Compose v2 syntax instead of swarm-only deploy
- Remove obsolete version directive from docker-compose.yml
- Remove unnecessary reverse proxy network comments
- Document unsupported env vars (MAX_WIKI_ENTRIES_PER_PAGE, MAX_CONTINUOUS_ERRORS)

This resolves blocking issues for arm64 builds and CI/CD pipeline.

Author: bakerboy448

.github/workflows/docker-build.yml

@@ -87,7 +87,7 @@ jobs:
         if: github.event_name != 'pull_request'
         uses: anchore/sbom-action@v0
         with:
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
           format: spdx-json
           output-file: sbom.spdx.json
 
@@ -110,7 +110,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
           format: 'sarif'
           output: 'trivy-results.sarif'
 

Dockerfile

@@ -36,10 +36,17 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 
 # Install s6-overlay for proper init and user management
 ARG S6_OVERLAY_VERSION=3.1.6.2
+ARG TARGETARCH
 ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
-ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
-RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \
-    tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz && \
+RUN case ${TARGETARCH} in \
+        "amd64") S6_ARCH=x86_64 ;; \
+        "arm64") S6_ARCH=aarch64 ;; \
+        "arm/v7") S6_ARCH=arm ;; \
+        *) echo "Unsupported architecture: ${TARGETARCH}" && exit 1 ;; \
+    esac && \
+    curl -L "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" -o /tmp/s6-overlay-arch.tar.xz && \
+    tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \
+    tar -C / -Jxpf /tmp/s6-overlay-arch.tar.xz && \
     rm /tmp/s6-overlay-*.tar.xz
 
 # Create default user and group

docker-compose.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 services:
   modlog-bot:
     build: .
@@ -28,8 +26,9 @@ services:
       # Advanced settings (optional)
       - WIKI_ACTIONS=${WIKI_ACTIONS:-removelink,removecomment,addremovalreason,spamlink,spamcomment,approvelink,approvecomment}
       - IGNORED_MODERATORS=${IGNORED_MODERATORS:-}
-      - MAX_WIKI_ENTRIES_PER_PAGE=${MAX_WIKI_ENTRIES_PER_PAGE:-1000}
-      - MAX_CONTINUOUS_ERRORS=${MAX_CONTINUOUS_ERRORS:-5}
+
+      # Note: MAX_WIKI_ENTRIES_PER_PAGE and MAX_CONTINUOUS_ERRORS require config.json mount
+      # These settings are not supported via environment variables
 
     volumes:
       # Persistent data storage
@@ -45,15 +44,10 @@ services:
         max-size: "10m"
         max-file: "5"
 
-    # Resource limits
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 256M
-        reservations:
-          cpus: '0.1'
-          memory: 128M
+    # Resource limits (Compose v2 syntax)
+    mem_limit: 256m
+    mem_reservation: 128m
+    cpus: 0.5
 
   # Optional: Multiple bot instances for different subreddits
   # modlog-bot-2:
@@ -67,10 +61,4 @@ services:
   #     - SOURCE_SUBREDDIT=${SOURCE_SUBREDDIT_2}
   #   volumes:
   #     - ./data2:/config/data
-  #     - ./logs2:/config/logs
-
-# Optional: External network for reverse proxy integration
-# networks:
-#   default:
-#     external:
-#       name: proxy-network
+  #     - ./logs2:/config/logs