daviestechlabs/kuberay-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e299f6476eb3ed82525b596e4bf51117faffa1b0
kuberay-images/.gitea/workflows/build-push.yaml
Billy D. e299f6476e
Some checks failed
Build and Push Images / determine-version (push) Successful in 1m32s
Details
Build and Push Images / build-nvidia (push) Failing after 6m47s
Details
Build and Push Images / build-rdna2 (push) Failing after 7m8s
Details
Build and Push Images / build-strixhalo (push) Failing after 6m35s
Details
Build and Push Images / build-intel (push) Failing after 6m35s
Details
Build and Push Images / Release (push) Has been skipped
Details
Build and Push Images / Notify (push) Successful in 2s
Details
fix: Use external registry URL for proper Bearer token auth 
Gitea's container registry uses Bearer token auth with realm pointing
to external URL. Changed from internal K8s service URL to
registry.lab.daviestechlabs.io for proper auth flow.

Also removed insecure registry buildx config since using HTTPS now.
2026-02-04 08:13:35 -05:00

371 lines
13 KiB
YAML
Raw Blame History

name: Build and Push Images
on:
push:
branches:
- main
tags:
- 'v*'
paths:
- 'dockerfiles/**'
- '.gitea/workflows/build-push.yaml'
pull_request:
branches:
- main
paths:
- 'dockerfiles/**'
- '.gitea/workflows/build-push.yaml'
workflow_dispatch:
inputs:
image:
description: 'Image to build (all, nvidia, rdna2, strixhalo, intel)'
required: false
default: 'all'
env:
# Use external registry URL for proper Bearer token auth flow
REGISTRY: registry.lab.daviestechlabs.io/daviestechlabs
REGISTRY_HOST: registry.lab.daviestechlabs.io
NTFY_URL: http://ntfy.observability.svc.cluster.local:80
jobs:
# Determine semantic version BEFORE building images
determine-version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
bump: ${{ steps.version.outputs.bump }}
should_release: ${{ steps.version.outputs.should_release }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Calculate semantic version
id: version
run: |
# Skip version calculation for PRs and tag pushes
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
echo "version=pr-${{ github.event.number }}" >> $GITHUB_OUTPUT
echo "bump=none" >> $GITHUB_OUTPUT
echo "should_release=false" >> $GITHUB_OUTPUT
exit 0
fi
# For tag pushes, use the tag directly
if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
VERSION="${{ github.ref_name }}"
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "bump=tag" >> $GITHUB_OUTPUT
echo "should_release=false" >> $GITHUB_OUTPUT
exit 0
fi
# Get latest tag or default to v0.0.0
LATEST=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
VERSION=${LATEST#v}
IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION"
# Check commit message for version bump keywords
MSG="${{ github.event.head_commit.message }}"
if echo "$MSG" | grep -qiE "^major:|BREAKING CHANGE"; then
MAJOR=$((MAJOR + 1)); MINOR=0; PATCH=0
BUMP="major"
elif echo "$MSG" | grep -qiE "^(minor:|feat:|feature:)"; then
MINOR=$((MINOR + 1)); PATCH=0
BUMP="minor"
else
PATCH=$((PATCH + 1))
BUMP="patch"
fi
NEW_VERSION="v${MAJOR}.${MINOR}.${PATCH}"
echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT
echo "bump=$BUMP" >> $GITHUB_OUTPUT
echo "should_release=true" >> $GITHUB_OUTPUT
echo "📦 Version: $LATEST → $NEW_VERSION ($BUMP bump)"
build-nvidia:
needs: [determine-version]
# Skip if commit message contains [skip images] or [ray-serve only]
if: |
!contains(github.event.head_commit.message, '[skip images]') &&
!contains(github.event.head_commit.message, '[ray-serve only]') &&
(github.event_name != 'workflow_dispatch' || github.event.inputs.image == 'all' || github.event.inputs.image == 'nvidia')
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."registry.lab.daviestechlabs.io"]
insecure = true
# Login to Docker Hub to avoid pull rate limits
- name: Login to Docker Hub
if: vars.DOCKERHUB_USERNAME != ''
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# Login to Gitea registry (uses docker/login-action for buildx compatibility)
- name: Login to Gitea Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/ray-worker-nvidia
tags: |
type=raw,value=${{ needs.determine-version.outputs.version }}
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: dockerfiles/Dockerfile.ray-worker-nvidia
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-rdna2:
needs: [determine-version]
if: |
!contains(github.event.head_commit.message, '[skip images]') &&
!contains(github.event.head_commit.message, '[ray-serve only]') &&
(github.event_name != 'workflow_dispatch' || github.event.inputs.image == 'all' || github.event.inputs.image == 'rdna2')
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."registry.lab.daviestechlabs.io"]
insecure = true
- name: Login to Docker Hub
if: vars.DOCKERHUB_USERNAME != ''
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Gitea Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/ray-worker-rdna2
tags: |
type=raw,value=${{ needs.determine-version.outputs.version }}
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: dockerfiles/Dockerfile.ray-worker-rdna2
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-strixhalo:
needs: [determine-version]
if: |
!contains(github.event.head_commit.message, '[skip images]') &&
!contains(github.event.head_commit.message, '[ray-serve only]') &&
(github.event_name != 'workflow_dispatch' || github.event.inputs.image == 'all' || github.event.inputs.image == 'strixhalo')
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."registry.lab.daviestechlabs.io"]
insecure = true
- name: Login to Docker Hub
if: vars.DOCKERHUB_USERNAME != ''
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Gitea Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/ray-worker-strixhalo
tags: |
type=raw,value=${{ needs.determine-version.outputs.version }}
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: dockerfiles/Dockerfile.ray-worker-strixhalo
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-intel:
needs: [determine-version]
if: |
!contains(github.event.head_commit.message, '[skip images]') &&
!contains(github.event.head_commit.message, '[ray-serve only]') &&
(github.event_name != 'workflow_dispatch' || github.event.inputs.image == 'all' || github.event.inputs.image == 'intel')
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."registry.lab.daviestechlabs.io"]
insecure = true
- name: Login to Docker Hub
if: vars.DOCKERHUB_USERNAME != ''
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Gitea Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/ray-worker-intel
tags: |
type=raw,value=${{ needs.determine-version.outputs.version }}
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: dockerfiles/Dockerfile.ray-worker-intel
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
release:
name: Release
runs-on: ubuntu-latest
needs: [determine-version, build-nvidia, build-rdna2, build-strixhalo, build-intel]
if: needs.determine-version.outputs.should_release == 'true' && gitea.ref == 'refs/heads/main' && gitea.event_name == 'push'
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Create and push tag
run: |
VERSION="${{ needs.determine-version.outputs.version }}"
BUMP="${{ needs.determine-version.outputs.bump }}"
echo "📦 Creating release tag: $VERSION ($BUMP bump)"
git config user.name "gitea-actions[bot]"
git config user.email "actions@git.daviestechlabs.io"
git tag -a "$VERSION" -m "Release $VERSION ($BUMP)"
git push origin "$VERSION"
notify:
name: Notify
runs-on: ubuntu-latest
needs: [determine-version, build-nvidia, build-rdna2, build-strixhalo, build-intel, release]
if: always()
steps:
- name: Notify on success
if: |
(needs.build-nvidia.result == 'success' || needs.build-nvidia.result == 'skipped') &&
(needs.build-rdna2.result == 'success' || needs.build-rdna2.result == 'skipped') &&
(needs.build-strixhalo.result == 'success' || needs.build-strixhalo.result == 'skipped') &&
(needs.build-intel.result == 'success' || needs.build-intel.result == 'skipped')
run: |
curl -s \
-H "Title: ✅ Images Built: ${{ gitea.repository }}" \
-H "Priority: default" \
-H "Tags: white_check_mark,docker" \
-H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \
-d "Branch: ${{ gitea.ref_name }}
Version: ${{ needs.determine-version.outputs.version }} (${{ needs.determine-version.outputs.bump }})
nvidia: ${{ needs.build-nvidia.result }}
rdna2: ${{ needs.build-rdna2.result }}
strixhalo: ${{ needs.build-strixhalo.result }}
intel: ${{ needs.build-intel.result }}
Release: ${{ needs.release.result == 'success' && 'created' || 'skipped' }}" \
${{ env.NTFY_URL }}/gitea-ci
- name: Notify on failure
if: |
needs.build-nvidia.result == 'failure' ||
needs.build-rdna2.result == 'failure' ||
needs.build-strixhalo.result == 'failure' ||
needs.build-intel.result == 'failure'
run: |
curl -s \
-H "Title: ❌ Image Build Failed: ${{ gitea.repository }}" \
-H "Priority: high" \
-H "Tags: x,docker" \
-H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \
-d "Branch: ${{ gitea.ref_name }}
Version: ${{ needs.determine-version.outputs.version }}
nvidia: ${{ needs.build-nvidia.result }}
rdna2: ${{ needs.build-rdna2.result }}
strixhalo: ${{ needs.build-strixhalo.result }}
intel: ${{ needs.build-intel.result }}" \
${{ env.NTFY_URL }}/gitea-ci
Reference in New Issue View Git Blame Copy Permalink