Remove 32bit builds

[tankerkiller125]

What type of PR is this?

• builds

What this PR does / why we need it:

This PR drops 32 bit builds entirely (docker, binary, etc.) for all CPU architectures (ARM, x86, etc.)

Context

For some context as to why we would do this, there's quite a bit of background.

CPUs Manufacturers

• Intel - Dropping 32 bit CPUs (industrial use only currently) and they've proposed dropping the 32 bit API entirely from their future CPUs
• ARM - ARM itself dropped 32 bit around 4 years ago
• Qualcomm - Dropped it around 3 years ago
• AMD - Hasn't made a 32 bit CPU in 20 years

OSes

• Windows - dropped 32 bit in Windows 11 (and Windows 10 didn't truly support it properly)
• Linux - There has been talks about dropping active development of 32 bit for the kernel in the next few years
  • Ubuntu - Dropped 32 bit some time ago
  • Fedora - Dropped 32 bit in version 44
  • Debian - Version 13 is set to drop 32 bit entirely
  • Arch - Dropped 32 bit nearly a decade ago
  • openSuse - Dropped 32 bit quite some time ago
  • Gentoo - Dropped 32 bit in main branches
• Mac - We don't build 32 bit mac to begin with, and the last 32bit Mac was probably 2 decades ago or something.

Applications

• Most browsers either never had 32 bit support, or have already dropped it
• Firefox is dropping 32 bit in 2026

Our Own Things

We've regularly encountered some issues with building for 32 bit architectures, especially just builds taking a very long time to complete, resulting in slower than planned release build times. We also don't test on any 32 bit architectures, so any bugs caused by 32 bit we don't know about, and we really don't have a way to test short of spinning up a 32 bit VM (with who knows what OS)

Additionally, of those with HBOX_OPTIONS_ALLOW_ANALYTICS=true there is maybe one user of a 32bit architecture system. (As a reminder, our analytics are always open to view https://homebox.software/en/analytics/ )

Some Final Thoughts on Our End

32 bit doesn't really take extra effort on a day to day for us, Golang cross-compiles to 32 bit pretty well and Javascript just doesn't care. However, it does eat up time during releases (time we could be using to help people upgrade, or work on bug fixes), and it does eat up time during PR tests and builds.

We also have zero way to validate and test against 32 bit CPUs, Github doesn't have 32 bit Action Runners, and emulating inside Github Actions is a royal PITA (and very slow). Which means that there could be some major bugs in 32 bit builds we've never seen, and never will see in our regular development efforts.

Dropping 32 bit seems like a good way forward to speed up release times a bit, and prevent bug reports for things we'll never be able to replicate. You will of course always be able to download the sources of Homebox and build it for 32 bit if you so choosed.

Summary by CodeRabbit

• Chores
  • CI publish workflows now assign a specific runner per platform and build only for linux/amd64 and linux/arm64 (linux/arm/v7 removed).
  • Release configuration no longer produces 32-bit (386) or ARMv7 builds; tag and archive naming simplified for remaining targets.
  • No changes to application runtime behavior; only build/release outputs and supported platforms are affected.

[coderabbitai]

Walkthrough

Workflows now assign a per-platform runner via matrix.include and remove linux/arm/v7; retained platforms are linux/amd64 and linux/arm64. GoReleaser drops 386 and arm builds and related ignore logic. Security recommendations: verify published manifests, tags, and provenance/signing after removing architectures.

Changes

Cohort / File(s)	Summary
GitHub Actions: Docker publish workflows ​.github/workflows/docker-publish.yaml, ​.github/workflows/docker-publish-rootless.yaml, ​.github/workflows/docker-publish-hardened.yaml	Replace global runs-on with per-entry matrix.runner via matrix.include; remove linux/arm/v7; keep linux/amd64 and linux/arm64 with explicit runner mappings (amd64 → ubuntu-latest, arm64 → ubuntu-24.04-arm).
Release build configuration backend/.goreleaser.yaml	Remove 386 and arm from goarch; delete associated ignore entries; simplify dynamic tag handling (remove arm/386 branches) and archive naming logic for i386 cases.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Maintainer
  participant GH as GitHub Actions
  participant MX as Matrix (include entries)
  participant Job as Build Job
  participant Registry as Docker Registry

  Dev->>GH: Push / tag / dispatch
  GH->>MX: Expand matrix.include (platform + runner)
  Note over MX: Entries: linux/amd64 → ubuntu-latest<br/>linux/arm64 → ubuntu-24.04-arm
  MX-->>Job: Spawn job with runs-on: matrix.runner
  rect rgb(235,245,255)
    Job->>Registry: Build and push images (per-platform)
  end
  GH-->>Dev: Report artifacts / digests

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–30 minutes

Areas to focus during review:

• Workflow correctness: ensure matrix.runner values match available GitHub-hosted runners and self-hosted labels.
• Manifest composition: confirm multi-arch manifest generation excludes removed platforms and retains correct tagging.
• GoReleaser: validate build matrix, archives naming, and that no required platform combinations were unintentionally dropped.

Possibly related PRs

• fix: trying to solve the arm build process issue. #365: adjusts Docker publish workflows and multi-platform matrix entries (direct overlap with runner/matrix changes).
• chore: split arm docker builds into their own tags #264: modifies Docker publish workflows and ARM platform support (related removal of armv7).
• Attempt to revert NodeJS so ARM 32bit builds work again #1081: touches ARM/architecture build adjustments similar to those in GoReleaser and workflows.

Suggested reviewers

• katosdev
• tonyaellie

Poem

Two arches trimmed, the matrix grows lean,
amd64 and arm64 step up on the scene.
CI reroutes runners, tags fall in line,
GoReleaser hums a simpler design.
Small changes, steady ships — builds stay fine. 🚢✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description includes all required sections: PR type (builds), detailed explanation of changes with context, but does not explicitly reference which issue(s) this PR fixes as required by the template.	Add a 'Which issue(s) this PR fixes' section listing any related issues, or explicitly state 'N/A' if no specific issue is being addressed.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Remove 32bit builds' is concise, clear, and directly summarizes the main change: eliminating 32-bit build support across all platforms.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch mk/kill-32-bit

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying homebox-docs with    Cloudflare Pages

Latest commit:	c70005a
Status:	✅  Deploy successful!
Preview URL:	https://3fab7600.homebox-docs.pages.dev
Branch Preview URL:	https://mk-kill-32-bit.homebox-docs.pages.dev

View logs

[tankerkiller125]

@coderabbitai review full

[coderabbitai]

@tankerkiller125, I'll conduct a full review of this PR that removes 32-bit builds across all architectures.

Based on the comprehensive context you've provided, this appears to be a well-reasoned decision given the industry-wide trend away from 32-bit architectures. The rationale covers CPU manufacturers, operating systems, and practical considerations like build times and testing capabilities.

For security considerations: Dropping 32-bit support actually improves the security posture by:

• Reducing the attack surface by eliminating less-tested build targets
• Focusing security efforts on actively maintained and tested 64-bit platforms
• Aligning with modern security practices where 32-bit systems often lack modern security features

I'll review all the changes to ensure the 32-bit removal is comprehensive and doesn't introduce any issues.

✅ Actions performed

Full review triggered.

[tankerkiller125]

@coderabbitai review full

[coderabbitai]

@tankerkiller125, I'll conduct a full review of this PR to examine the removal of 32-bit builds across all architectures and build workflows.

I'll analyze:

• Docker workflow changes (hardened, rootless, and standard)
• GoReleaser configuration updates
• Completeness of 32-bit architecture removal
• Any potential impacts on existing functionality

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/docker-publish.yaml (1)

116-116: Fix unintended whitespace in environment variable substitution.

Line 116 contains extra whitespace (likely a tab) between github.sha and }}, which will cause the environment variable to include trailing whitespace. This could cause downstream comparison or tagging issues.

Apply this fix:

          build-args: |
            VERSION=${{ github.ref_name }}
-           COMMIT=${{ github.sha	}}
+           COMMIT=${{ github.sha }}

🧹 Nitpick comments (1)

.github/workflows/docker-publish-rootless.yaml (1)

99-102: QEMU setup is now optional but harmless.

With the shift to native ubuntu-24.04-arm runners for arm64 builds, the QEMU setup may no longer be strictly necessary. However, keeping it in place is benign and provides defensive compatibility if future workflows add cross-platform builds. You may optionally remove it to streamline the workflow.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 825e72b and 364e6cd.

📒 Files selected for processing (4)

• .github/workflows/docker-publish-hardened.yaml (2 hunks)
• .github/workflows/docker-publish-rootless.yaml (2 hunks)
• .github/workflows/docker-publish.yaml (2 hunks)
• backend/.goreleaser.yaml (0 hunks)

💤 Files with no reviewable changes (1)

• backend/.goreleaser.yaml

🔇 Additional comments (4)

.github/workflows/docker-publish-rootless.yaml (1)

40-40: Per-platform runner mapping is correctly configured for 64-bit builds.

The ubuntu-24.04-arm label is valid for public repository workflows, and the matrix.include approach provides optimal performance by using native runners instead of emulation. This aligns well with the 32-bit removal strategy—eliminating linux/arm/v7 and using dedicated runners for linux/amd64 and linux/arm64 reduces build times and complexity.

Also applies to: 50-54

.github/workflows/docker-publish-hardened.yaml (2)

36-36: Matrix and runner configuration mirrors the rootless workflow—well structured for 64-bit builds.

The per-entry runner mapping correctly eliminates linux/arm/v7 and optimizes platform assignment. The Cobalt 100-based arm64 runners provide native execution without virtualization, improving performance over emulation.

Also applies to: 46-50

---

76-76: Best practice: Action SHAs are pinned for reproducibility.

Pinning action versions to commit SHAs (e.g., c1e51972afc2... instead of v5) ensures deterministic workflows and reduces supply-chain attack surface. This is a security best practice that complements the 32-bit removal by narrowing the attack surface further.

Also applies to: 83-83, 90-90, 97-97, 102-102, 109-109, 133-133, 153-153

.github/workflows/docker-publish.yaml (1)

40-40: Matrix and runner configuration correctly supports 64-bit platforms only.

The per-entry runner mapping eliminates linux/arm/v7 and uses appropriate runners for each platform. This achieves the PR's goal of removing 32-bit builds while maintaining efficient native execution.

Also applies to: 50-54