feat: enhance Dockerfiles for cross-compilation and optimize CI pipeline

Signed-off-by: liuhy <[email protected]>

Author: Aias00

.github/workflows/docker-publish.yml

@@ -14,11 +14,11 @@ on:
         required: false
         type: boolean
         default: false
-      skip_multiarch:
-        description: "Skip multi-architecture build for faster CI"
+      use_cross_compilation:
+        description: "Use cross-compilation instead of emulation for ARM64"
         required: false
         type: boolean
-        default: false
+        default: true
   push:
     branches: [ "main" ]
   pull_request:
@@ -30,16 +30,21 @@ on:
       - "e2e-tests/llm-katan/**"
 
 jobs:
-  # Parallel job for building both images
-  build_and_push:
-    runs-on: ubuntu-latest
+  # Separate job for native builds vs emulated builds
+  build_native:
+    runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-latest-arm64' || 'ubuntu-latest' }}
     permissions:
       contents: read
       packages: write
     strategy:
       matrix:
         image: [extproc, llm-katan]
-      fail-fast: false # Continue building other images if one fails
+        # Smart architecture selection:
+        # - PR: Only AMD64 for faster feedback
+        # - Main/Release: Multi-arch for production
+        # arch: ${{ github.event_name == 'pull_request' && fromJSON('["amd64"]') || fromJSON('["amd64", "arm64"]') }}
+        arch: ["amd64", "arm64"]
+      fail-fast: false
 
     steps:
       - name: Check out the repo
@@ -48,8 +53,8 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Set up QEMU (only for multi-arch builds)
-        if: inputs.skip_multiarch != true && github.event_name != 'pull_request'
+      - name: Set up QEMU (fallback for ARM64 if native runners unavailable)
+        if: matrix.arch == 'arm64' && runner.arch != 'ARM64'
         uses: docker/setup-qemu-action@v3
         with:
           platforms: arm64
@@ -61,6 +66,37 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      # Enhanced Rust caching for extproc builds with incremental compilation
+      - name: Cache Rust dependencies (extproc)
+        if: matrix.image == 'extproc'
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            candle-binding/target/
+            ~/.rustup/
+          key: ${{ runner.os }}-cargo-${{ matrix.arch }}-${{ hashFiles('candle-binding/Cargo.toml') }}-${{ hashFiles('candle-binding/Cargo.lock') }}-${{ hashFiles('candle-binding/src/**/*.rs') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-${{ matrix.arch }}-${{ hashFiles('candle-binding/Cargo.toml') }}-${{ hashFiles('candle-binding/Cargo.lock') }}-
+            ${{ runner.os }}-cargo-${{ matrix.arch }}-${{ hashFiles('candle-binding/Cargo.toml') }}-
+            ${{ runner.os }}-cargo-${{ matrix.arch }}-
+            ${{ runner.os }}-cargo-
+
+      # Python caching for llm-katan builds
+      - name: Cache Python dependencies (llm-katan)
+        if: matrix.image == 'llm-katan'
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/pip
+            e2e-tests/llm-katan/.venv
+          key: ${{ runner.os }}-pip-${{ matrix.arch }}-${{ hashFiles('e2e-tests/llm-katan/requirements.txt', 'e2e-tests/llm-katan/pyproject.toml') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-${{ matrix.arch }}-
+            ${{ runner.os }}-pip-
+
       - name: Generate date tag for nightly builds
         id: date
         if: inputs.is_nightly == true
@@ -69,63 +105,40 @@ jobs:
       - name: Set lowercase repository owner
         run: echo "REPOSITORY_OWNER_LOWER=$(echo $GITHUB_REPOSITORY_OWNER | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
 
-      # Set build context and dockerfile based on matrix
       - name: Set build parameters
         id: build-params
         run: |
-          # Skip multi-arch for PRs to speed up CI, unless explicitly disabled
-          PLATFORMS="linux/amd64"
-          if [ "${{ inputs.skip_multiarch }}" != "true" ] && [ "${{ github.event_name }}" != "pull_request" ]; then
-            PLATFORMS="linux/amd64,linux/arm64"
-          fi
+          # Default to cross-compilation for ARM64 (always enabled for better performance)
+          USE_CROSS_COMPILATION="${{ inputs.use_cross_compilation || 'true' }}"
 
           if [ "${{ matrix.image }}" = "extproc" ]; then
             echo "context=." >> $GITHUB_OUTPUT
-            echo "dockerfile=./Dockerfile.extproc" >> $GITHUB_OUTPUT
-            echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT
+            if [ "$USE_CROSS_COMPILATION" = "true" ] && [ "${{ matrix.arch }}" = "arm64" ]; then
+              echo "dockerfile=./Dockerfile.extproc.cross" >> $GITHUB_OUTPUT
+              echo "platform=linux/${{ matrix.arch }}" >> $GITHUB_OUTPUT
+            else
+              echo "dockerfile=./Dockerfile.extproc" >> $GITHUB_OUTPUT
+              echo "platform=linux/${{ matrix.arch }}" >> $GITHUB_OUTPUT
+            fi
           elif [ "${{ matrix.image }}" = "llm-katan" ]; then
             echo "context=./e2e-tests/llm-katan" >> $GITHUB_OUTPUT
             echo "dockerfile=./e2e-tests/llm-katan/Dockerfile" >> $GITHUB_OUTPUT
-            echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT
+            echo "platform=linux/${{ matrix.arch }}" >> $GITHUB_OUTPUT
           fi
 
-      # Extract version for llm-katan
-      - name: Extract version from pyproject.toml
-        id: version
-        if: matrix.image == 'llm-katan'
-        run: |
-          VERSION=$(grep '^version = ' e2e-tests/llm-katan/pyproject.toml | sed 's/version = "\(.*\)"/\1/')
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
-
-      # Generate tags for extproc
-      - name: Generate extproc tags
-        id: extproc-tags
-        if: matrix.image == 'extproc'
+      - name: Generate tags
+        id: tags
         run: |
           REPO_LOWER=$(echo $GITHUB_REPOSITORY_OWNER | tr '[:upper:]' '[:lower:]')
-          if [ "${{ inputs.is_nightly }}" = "true" ]; then
-            echo "tags=ghcr.io/${REPO_LOWER}/semantic-router/extproc:nightly-${{ steps.date.outputs.date_tag }}" >> $GITHUB_OUTPUT
-          else
-            if [ "${{ github.event_name }}" != "pull_request" ]; then
-              echo "tags=ghcr.io/${REPO_LOWER}/semantic-router/extproc:${{ github.sha }},ghcr.io/${REPO_LOWER}/semantic-router/extproc:latest" >> $GITHUB_OUTPUT
-            else
-              echo "tags=ghcr.io/${REPO_LOWER}/semantic-router/extproc:${{ github.sha }}" >> $GITHUB_OUTPUT
-            fi
-          fi
+          ARCH_SUFFIX="${{ matrix.arch }}"
 
-      # Generate tags for llm-katan
-      - name: Generate llm-katan tags
-        id: llm-katan-tags
-        if: matrix.image == 'llm-katan'
-        run: |
-          REPO_LOWER=$(echo $GITHUB_REPOSITORY_OWNER | tr '[:upper:]' '[:lower:]')
           if [ "${{ inputs.is_nightly }}" = "true" ]; then
-            echo "tags=ghcr.io/${REPO_LOWER}/semantic-router/llm-katan:nightly-${{ steps.date.outputs.date_tag }}" >> $GITHUB_OUTPUT
+            echo "tags=ghcr.io/${REPO_LOWER}/semantic-router/${{ matrix.image }}:nightly-${{ steps.date.outputs.date_tag }}-${ARCH_SUFFIX}" >> $GITHUB_OUTPUT
           else
             if [ "${{ github.event_name }}" != "pull_request" ]; then
-              echo "tags=ghcr.io/${REPO_LOWER}/semantic-router/llm-katan:${{ github.sha }},ghcr.io/${REPO_LOWER}/semantic-router/llm-katan:latest,ghcr.io/${REPO_LOWER}/semantic-router/llm-katan:v${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT
+              echo "tags=ghcr.io/${REPO_LOWER}/semantic-router/${{ matrix.image }}:${{ github.sha }}-${ARCH_SUFFIX}" >> $GITHUB_OUTPUT
             else
-              echo "tags=ghcr.io/${REPO_LOWER}/semantic-router/llm-katan:${{ github.sha }}" >> $GITHUB_OUTPUT
+              echo "tags=ghcr.io/${REPO_LOWER}/semantic-router/${{ matrix.image }}:pr-${{ github.event.number }}-${ARCH_SUFFIX}" >> $GITHUB_OUTPUT
             fi
           fi
 
@@ -135,23 +148,89 @@ jobs:
         with:
           context: ${{ steps.build-params.outputs.context }}
           file: ${{ steps.build-params.outputs.dockerfile }}
-          platforms: ${{ steps.build-params.outputs.platforms }}
+          platforms: ${{ steps.build-params.outputs.platform }}
           push: ${{ github.event_name != 'pull_request' }}
           load: ${{ github.event_name == 'pull_request' }}
-          tags: ${{ matrix.image == 'extproc' && steps.extproc-tags.outputs.tags || steps.llm-katan-tags.outputs.tags }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          tags: ${{ steps.tags.outputs.tags }}
+          cache-from: |
+            type=gha
+            type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache,mode=max
           build-args: |
             BUILDKIT_INLINE_CACHE=1
-            CARGO_BUILD_JOBS=4
+            CARGO_BUILD_JOBS=${{ github.event_name == 'pull_request' && '8' || '16' }}
+            CARGO_INCREMENTAL=1
+            RUSTC_WRAPPER=""
+            CARGO_NET_GIT_FETCH_WITH_CLI=true
             BUILDKIT_PROGRESS=plain
+            TARGETARCH=${{ matrix.arch }}
+            # Optimize Rust compilation for ARM64
+            CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
+            # Enable link-time optimization for release builds
+            CARGO_PROFILE_RELEASE_LTO=thin
+            CARGO_PROFILE_RELEASE_CODEGEN_UNITS=1
+            # Use faster linker
+            CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS="-C link-arg=-fuse-ld=lld"
+            CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS="-C link-arg=-fuse-ld=lld"
+
+  # Create multi-arch manifest for final images
+  create_manifest:
+    needs: build_native
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    if: github.event_name != 'pull_request'
+    strategy:
+      matrix:
+        image: [extproc, llm-katan]
+
+    steps:
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set lowercase repository owner
+        run: echo "REPOSITORY_OWNER_LOWER=$(echo $GITHUB_REPOSITORY_OWNER | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      - name: Generate date tag for nightly builds
+        id: date
+        if: inputs.is_nightly == true
+        run: echo "date_tag=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT
+
+      - name: Create and push manifest
+        run: |
+          REPO_LOWER=$(echo $GITHUB_REPOSITORY_OWNER | tr '[:upper:]' '[:lower:]')
+
+          # Create manifest for the specific image
+          if [ "${{ inputs.is_nightly }}" = "true" ]; then
+            TAG="nightly-${{ steps.date.outputs.date_tag }}"
+          else
+            TAG="${{ github.sha }}"
+          fi
+
+          # Create and push manifest
+          docker buildx imagetools create \
+            --tag ghcr.io/${REPO_LOWER}/semantic-router/${{ matrix.image }}:${TAG} \
+            ghcr.io/${REPO_LOWER}/semantic-router/${{ matrix.image }}:${TAG}-amd64 \
+            ghcr.io/${REPO_LOWER}/semantic-router/${{ matrix.image }}:${TAG}-arm64
+
+          # Also tag as latest for non-nightly builds
+          if [ "${{ inputs.is_nightly }}" != "true" ]; then
+            docker buildx imagetools create \
+              --tag ghcr.io/${REPO_LOWER}/semantic-router/${{ matrix.image }}:latest \
+              ghcr.io/${REPO_LOWER}/semantic-router/${{ matrix.image }}:${TAG}-amd64 \
+              ghcr.io/${REPO_LOWER}/semantic-router/${{ matrix.image }}:${TAG}-arm64
+          fi
 
       - name: Build summary
         if: always()
         run: |
-          if [ "${{ steps.build.conclusion }}" = "success" ]; then
-            echo "::notice title=Build Success::${{ matrix.image }} build completed successfully"
-            echo "Image digest: ${{ steps.build.outputs.digest }}"
+          if [ "${{ job.status }}" = "success" ]; then
+            echo "::notice title=Build Success::${{ matrix.image }} multi-arch manifest created successfully"
           else
             echo "::error title=Build Failed::${{ matrix.image }} build failed"
           fi

.gitignore

@@ -1,7 +1,8 @@
 # Rust
 target/
 **/*.rs.bk
-Cargo.lock
+# Note: Cargo.lock should be committed for applications and workspace roots
+# Cargo.lock
 
 # Python
 *.pyc

Dockerfile.extproc

@@ -1,20 +1,44 @@
 # Build the Rust library using Makefile
 FROM rust:1.85 as rust-builder
 
-# Install make and other build dependencies
+# Install make and other build dependencies including cross-compilation tools
 RUN apt-get update && apt-get install -y \
     make \
     build-essential \
     pkg-config \
+    lld \
+    clang \
+    gcc-aarch64-linux-gnu \
     && rm -rf /var/lib/apt/lists/*
 
+# Set up Rust for cross-compilation
+RUN rustup target add aarch64-unknown-linux-gnu x86_64-unknown-linux-gnu
+
+# Configure Cargo for optimized builds
+ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
+ENV CARGO_INCREMENTAL=1
+ENV CARGO_PROFILE_RELEASE_LTO=thin
+ENV CARGO_PROFILE_RELEASE_CODEGEN_UNITS=1
+ENV RUSTFLAGS="-C link-arg=-fuse-ld=lld"
+
 WORKDIR /app
 
-# Copy only essential files for Rust build
+# Copy dependency files first for better layer caching
+COPY candle-binding/Cargo.toml ./candle-binding/
+# Copy Cargo.lock if it exists in the build context
+COPY candle-binding/Cargo.loc[k] ./candle-binding/
 COPY tools/make/ tools/make/
 COPY Makefile ./
-COPY candle-binding/Cargo.toml candle-binding/
-COPY candle-binding/src/ candle-binding/src/
+
+# Pre-build dependencies to cache them
+RUN cd candle-binding && \
+    mkdir -p src && \
+    echo "fn main() {}" > src/lib.rs && \
+    cargo build --release && \
+    rm -rf src
+
+# Copy source code and build
+COPY candle-binding/src/ ./candle-binding/src/
 
 # Use Makefile to build the Rust library
 RUN make rust