Use multi-arch Maven base image so the Keycloak build works on arm64#1
Open
alexandrewavelet wants to merge 1 commit into
Open
Conversation
The unique-attribute-validator-provider stage used maven:3.9-eclipse-temurin-17-alpine, which only publishes a linux/amd64 manifest. On Apple Silicon (and any arm64 host) the build fails with "no match for platform in manifest: not found", so the Keycloak image cannot be built and the auth service never starts. Switch to maven:3.9-eclipse-temurin-17 (same Maven 3.9 + Temurin JDK 17, Debian-based), which is multi-arch (amd64, arm64, ...). The stage only compiles a Java jar, so the base OS does not affect the artifact and amd64 builds are unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
unique-attribute-validator-providerbuild stage inbuild/Dockerfileuses:FROM maven:3.9-eclipse-temurin-17-alpine AS unique-attribute-validator-providermaven:3.9-eclipse-temurin-17-alpineonly publishes a linux/amd64 manifest — there is no arm64 variant. On Apple Silicon (and any arm64 host) the image build fails immediately:Since this is the first stage, the whole Keycloak image cannot be built, so the auth service never starts on arm64.
Fix
Switch the base image to the non-Alpine tag:
FROM maven:3.9-eclipse-temurin-17 AS unique-attribute-validator-providerWhy this is safe for amd64 contributors
maven:3.9-eclipse-temurin-17is multi-arch (amd64,arm64,arm,ppc64le,riscv64,s390x) — a strict superset of the old amd64-only tag, so amd64 builds keep working.mvn clean packageand copies the resulting jar. It uses no Alpine-specific tooling, and the output is pure Java bytecode, so the build base has no effect on the artifact. The jar is then copied into the (unchanged) UBI-based Keycloak image.The only practical difference for amd64 is a slightly larger build image on first pull (Debian > Alpine). Native builds now work on every architecture, with no emulation.
Verification
Built end-to-end on arm64 (macOS, Apple Silicon): the provider jar compiles,
kc.sh buildpicks up theunique-attributeprovider, and the final Keycloak image is produced successfully.🤖 Generated with Claude Code