MLE-14549 Docker ARM image builds

Jenkinsfile

@@ -29,11 +29,17 @@ RPMversion = ''
  * - Initializes parameters as environment variables.
  * - Extracts Jira ID from branch name or PR title.
  * - Checks if the PR is a draft or has requested changes (for PR builds).
+ * - Validates ARM image types are only used with MarkLogic 11.
  */
 void preBuildCheck() {
     // Initialize parameters as env variables (workaround for https://issues.jenkins-ci.org/browse/JENKINS-41929)
     evaluate """${ def script = ''; params.each { k, v -> script += "env.${k} = '''${v}'''\n" }; return script}"""
 
+    // Validate ARM images are only supported for MarkLogic 11
+    if (env.dockerImageType.contains('arm') && env.marklogicVersion != '11') {
+        error "ARM images (${env.dockerImageType}) are only supported for MarkLogic 11. Current version: ${env.marklogicVersion}"
+    }
+
     JIRA_ID = extractJiraID()
     echo 'Jira ticket number: ' + JIRA_ID
 
@@ -180,6 +186,9 @@ void resultNotification(status) {
  * Sets RPM, CONVERTERS, and marklogicVersion global variables.
  */
 void copyRPMs() {
+    // Determine architecture suffix based on image type
+    def archSuffix = dockerImageType.contains('arm') ? 'aarch64' : 'x86_64'
+
     if (marklogicVersion == "10") {
         RPMsuffix = "-nightly"
         RPMbranch = "b10"
@@ -205,23 +214,34 @@ void copyRPMs() {
     }
     sh """
         cd src
+        ARM_DATE=\$(TZ=America/Los_Angeles date +%Y%m%d)
         if [ -z ${env.ML_RPM} ]; then
-            wget --no-verbose https://bed-artifactory.bedford.progress.com:443/artifactory/ml-rpm-tierpoint/${RPMbranch}/server/MarkLogic-${RPMversion}${RPMsuffix}.x86_64.rpm
+            if [ "${archSuffix}" = "aarch64" ]; then
+                wget --no-check-certificate --no-verbose https://bed-artifactory.bedford.progress.com:443/artifactory/ml-rpm-dev-tierpoint/${RPMbranch}/server-arm/MarkLogic-${RPMversion}.\${ARM_DATE}-rhel9.aarch64.rpm
+            else
+                wget --no-check-certificate --no-verbose https://bed-artifactory.bedford.progress.com:443/artifactory/ml-rpm-tierpoint/${RPMbranch}/server/MarkLogic-${RPMversion}${RPMsuffix}.${archSuffix}.rpm
+            fi
         else
-            wget --no-verbose ${ML_RPM}
+            wget --no-check-certificate --no-verbose ${ML_RPM}
         fi
         if [ -z ${env.ML_CONVERTERS}]; then
-            wget --no-verbose https://bed-artifactory.bedford.progress.com:443/artifactory/ml-rpm-tierpoint/${RPMbranch}/converters/MarkLogicConverters-${RPMversion}${RPMsuffix}.x86_64.rpm
+            if [ "${archSuffix}" = "aarch64" ]; then
+                # ARM converters package not yet available in Artifactory - converters can be installed at runtime via INSTALL_CONVERTERS env var
+                # For now, create a placeholder to allow build to proceed
+                touch MarkLogicConverters-placeholder.rpm
+            else
+                wget --no-check-certificate --no-verbose https://bed-artifactory.bedford.progress.com:443/artifactory/ml-rpm-tierpoint/${RPMbranch}/converters/MarkLogicConverters-${RPMversion}${RPMsuffix}.${archSuffix}.rpm
+            fi
         else
-            wget --no-verbose ${ML_CONVERTERS}
+            wget --no-check-certificate --no-verbose ${ML_CONVERTERS}
         fi
     """
     script {
         // Get the RPM and Converters file names
         RPM = sh(returnStdout: true, script: 'cd src;file MarkLogic-*.rpm | cut -d: -f1').trim()
         CONVERTERS = sh(returnStdout: true, script: 'cd src;file MarkLogicConverters-*.rpm | cut -d: -f1').trim()
-        // Extract MarkLogic version from RPM file name
-        marklogicVersion = sh(returnStdout: true, script: "echo ${RPM}|  awk -F \"MarkLogic-\" '{print \$2;}'  | awk -F \".x86_64.rpm\"  '{print \$1;}' | awk -F \"-rhel\"  '{print \$1;}' ").trim()
+        // Extract MarkLogic version from RPM file name (handle both x86_64 and aarch64)
+        marklogicVersion = sh(returnStdout: true, script: "echo ${RPM}|  awk -F \"MarkLogic-\" '{print \$2;}'  | awk -F \".x86_64.rpm\"  '{print \$1;}' | awk -F \".aarch64.rpm\"  '{print \$1;}' | awk -F \"-rhel\"  '{print \$1;}' ").trim()
     }
 }
 
@@ -471,15 +491,15 @@ pipeline {
     parameters {
         string(name: 'emailList', defaultValue: emailList, description: 'List of email for build notification', trim: true)
         string(name: 'dockerVersion', defaultValue: '2.2.3', description: 'ML Docker version. This version along with ML rpm package version will be the image tag as {ML_Version}_{dockerVersion}', trim: true)
-        choice(name: 'dockerImageType', choices: 'ubi-rootless\nubi\nubi9-rootless\nubi9', description: 'Platform type for Docker image. Will be made part of the docker image tag')
+        choice(name: 'dockerImageType', choices: 'ubi-rootless\nubi\nubi9-rootless\nubi9\nubi9-arm\nubi9-rootless-arm', description: 'Platform type for Docker image. Will be made part of the docker image tag')
         string(name: 'upgradeDockerImage', defaultValue: '', description: 'Docker image for testing upgrades. Defaults to ubi image if left blank.\n Currently upgrading to ubi-rotless is not supported hence the test is skipped when ubi-rootless image is provided.', trim: true)
         choice(name: 'marklogicVersion', choices: '12\n11\n10', description: 'MarkLogic Server Branch. used to pick appropriate rpm')
         string(name: 'ML_RPM', defaultValue: '', description: 'URL for RPM to be used for Image creation. \n If left blank nightly ML rpm will be used.\n Please provide Jenkins accessible path e.g. /project/engineering or /project/qa', trim: true)
         string(name: 'ML_CONVERTERS', defaultValue: '', description: 'URL for the converters RPM to be included in the image creation \n If left blank the nightly ML Converters Package will be used.', trim: true)
         booleanParam(name: 'PUBLISH_IMAGE', defaultValue: false, description: 'Publish image to internal registry')
         booleanParam(name: 'TEST_STRUCTURE', defaultValue: true, description: 'Run container structure tests')
-    booleanParam(name: 'DOCKER_TESTS', defaultValue: true, description: 'Run docker tests')
-    string(name: 'DOCKER_TEST_LIST', defaultValue: '', description: 'Comma separated list of test names to run (e.g Test one, Test two). Leave empty to run all tests.', trim: true)
+        booleanParam(name: 'DOCKER_TESTS', defaultValue: true, description: 'Run docker tests')
+        string(name: 'DOCKER_TEST_LIST', defaultValue: '', description: 'Comma separated list of test names to run (e.g Test one, Test two). Leave empty to run all tests.', trim: true)
         booleanParam(name: 'SCAP_SCAN', defaultValue: false, description: 'Run Open SCAP scan on the image.')
     }
 

Makefile

@@ -1,8 +1,8 @@
-# Copyright © 2018-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+# Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 dockerTag?=internal
 package?=MarkLogic.rpm
 repo_dir=marklogic
-docker_build_options=--compress --platform linux/amd64
+docker_build_options=--compress
 build_branch?=local
 docker_image_type?=ubi
 upgrade_docker_image_type?=ubi
@@ -11,13 +11,31 @@ current_image?=${repo_dir}/marklogic-server-${docker_image_type}:${dockerTag}
 # Latest release tag can be found here: https://github.com/ComplianceAsCode/content/releases
 open_scap_version?=0.1.79
 
+#***************************************************************************
+# set docker platform based on the docker image type
+#***************************************************************************
+ifeq ($(findstring arm,$(docker_image_type)),arm)
+	docker_build_options += --platform linux/arm64
+	export DOCKER_PLATFORM=linux/arm64
+else
+	docker_build_options += --platform linux/amd64
+	export DOCKER_PLATFORM=linux/amd64
+endif
+
 #***************************************************************************
 # build docker image
 #***************************************************************************
 build:
 # NOTICE file need to be in the build context to be included in the built image
 	cp NOTICE.txt src/NOTICE.txt
 
+# Install ARM64 emulation support on Linux (assuming Jenkins environment which is not aarch64)
+ifeq ($(findstring arm,$(docker_image_type)),arm)
+ifeq ($(shell uname -s),Linux)
+	docker run --privileged --rm tonistiigi/binfmt --install arm64
+endif
+endif
+
 # rootless images use the same dependencies as ubi image so we copy the file
 ifeq ($(docker_image_type),ubi9)
 	cp dockerFiles/marklogic-server-ubi\:base dockerFiles/marklogic-server-ubi9\:base
@@ -27,10 +45,15 @@ ifeq ($(findstring rootless,$(docker_image_type)),rootless)
 	cp dockerFiles/marklogic-deps-ubi9\:base dockerFiles/marklogic-deps-ubi9-rootless\:base
 	cp dockerFiles/marklogic-server-ubi-rootless\:base dockerFiles/marklogic-server-ubi9-rootless\:base
 endif
+# ubi9-rootless-arm needs deps from ubi9-arm and server template from ubi-rootless
+ifeq ($(docker_image_type),ubi9-rootless-arm)
+	cp dockerFiles/marklogic-deps-ubi9-arm\:base dockerFiles/marklogic-deps-ubi9-rootless-arm\:base
+	cp dockerFiles/marklogic-server-ubi-rootless\:base dockerFiles/marklogic-server-ubi9-rootless-arm\:base
+endif
 
 # retrieve and copy open scap hardening script
 ifeq ($(findstring rootless,$(docker_image_type)),rootless)
-	[ -f scap-security-guide-${open_scap_version}.zip ] || curl -Lo scap-security-guide-${open_scap_version}.zip https://github.com/ComplianceAsCode/content/releases/download/v${open_scap_version}/scap-security-guide-${open_scap_version}.zip
+	[ -f scap-security-guide-${open_scap_version}.zip ] || curl -Lso scap-security-guide-${open_scap_version}.zip https://github.com/ComplianceAsCode/content/releases/download/v${open_scap_version}/scap-security-guide-${open_scap_version}.zip
 #UBI9 needs a different version of the remediation script
 ifeq ($(findstring ubi9,$(docker_image_type)),ubi9)
 	unzip -p scap-security-guide-${open_scap_version}.zip scap-security-guide-${open_scap_version}/bash/rhel9-script-cis.sh > src/rhel-script-cis.sh
@@ -45,7 +68,7 @@ endif
 	cd src/; docker build ${docker_build_options} -t "${repo_dir}/marklogic-server-${docker_image_type}:${dockerTag}" --build-arg BASE_IMAGE=${repo_dir}/marklogic-deps-${docker_image_type}:${dockerTag} --build-arg ML_RPM=${package} --build-arg ML_USER=marklogic_user --build-arg ML_DOCKER_VERSION=${dockerVersion} --build-arg ML_VERSION=${marklogicVersion} --build-arg ML_CONVERTERS=${converters} --build-arg BUILD_BRANCH=${build_branch} --build-arg ML_DOCKER_TYPE=${docker_image_type} -f ../dockerFiles/marklogic-server-${docker_image_type}:base .
 
 # remove temporary files
-	rm -f dockerFiles/marklogic-deps-ubi-rootless\:base dockerFiles/marklogic-deps-ubi9-rootless\:base dockerFiles/marklogic-server-ubi9-rootless\:base dockerFiles/marklogic-server-ubi9\:base src/NOTICE.txt src/rhel-script-cis.sh
+	rm -f dockerFiles/marklogic-deps-ubi-rootless\:base dockerFiles/marklogic-deps-ubi9-rootless\:base dockerFiles/marklogic-server-ubi9-rootless\:base dockerFiles/marklogic-server-ubi9\:base dockerFiles/marklogic-deps-ubi9-rootless-arm\:base dockerFiles/marklogic-server-ubi9-rootless-arm\:base src/NOTICE.txt src/rhel-script-cis.sh
 
 #***************************************************************************
 # strcture test docker images
@@ -134,7 +157,7 @@ endif
 #***************************************************************************
 scap-scan:
 	mkdir -p scap
-	[ -f scap-security-guide-${open_scap_version}.zip ] || curl -Lo scap-security-guide-${open_scap_version}.zip https://github.com/ComplianceAsCode/content/releases/download/v${open_scap_version}/scap-security-guide-${open_scap_version}.zip
+	[ -f scap-security-guide-${open_scap_version}.zip ] || curl -Lso scap-security-guide-${open_scap_version}.zip https://github.com/ComplianceAsCode/content/releases/download/v${open_scap_version}/scap-security-guide-${open_scap_version}.zip
 #UBI9 needs a different version of the evaluation profile
 ifeq ($(findstring ubi9,$(current_image)),ubi9)
 	unzip -p scap-security-guide-${open_scap_version}.zip scap-security-guide-${open_scap_version}/ssg-rhel9-ds.xml > scap/ssg-rhel-ds.xml

NOTICE.txt

@@ -1,6 +1,6 @@
 MarkLogic® Docker Container Image v2
 
-Copyright © 2018-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 
 This project is licensed under the Apache License, Version 2.0 (the "License"); you may not use this project except in compliance with the License. You may obtain a copy of the License at
 

dockerFiles/marklogic-deps-ubi9-arm:base

@@ -0,0 +1,28 @@
+###############################################################
+#
+#   Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+#
+###############################################################
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1764794109
+LABEL "com.marklogic.maintainer"="docker@marklogic.com"
+
+###############################################################
+# install libnsl rpm package
+###############################################################
+
+RUN rpm -i https://download.rockylinux.org/pub/rocky/9/BaseOS/aarch64/os/Packages/l/libnsl-2.34-231.el9_7.2.aarch64.rpm
+
+###############################################################
+# install networking, base deps and tzdata for timezone
+###############################################################
+# hadolint ignore=DL3006
+RUN echo "NETWORKING=yes" > /etc/sysconfig/network \
+    && microdnf -y install --setopt install_weak_deps=0 gdb nss libtool-ltdl cpio tzdata util-linux hostname \
+    && microdnf clean all
+
+
+###############################################################
+# Enable FIPS Mode
+###############################################################
+RUN update-crypto-policies --set FIPS

dockerFiles/marklogic-deps-ubi9:base

@@ -1,6 +1,6 @@
 ###############################################################
 #
-#   Copyright © 2018-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+#   Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 #
 ###############################################################
 

dockerFiles/marklogic-deps-ubi:base

@@ -1,6 +1,6 @@
 ###############################################################
 #
-#   Copyright © 2018-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+#   Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 #
 ###############################################################
 

dockerFiles/marklogic-server-ubi-rootless:base

@@ -149,7 +149,7 @@ RUN touch /.dockerenv \
 ###############################################################
 WORKDIR /
 COPY ${ML_CONVERTERS} /tmp/converters.rpm
-RUN chown ${ML_USER}:users /tmp/converters.rpm
+RUN if [ -s /tmp/converters.rpm ]; then chown ${ML_USER}:users /tmp/converters.rpm; else rm -f /tmp/converters.rpm; fi
 
 ###############################################################
 # Remove optional packages that have known vulnerabilities