Advanced Workflows¶
Multi-Architecture Images¶
Why?¶
RDK devices vary:
- ARMv7 (most common)
- ARM64 / AARCH64 (newer 64-bit SoCs)
- x86 (dev environments)
Manifest Creation¶
docker manifest create ghcr.io/org/app:1.2.3 \
ghcr.io/org/app:arm64-1.2.3 ghcr.io/org/app:armv7-1.2.3 ghcr.io/org/app:amd64-1.2.3
docker manifest push ghcr.io/org/app:1.2.3
QEMU Emulation¶
Used when building non-native architectures:
Image Size Optimization¶
1. Use scratch¶
Smallest possible image
2. Multi-stage builds¶
FROM rust:1.78 AS builder
WORKDIR /app
COPY Cargo.toml Cargo.lock ./
COPY src ./src
RUN cargo build --release
FROM scratch
COPY --from=builder /app/target/release/my-app /my-app
ENTRYPOINT ["/my-app"]
3. Strip binaries¶
4. Avoid unnecessary files¶
- No package managers
- No debug symbols
- No logs
- No unnecessary tools/libraries (e.g. curl, busybox, etc...)
Alpine Linux vs Scratch Images¶
| Feature | Alpine | Scratch |
|---|---|---|
| Size | ~5MB | ~0MB |
| Debugging | Easier (Terminal) | Hard |
| Security | Good | Best |
| 3rd Party Dependencies | Installable via Package Manager | Must be compiled from scratch |
GitHub Actions Optimizations¶
Caching¶
Parallel Target Arch Builds¶
OCI Image Metadata (Best Practices)¶
Include rich metadata:
LABEL org.opencontainers.image.title="RDK App"
LABEL org.opencontainers.image.description="Dashboard UI for RDK"
LABEL org.opencontainers.image.vendor="Your Company"
LABEL org.opencontainers.image.licenses="Apache-2.0"
GHCR (OCI Registry) Best Practices¶
- Use public images where possible
- Add descriptions in repo settings
- Use consistent naming, e.g.
ghcr.io/org/app
Optional Enhancements¶
- SBOM generation (Software Bill of Materials)
- Image signing (cosign)
- Vulnerability scanning
Key Takeaways¶
- Multi-arch support improves portability
- Smaller images = faster deployment + better security
- CI/CD pipelines should be optimized and cached
- Metadata improves maintainability and traceability