Billy D.
bc3c115b90
Some checks failed
Build and Push Images / determine-version (push) Successful in 1m24s
Build and Push Images / build-rdna2 (push) Failing after 3h11m33s
Build and Push Images / build-nvidia (push) Failing after 3h11m35s
Build and Push Images / build-intel (push) Failing after 17m53s
Build and Push Images / build-strixhalo (push) Failing after 3h11m34s
Build and Push Images / Release (push) Has been cancelled
Build and Push Images / Notify (push) Has been cancelled
- Back to internal endpoint (avoids Cloudflare 100MB limit) - buildkitd-config-inline: http=true, insecure=true for HTTP registry - Create ~/.docker/config.json directly with base64 auth - No docker login command (it defaults to HTTPS) - Buildx reads config.json for push authentication
410 lines
15 KiB
YAML
410 lines
15 KiB
YAML
name: Build and Push Images
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
tags:
|
|
- 'v*'
|
|
paths:
|
|
- 'dockerfiles/**'
|
|
- '.gitea/workflows/build-push.yaml'
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- 'dockerfiles/**'
|
|
- '.gitea/workflows/build-push.yaml'
|
|
workflow_dispatch:
|
|
inputs:
|
|
image:
|
|
description: 'Image to build (all, nvidia, rdna2, strixhalo, intel)'
|
|
required: false
|
|
default: 'all'
|
|
|
|
env:
|
|
# Use internal HTTP endpoint (avoids Cloudflare 100MB limit and HTTPS issues)
|
|
REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs
|
|
REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000
|
|
NTFY_URL: http://ntfy.observability.svc.cluster.local:80
|
|
|
|
jobs:
|
|
# Determine semantic version BEFORE building images
|
|
determine-version:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.version.outputs.version }}
|
|
bump: ${{ steps.version.outputs.bump }}
|
|
should_release: ${{ steps.version.outputs.should_release }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Calculate semantic version
|
|
id: version
|
|
run: |
|
|
# Skip version calculation for PRs and tag pushes
|
|
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
|
|
echo "version=pr-${{ github.event.number }}" >> $GITHUB_OUTPUT
|
|
echo "bump=none" >> $GITHUB_OUTPUT
|
|
echo "should_release=false" >> $GITHUB_OUTPUT
|
|
exit 0
|
|
fi
|
|
|
|
# For tag pushes, use the tag directly
|
|
if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
|
|
VERSION="${{ github.ref_name }}"
|
|
echo "version=$VERSION" >> $GITHUB_OUTPUT
|
|
echo "bump=tag" >> $GITHUB_OUTPUT
|
|
echo "should_release=false" >> $GITHUB_OUTPUT
|
|
exit 0
|
|
fi
|
|
|
|
# Get latest tag or default to v0.0.0
|
|
LATEST=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
|
|
VERSION=${LATEST#v}
|
|
IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION"
|
|
|
|
# Check commit message for version bump keywords
|
|
MSG="${{ github.event.head_commit.message }}"
|
|
if echo "$MSG" | grep -qiE "^major:|BREAKING CHANGE"; then
|
|
MAJOR=$((MAJOR + 1)); MINOR=0; PATCH=0
|
|
BUMP="major"
|
|
elif echo "$MSG" | grep -qiE "^(minor:|feat:|feature:)"; then
|
|
MINOR=$((MINOR + 1)); PATCH=0
|
|
BUMP="minor"
|
|
else
|
|
PATCH=$((PATCH + 1))
|
|
BUMP="patch"
|
|
fi
|
|
|
|
NEW_VERSION="v${MAJOR}.${MINOR}.${PATCH}"
|
|
echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT
|
|
echo "bump=$BUMP" >> $GITHUB_OUTPUT
|
|
echo "should_release=true" >> $GITHUB_OUTPUT
|
|
echo "📦 Version: $LATEST → $NEW_VERSION ($BUMP bump)"
|
|
|
|
build-nvidia:
|
|
needs: [determine-version]
|
|
# Skip if commit message contains [skip images] or [ray-serve only]
|
|
if: |
|
|
!contains(github.event.head_commit.message, '[skip images]') &&
|
|
!contains(github.event.head_commit.message, '[ray-serve only]') &&
|
|
(github.event_name != 'workflow_dispatch' || github.event.inputs.image == 'all' || github.event.inputs.image == 'nvidia')
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
buildkitd-config-inline: |
|
|
[registry."gitea-http.gitea.svc.cluster.local:3000"]
|
|
http = true
|
|
insecure = true
|
|
|
|
# Login to Docker Hub to avoid pull rate limits
|
|
- name: Login to Docker Hub
|
|
if: vars.DOCKERHUB_USERNAME != ''
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ vars.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
# Configure Gitea registry auth (create config.json directly for HTTP registry)
|
|
- name: Configure Gitea Registry Auth
|
|
if: github.event_name != 'pull_request'
|
|
run: |
|
|
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
|
|
mkdir -p ~/.docker
|
|
cat > ~/.docker/config.json << EOF
|
|
{
|
|
"auths": {
|
|
"${{ env.REGISTRY_HOST }}": {
|
|
"auth": "$AUTH"
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
echo "Auth configured for ${{ env.REGISTRY_HOST }}"
|
|
|
|
- name: Extract metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/ray-worker-nvidia
|
|
tags: |
|
|
type=raw,value=${{ needs.determine-version.outputs.version }}
|
|
type=raw,value=latest,enable={{is_default_branch}}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: dockerfiles/Dockerfile.ray-worker-nvidia
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
build-rdna2:
|
|
needs: [determine-version]
|
|
if: |
|
|
!contains(github.event.head_commit.message, '[skip images]') &&
|
|
!contains(github.event.head_commit.message, '[ray-serve only]') &&
|
|
(github.event_name != 'workflow_dispatch' || github.event.inputs.image == 'all' || github.event.inputs.image == 'rdna2')
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
buildkitd-config-inline: |
|
|
[registry."gitea-http.gitea.svc.cluster.local:3000"]
|
|
http = true
|
|
insecure = true
|
|
|
|
- name: Login to Docker Hub
|
|
if: vars.DOCKERHUB_USERNAME != ''
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ vars.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
# Configure Gitea registry auth (create config.json directly for HTTP registry)
|
|
- name: Configure Gitea Registry Auth
|
|
if: github.event_name != 'pull_request'
|
|
run: |
|
|
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
|
|
mkdir -p ~/.docker
|
|
cat > ~/.docker/config.json << EOF
|
|
{
|
|
"auths": {
|
|
"${{ env.REGISTRY_HOST }}": {
|
|
"auth": "$AUTH"
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
echo "Auth configured for ${{ env.REGISTRY_HOST }}"
|
|
|
|
- name: Extract metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/ray-worker-rdna2
|
|
tags: |
|
|
type=raw,value=${{ needs.determine-version.outputs.version }}
|
|
type=raw,value=latest,enable={{is_default_branch}}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: dockerfiles/Dockerfile.ray-worker-rdna2
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
build-strixhalo:
|
|
needs: [determine-version]
|
|
if: |
|
|
!contains(github.event.head_commit.message, '[skip images]') &&
|
|
!contains(github.event.head_commit.message, '[ray-serve only]') &&
|
|
(github.event_name != 'workflow_dispatch' || github.event.inputs.image == 'all' || github.event.inputs.image == 'strixhalo')
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
buildkitd-config-inline: |
|
|
[registry."gitea-http.gitea.svc.cluster.local:3000"]
|
|
http = true
|
|
insecure = true
|
|
|
|
- name: Login to Docker Hub
|
|
if: vars.DOCKERHUB_USERNAME != ''
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ vars.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
# Configure Gitea registry auth (create config.json directly for HTTP registry)
|
|
- name: Configure Gitea Registry Auth
|
|
if: github.event_name != 'pull_request'
|
|
run: |
|
|
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
|
|
mkdir -p ~/.docker
|
|
cat > ~/.docker/config.json << EOF
|
|
{
|
|
"auths": {
|
|
"${{ env.REGISTRY_HOST }}": {
|
|
"auth": "$AUTH"
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
echo "Auth configured for ${{ env.REGISTRY_HOST }}"
|
|
|
|
- name: Extract metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/ray-worker-strixhalo
|
|
tags: |
|
|
type=raw,value=${{ needs.determine-version.outputs.version }}
|
|
type=raw,value=latest,enable={{is_default_branch}}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: dockerfiles/Dockerfile.ray-worker-strixhalo
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
build-intel:
|
|
needs: [determine-version]
|
|
if: |
|
|
!contains(github.event.head_commit.message, '[skip images]') &&
|
|
!contains(github.event.head_commit.message, '[ray-serve only]') &&
|
|
(github.event_name != 'workflow_dispatch' || github.event.inputs.image == 'all' || github.event.inputs.image == 'intel')
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
buildkitd-config-inline: |
|
|
[registry."gitea-http.gitea.svc.cluster.local:3000"]
|
|
http = true
|
|
insecure = true
|
|
|
|
- name: Login to Docker Hub
|
|
if: vars.DOCKERHUB_USERNAME != ''
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ vars.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
# Configure Gitea registry auth (create config.json directly for HTTP registry)
|
|
- name: Configure Gitea Registry Auth
|
|
if: github.event_name != 'pull_request'
|
|
run: |
|
|
AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
|
|
mkdir -p ~/.docker
|
|
cat > ~/.docker/config.json << EOF
|
|
{
|
|
"auths": {
|
|
"${{ env.REGISTRY_HOST }}": {
|
|
"auth": "$AUTH"
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
echo "Auth configured for ${{ env.REGISTRY_HOST }}"
|
|
|
|
- name: Extract metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/ray-worker-intel
|
|
tags: |
|
|
type=raw,value=${{ needs.determine-version.outputs.version }}
|
|
type=raw,value=latest,enable={{is_default_branch}}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: dockerfiles/Dockerfile.ray-worker-intel
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
needs: [determine-version, build-nvidia, build-rdna2, build-strixhalo, build-intel]
|
|
if: needs.determine-version.outputs.should_release == 'true' && gitea.ref == 'refs/heads/main' && gitea.event_name == 'push'
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Create and push tag
|
|
run: |
|
|
VERSION="${{ needs.determine-version.outputs.version }}"
|
|
BUMP="${{ needs.determine-version.outputs.bump }}"
|
|
echo "📦 Creating release tag: $VERSION ($BUMP bump)"
|
|
git config user.name "gitea-actions[bot]"
|
|
git config user.email "actions@git.daviestechlabs.io"
|
|
git tag -a "$VERSION" -m "Release $VERSION ($BUMP)"
|
|
git push origin "$VERSION"
|
|
|
|
notify:
|
|
name: Notify
|
|
runs-on: ubuntu-latest
|
|
needs: [determine-version, build-nvidia, build-rdna2, build-strixhalo, build-intel, release]
|
|
if: always()
|
|
steps:
|
|
- name: Notify on success
|
|
if: |
|
|
(needs.build-nvidia.result == 'success' || needs.build-nvidia.result == 'skipped') &&
|
|
(needs.build-rdna2.result == 'success' || needs.build-rdna2.result == 'skipped') &&
|
|
(needs.build-strixhalo.result == 'success' || needs.build-strixhalo.result == 'skipped') &&
|
|
(needs.build-intel.result == 'success' || needs.build-intel.result == 'skipped')
|
|
run: |
|
|
curl -s \
|
|
-H "Title: ✅ Images Built: ${{ gitea.repository }}" \
|
|
-H "Priority: default" \
|
|
-H "Tags: white_check_mark,docker" \
|
|
-H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \
|
|
-d "Branch: ${{ gitea.ref_name }}
|
|
Version: ${{ needs.determine-version.outputs.version }} (${{ needs.determine-version.outputs.bump }})
|
|
nvidia: ${{ needs.build-nvidia.result }}
|
|
rdna2: ${{ needs.build-rdna2.result }}
|
|
strixhalo: ${{ needs.build-strixhalo.result }}
|
|
intel: ${{ needs.build-intel.result }}
|
|
Release: ${{ needs.release.result == 'success' && 'created' || 'skipped' }}" \
|
|
${{ env.NTFY_URL }}/gitea-ci
|
|
|
|
- name: Notify on failure
|
|
if: |
|
|
needs.build-nvidia.result == 'failure' ||
|
|
needs.build-rdna2.result == 'failure' ||
|
|
needs.build-strixhalo.result == 'failure' ||
|
|
needs.build-intel.result == 'failure'
|
|
run: |
|
|
curl -s \
|
|
-H "Title: ❌ Image Build Failed: ${{ gitea.repository }}" \
|
|
-H "Priority: high" \
|
|
-H "Tags: x,docker" \
|
|
-H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \
|
|
-d "Branch: ${{ gitea.ref_name }}
|
|
Version: ${{ needs.determine-version.outputs.version }}
|
|
nvidia: ${{ needs.build-nvidia.result }}
|
|
rdna2: ${{ needs.build-rdna2.result }}
|
|
strixhalo: ${{ needs.build-strixhalo.result }}
|
|
intel: ${{ needs.build-intel.result }}" \
|
|
${{ env.NTFY_URL }}/gitea-ci
|