From b5036fae74291a83d07bc5f59146671bd48f1640 Mon Sep 17 00:00:00 2001
From: Chongyi Zheng <git@zcy.dev>
Date: Sat, 6 Jul 2024 17:34:21 -0400
Subject: [PATCH] feat: support arm64

---
 .github/workflows/cd.yml           |  4 ++++
 .github/workflows/ci.yml           | 19 +++++++++++++++++--
 Dockerfile                         | 26 +++++++++++++++++++++-----
 dependencies/python/build-venvs.sh |  7 +++++++
 scripts/linterVersions.sh          |  5 ++++-
 5 files changed, 53 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index fdfc6de3..b39facbf 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -83,6 +83,9 @@ jobs:
           sudo rm -rf /opt/ghc || true
           sudo rm -rf /usr/local/.ghcup || true
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -129,6 +132,7 @@ jobs:
           cache-to: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache,mode=max
           load: false
           push: true
+          platforms: linux/amd64,linux/arm64/v8
           secrets: |
             GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
           tags: |
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c7290e52..7db96f50 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -86,7 +86,7 @@ jobs:
       # Ref: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
       # github.head_ref: head_ref or source branch of the pull request
       # github.ref: ref of the branch that triggered the workflow
-      group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event_name }}-${{ matrix.images.target }}
+      group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event_name }}-${{ matrix.images.target }}-${{ matrix.images.platform }}
       cancel-in-progress: true
     strategy:
       fail-fast: false
@@ -94,9 +94,17 @@ jobs:
         images:
           - prefix: slim-
             target: slim
+            platform: linux/amd64
           - prefix: ""
             target: standard
-    timeout-minutes: 60
+            platform: linux/amd64
+          - prefix: slim-
+            target: slim
+            platform: linux/arm64/v8
+          - prefix: ""
+            target: standard
+            platform: linux/arm64/v8
+    timeout-minutes: 180
     env:
       CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
       CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
@@ -115,6 +123,9 @@ jobs:
           sudo rm -rf /opt/ghc || true
           sudo rm -rf /usr/local/.ghcup || true
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -130,6 +141,7 @@ jobs:
           cache-from: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache
           outputs: type=docker,dest=/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
           push: false
+          platforms: ${{ matrix.images.platform }}
           secrets: |
             GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
           tags: |
@@ -198,6 +210,7 @@ jobs:
 
       - name: Test Local Action (debug log)
         uses: ./
+        if: matrix.images.platform == 'linux/amd64'
         env:
           LOG_LEVEL: DEBUG
           CREATE_LOG_FILE: true
@@ -210,11 +223,13 @@ jobs:
           VALIDATE_JAVASCRIPT_STANDARD: false
 
       - name: Get the contents of the log file
+        if: matrix.images.platform == 'linux/amd64'
         run: |
           sudo cat super-linter.log
           sudo rm -v super-linter.log
 
       - name: Test Local Action (default log)
+        if: matrix.images.platform == 'linux/amd64'
         uses: ./
         env:
           VALIDATE_ALL_CODEBASE: false
diff --git a/Dockerfile b/Dockerfile
index cd95b87c..682410e5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@ FROM rhysd/actionlint:1.7.1 AS actionlint
 FROM scalameta/scalafmt:v3.8.3 AS scalafmt
 FROM zricethezav/gitleaks:v8.18.4 AS gitleaks
 FROM yoheimuta/protolint:0.50.5 AS protolint
-FROM ghcr.io/clj-kondo/clj-kondo:2024.08.01-alpine AS clj-kondo
+FROM ghcr.io/clj-kondo/clj-kondo:2024.08.01 AS clj-kondo
 FROM dart:3.5.1-sdk AS dart
 FROM mcr.microsoft.com/dotnet/sdk:8.0.401-alpine3.20 AS dotnet-sdk
 FROM mcr.microsoft.com/powershell:7.4-alpine-3.17 AS powershell
@@ -66,6 +66,8 @@ RUN apk add --no-cache \
 
 SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 
+ARG TARGETARCH
+
 COPY dependencies/python/ /stage
 WORKDIR /stage
 RUN ./build-venvs.sh && rm -rfv /stage
@@ -113,10 +115,10 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 COPY scripts/install-lintr.sh scripts/install-r-package-or-fail.R /
 RUN /install-lintr.sh && rm -rf /install-lintr.sh /install-r-package-or-fail.R
 
-FROM powershell AS powershell-installer
-
+FROM --platform=linux/amd64 powershell AS powershell-installer
 # Copy the value of the PowerShell install directory to a file so we can reuse it
 # when copying PowerShell stuff in the main image
+RUN echo "${PS_VERSION}" > /tmp/PS_VERSION
 RUN echo "${PS_INSTALL_FOLDER}" > /tmp/PS_INSTALL_FOLDER
 
 FROM php-composer AS php-linters
@@ -368,7 +370,7 @@ COPY --from=kubeconfrm /kubeconform /usr/bin/
 #####################
 # Install clj-kondo #
 #####################
-COPY --from=clj-kondo /bin/clj-kondo /usr/bin/
+COPY --from=clj-kondo /usr/local/bin/clj-kondo /usr/bin/
 
 ####################
 # Install dart-sdk #
@@ -439,6 +441,8 @@ ENTRYPOINT ["/action/lib/linter.sh"]
 
 FROM base_image AS slim
 
+ARG TARGETARCH
+
 # Run to build version file and validate image
 ENV IMAGE="slim"
 COPY scripts/linterVersions.sh /
@@ -502,16 +506,27 @@ RUN dotnet help
 #########################################
 # Install Powershell + PSScriptAnalyzer #
 #########################################
+COPY --from=powershell-installer /tmp/PS_VERSION /tmp/PS_VERSION
 COPY --from=powershell-installer /tmp/PS_INSTALL_FOLDER /tmp/PS_INSTALL_FOLDER
 COPY --from=powershell /opt/microsoft/powershell /opt/microsoft/powershell
+ARG TARGETARCH
 # Disable Powershell telemetry
 ENV POWERSHELL_TELEMETRY_OPTOUT=1
 ARG PSSA_VERSION='1.22.0'
 RUN PS_INSTALL_FOLDER="$(cat /tmp/PS_INSTALL_FOLDER)" \
     && echo "PS_INSTALL_FOLDER: ${PS_INSTALL_FOLDER}" \
-    && ln -s "${PS_INSTALL_FOLDER}/pwsh" /usr/bin/pwsh \
+    && if [[ "${TARGETARCH}" == "amd64" ]]; then \
+    ln -s "${PS_INSTALL_FOLDER}/pwsh" /usr/bin/pwsh \
     && chmod a+x,o-w "${PS_INSTALL_FOLDER}/pwsh" \
     && pwsh -c "Install-Module -Name PSScriptAnalyzer -RequiredVersion ${PSSA_VERSION} -Scope AllUsers -Force" \
+    ; else \
+    # Download arm64 version of PowerShell
+    PS_VERSION="$(cat /tmp/PS_VERSION)" \
+    && PS_PACKAGE_URL="https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/powershell-${PS_VERSION}-linux-arm64.tar.gz" \
+    && wget -q -O - "${PS_PACKAGE_URL}" | tar -xz -C "${PS_INSTALL_FOLDER}" \
+    && ln -s "${PS_INSTALL_FOLDER}/pwsh" /usr/bin/pwsh \
+    && chmod a+x,o-w "${PS_INSTALL_FOLDER}/pwsh" \
+    ; fi \
     && rm -rf /tmp/PS_INSTALL_FOLDER
 
 #############################################################
@@ -522,6 +537,7 @@ RUN --mount=type=secret,id=GITHUB_TOKEN /install-arm-ttk.sh && rm -rf /install-a
 
 # Run to build version file and validate image again because we installed more linters
 ENV IMAGE="standard"
+ARG TARGETARCH
 COPY scripts/linterVersions.sh /
 RUN /linterVersions.sh \
     && rm -rfv /linterVersions.sh
diff --git a/dependencies/python/build-venvs.sh b/dependencies/python/build-venvs.sh
index 4b1fcfa7..e15f5593 100755
--- a/dependencies/python/build-venvs.sh
+++ b/dependencies/python/build-venvs.sh
@@ -10,6 +10,7 @@ set -euo pipefail
 
 apk add --no-cache --virtual .python-build-deps \
   gcc \
+  libffi-dev \
   linux-headers \
   musl-dev \
   python3-dev
@@ -24,6 +25,12 @@ mkdir -p /venvs
 ########################################
 pip install virtualenv
 
+if [[ "${TARGETARCH}" != "amd64" ]]; then
+  # Install Rust compiler (required by checkov on arm64) #
+  # remove this once https://github.com/bridgecrewio/checkov/pull/6045 is merged
+  apk add --no-cache rust cargo
+fi
+
 #######################################################
 # Iterate through requirments.txt to install binaries #
 #######################################################
diff --git a/scripts/linterVersions.sh b/scripts/linterVersions.sh
index db599f9d..33d5e65d 100755
--- a/scripts/linterVersions.sh
+++ b/scripts/linterVersions.sh
@@ -72,7 +72,6 @@ LINTER_NAMES_ARRAY['R']="R"
 LINTER_NAMES_ARRAY['RAKU']="raku"
 LINTER_NAMES_ARRAY['RENOVATE']="renovate-config-validator"
 LINTER_NAMES_ARRAY['RUBY']="rubocop"
-LINTER_NAMES_ARRAY['SCALAFMT']="scalafmt"
 LINTER_NAMES_ARRAY['SHELL_SHFMT']="shfmt"
 LINTER_NAMES_ARRAY['SNAKEMAKE_LINT']="snakemake"
 LINTER_NAMES_ARRAY['SNAKEMAKE_SNAKEFMT']="snakefmt"
@@ -92,6 +91,10 @@ LINTER_NAMES_ARRAY['XML']="xmllint"
 LINTER_NAMES_ARRAY['YAML']="yamllint"
 LINTER_NAMES_ARRAY['YAML_PRETTIER']="prettier"
 
+if [[ "${TARGETARCH}" == "amd64" ]]; then
+  LINTER_NAMES_ARRAY['SCALAFMT']="scalafmt"
+fi
+
 if [[ "${IMAGE}" == "standard" ]]; then
   LINTER_NAMES_ARRAY['ARM']="arm-ttk"
   LINTER_NAMES_ARRAY['CSHARP']="dotnet"