Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds ARM (aarch64) architecture support for building EMT3 (Edge Microvisor Toolkit 3) raw disk images. The changes enable cross-platform image composition by introducing ARM-specific configurations, build scripts, and CI/CD workflows alongside the existing x86_64 support.
Changes:
- Added ARM build script and GitHub Actions workflow for automated EMT3 ARM image builds
- Created ARM-specific configuration files including repository settings, chroot environment, and image templates
- Extended architecture support in EMT3 config to include aarch64 alongside x86_64
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/build_emt3_arm_raw.sh | New build script for EMT3 ARM raw images with QEMU boot testing support |
| .github/workflows/build-emt3-arm-raw.yml | GitHub Actions workflow for automated ARM image builds and testing |
| image-templates/emt3-aarch64-minimal-raw.yml | ARM-specific image template with minimal package set and ARM64 partition types |
| config/osv/edge-microvisor-toolkit/emt3/providerconfigs/aarch64_repo.yml | ARM repository configuration for package sources |
| config/osv/edge-microvisor-toolkit/emt3/imageconfigs/defaultconfigs/default-raw-aarch64.yml | Default ARM image configuration with package list adjustments |
| config/osv/edge-microvisor-toolkit/emt3/config.yml | Added aarch64 architecture section to main configuration |
| config/osv/edge-microvisor-toolkit/emt3/chrootenvconfigs/chrootenv_aarch64.yml | ARM chroot environment package specifications |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - platform-telemetry-agent | ||
| - platform-update-agent | ||
| - in-band-manageability | ||
| - reporting-agent |
There was a problem hiding this comment.
The 'in-band-manageability' package is present in the x86_64 default configuration (default-raw-x86_64.yml line 89) but was removed from the ARM configuration. If this package is not available or not supported on ARM architecture, consider adding a comment explaining the removal. If the package should be included, add it back to maintain feature parity between architectures.
| - name: Install system deps | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y qemu-system-aarch64 ovmf tree jq systemd-ukify mmdebstrap systemd-boot |
There was a problem hiding this comment.
The qemu-efi-aarch64 package is missing from the system dependencies. Other ARM workflows (e.g., build-azl3-arm-raw.yml, build-elxr12-arm-raw.yml, build-ubuntu24-arm-raw.yml) include this package in their system dependencies. This package provides ARM-specific UEFI firmware files needed for QEMU ARM virtualization. Add qemu-efi-aarch64 to the package list to be consistent with other ARM workflows.
| sudo apt-get install -y qemu-system-aarch64 ovmf tree jq systemd-ukify mmdebstrap systemd-boot | |
| sudo apt-get install -y qemu-system-aarch64 qemu-efi-aarch64 ovmf tree jq systemd-ukify mmdebstrap systemd-boot |
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v6.0.2 | ||
| with: |
There was a problem hiding this comment.
The workflow defines a 'ref' input parameter but doesn't use it in the checkout step. Other ARM workflows (e.g., build-elxr12-arm-raw.yml line 34) pass this to the checkout action with 'ref: ${{ github.event.inputs.ref || github.ref }}'. This allows users to manually trigger the workflow on a specific branch or SHA. Either use the ref input in the checkout step or remove it from the workflow_dispatch inputs if it's not needed.
| with: | |
| with: | |
| ref: ${{ github.event.inputs.ref || github.ref }} |
| - name: Notify on failure | ||
| if: ${{ failure() && github.event_name == 'pull_request' }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| REVIEWER_ID: srmungar | ||
| run: | | ||
| PR_AUTHOR=$(jq --raw-output 'try .pull_request.user.login // empty' "$GITHUB_EVENT_PATH") | ||
| if [ -z "$PR_AUTHOR" ]; then | ||
| echo "PR_AUTHOR not found in event payload. Skipping notification." | ||
| exit 0 | ||
| fi | ||
| COMMENT_BODY="Hey @$PR_AUTHOR and @$REVIEWER_ID — the EMT3 raw image build has failed. Please check the logs." | ||
| curl -s -X POST \ | ||
| -H "Authorization: Bearer $GITHUB_TOKEN" \ | ||
| -H "Accept: application/vnd.github.v3+json" \ | ||
| --data "{\"body\": \"$COMMENT_BODY\"}" \ | ||
| "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" |
There was a problem hiding this comment.
The workflow is missing artifact upload steps that are present in other ARM workflows. For example, build-azl3-arm-raw.yml (lines 85-95) and build-elxr12-arm-raw.yml (lines 91-102) include steps to set file permissions and upload build artifacts. Without these steps, the built image files won't be available as GitHub Actions artifacts. Add the missing artifact upload steps after the build step to preserve the build outputs.
| component: "emt3.0-base-arm" # Repository component/section identifier | ||
| gpgCheck: false # Enabled with Intel GPG key | ||
| repoGPGCheck: false # Enabled with Intel GPG key | ||
| enabled: false |
There was a problem hiding this comment.
The repository configuration has 'enabled: false' which means the repository won't be used during the build process. This differs from the x86_64 configuration (x86_64_repo.yml line 9) which has 'enabled: true'. If this repository is needed for the ARM build, this should be set to 'true'. If the repository is intentionally disabled for testing or other reasons, consider adding a comment explaining why.
| enabled: false | |
| enabled: false # Intentionally disabled for ARM builds; x86_64 uses this repo, ARM does not currently require it |
| gpgCheck: false # Enabled with Intel GPG key | ||
| repoGPGCheck: false # Enabled with Intel GPG key | ||
| enabled: false | ||
| #gpgKey: "https://raw.githubusercontent.com/open-edge-platform/edge-microvisor-toolkit/refs/heads/3.0/SPECS/edge-repos/INTEL-RPM-GPG-KEY" |
There was a problem hiding this comment.
The GPG check settings differ between ARM and x86_64 configurations. The ARM config has 'gpgCheck: false' and 'repoGPGCheck: false' (lines 8-9), while the x86_64 config (x86_64_repo.yml lines 7-8) has both set to 'true' with a configured GPG key. This inconsistency could indicate a security concern or an incomplete configuration. If GPG checking should be disabled for ARM builds, add a comment explaining why. Otherwise, enable GPG checks and configure the appropriate GPG key.
| gpgCheck: false # Enabled with Intel GPG key | |
| repoGPGCheck: false # Enabled with Intel GPG key | |
| enabled: false | |
| #gpgKey: "https://raw.githubusercontent.com/open-edge-platform/edge-microvisor-toolkit/refs/heads/3.0/SPECS/edge-repos/INTEL-RPM-GPG-KEY" | |
| gpgCheck: true # Enabled with Intel GPG key | |
| repoGPGCheck: true # Enabled with Intel GPG key | |
| enabled: false | |
| gpgKey: "https://raw.githubusercontent.com/open-edge-platform/edge-microvisor-toolkit/refs/heads/3.0/SPECS/edge-repos/INTEL-RPM-GPG-KEY" |
| - "false" | ||
| push: | ||
| branches: | ||
| - emt3enablingforarm |
There was a problem hiding this comment.
The workflow is configured to trigger on pushes to 'emt3enablingforarm' branch instead of 'main'. Other similar workflows (e.g., build-emt3-raw.yml lines 16-21, build-elxr12-arm-raw.yml lines 16-21) trigger on 'main' branch for both push and pull_request events. This custom branch trigger suggests this is a development/testing workflow that may need to be updated before merging to production. Consider updating the trigger to use 'main' branch and adding pull_request triggers for consistency with other workflows.
| - emt3enablingforarm | |
| - main | |
| pull_request: | |
| branches: | |
| - main |
…a repometa data has list of rpms belonging to all architectures
srmungar
requested review from
adimoft,
daveroge,
manilk1x and
shanedonohue
as code owners
Merge Checklist
All boxes should be checked before merging the PR
Description
Any Newly Introduced Dependencies
How Has This Been Tested?