feat(ci): enhance Docker workflow for multi-architecture builds

[matusso]

User description

Update the GitHub Actions workflow to support multi-architecture
Docker image builds for both amd64 and arm64 platforms. Replace
Docker Buildx with standard Docker build commands, and update
caching paths and for better organization Add steps to
and push multi-platform manifests and integrate a SonarCloud
scan for improved code quality checks. This change aims to ensure
broader compatibility and maintainability of the binwalk project.

---

PR Type

Enhancement, Tests

---

Description

• Added separate jobs for building amd64 and arm64 Docker images.

• Introduced a job to create and push multi-platform Docker manifests.

• Integrated SonarCloud scanning for enhanced code quality checks.

• Updated caching paths and Docker commands for better organization.

---

Changes walkthrough 📝

	Relevant files
Enhancement	binwalk.yml Enhanced CI workflow for multi-architecture Docker builds .github/workflows/binwalk.yml Added separate jobs for building amd64 and arm64 Docker images. Introduced a job to create and push multi-platform Docker manifests. Integrated SonarCloud scanning for code quality checks. Updated Docker caching paths and replaced Buildx with standard Docker commands. +108/-26

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[qodo-merge-pro-for-open-source]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Runner Compatibility The arm64 build job uses 'ubuntu-24.04-arm' runner which may not be a standard GitHub-hosted runner. Verify this runner exists and is accessible. runs-on: ubuntu-24.04-arm Hard-coded Version The release version is hard-coded as an environment variable. Consider making this more dynamic or configurable through workflow inputs. RELEASE_VERSION: "v3.1.0"

[qodo-merge-pro-for-open-source]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix invalid ARM64 build runner The arm64 build job uses a non-standard runner 'ubuntu-24.04-arm' which likely doesn't exist. Use GitHub's standard ARM64 runner with QEMU emulation instead. .github/workflows/binwalk.yml [58-59] build-and-push-arm64: - runs-on: ubuntu-24.04-arm + runs-on: ubuntu-latest + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 Apply this suggestion Suggestion importance[1-10]: 10 __ Why: The suggestion addresses a critical issue where the workflow would fail due to using a non-existent runner. Using QEMU emulation is the correct approach for ARM64 builds on GitHub Actions.	High
General	Remove redundant Docker push commands The amd64 build has redundant docker push commands since '--push' flag is already used in the build command. Remove the separate push commands. .github/workflows/binwalk.yml [48-52] docker build --push --platform linux/amd64 \ --tag ghcr.io/${{ github.repository_owner }}/binwalk:${{ env.RELEASE_VERSION }}-amd64 \ --tag ghcr.io/${{ github.repository_owner }}/binwalk:latest-amd64 ./binwalk -docker push ghcr.io/${{ github.repository_owner }}/binwalk:${{ env.RELEASE_VERSION }}-amd64 -docker push ghcr.io/${{ github.repository_owner }}/binwalk:latest-amd64 Apply this suggestion Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies redundant push operations that could slow down the workflow and potentially cause issues. Removing them would improve efficiency and maintain the same functionality.	Medium
	Ensure atomic manifest operations The Docker manifest commands should be pushed after creation to ensure atomic operations. Add '--push' flag to manifest create commands. .github/workflows/binwalk.yml [99-101] docker manifest create ghcr.io/${{ github.repository_owner }}/binwalk:${{ env.RELEASE_VERSION }} \ --amend ghcr.io/${{ github.repository_owner }}/binwalk:${{ env.RELEASE_VERSION }}-amd64 \ - --amend ghcr.io/${{ github.repository_owner }}/binwalk:${{ env.RELEASE_VERSION }}-arm64 + --amend ghcr.io/${{ github.repository_owner }}/binwalk:${{ env.RELEASE_VERSION }}-arm64 \ + --push Apply this suggestion Suggestion importance[1-10]: 4 __ Why: While the suggestion aims to make manifest operations more atomic, the current approach with separate push commands is also valid and commonly used. The improvement would be minor and mostly about style preference.	Low

[qodo-merge-pro-for-open-source]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: security-scan

Failed stage: Run garethr/snyk-to-sarif@master [❌]

Failure summary: The action failed because the required input file snyk.json was not found. The Snyk-to-SARIF converter action attempted to convert a Snyk JSON report to SARIF format but couldn't locate the source file.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 272: ##[group]Run garethr/snyk-to-sarif@master 273: with: 274: input: snyk.json 275: output: snyk.sarif 276: env: 277: RELEASE_VERSION: v3.1.0 278: ##[endgroup] 279: ##[command]/usr/bin/docker run --name ee7571322efb499caf580a5e5334a769_3d1c1f --label 841350 --workdir /github/workspace --rm -e "RELEASE_VERSION" -e "INPUT_INPUT" -e "INPUT_FILE" -e "INPUT_OUTPUT" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/docker-builds/docker-builds":"/github/workspace" 841350:ee7571322efb499caf580a5e5334a769 "snyk.json" "--file" "" "-o" "snyk.sarif" 280: Problem opening file (FileNotFoundError) snyk.json

[sonarqubecloud]

Quality Gate passed for 'kiterunner'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed for 'routersploit'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed for 'pocketbase'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed for 'ghauri'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed for 'mvt-project'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate failed for 'binwalk'

Failed conditions
2 Security Hotspots
B Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.