28 Commits

Author	SHA1	Message	Date
Billy D.	3bc0b848de	fix(ci): add amdsmi-shim to paths filter ... Changes to the amdsmi-shim package should trigger image rebuilds.	2026-02-06 08:52:33 -05:00
Billy D.	5f1873908f	overhaul image builds.	2026-02-06 07:47:37 -05:00
Billy D.	5606a9a626	fix: notify job and registry push issues	2026-02-05 06:04:09 -05:00
Billy D.	bc3c115b90	fix: Use internal HTTP endpoint with buildx config and direct auth ... - Back to internal endpoint (avoids Cloudflare 100MB limit) - buildkitd-config-inline: http=true, insecure=true for HTTP registry - Create ~/.docker/config.json directly with base64 auth - No docker login command (it defaults to HTTPS) - Buildx reads config.json for push authentication	2026-02-04 18:08:28 -05:00
Billy D.	dd6c400581	fix: Use external HTTPS endpoint with valid cert for registry ... Simplify approach - use git.daviestechlabs.io external endpoint which has valid Let's Encrypt cert. Much cleaner than fighting with HTTP/HTTPS issues on internal endpoints. - Remove buildkitd-config-inline (not needed for valid HTTPS) - Remove manual config.json creation - Use standard docker/login-action for Gitea registry	2026-02-04 18:01:58 -05:00
Billy D.	a77d5db274	fix: Create docker config.json directly for buildx auth ... Bypass docker login command which requires daemon configuration. Instead, create ~/.docker/config.json directly with base64 auth. Buildx uses this config for registry authentication during push.	2026-02-04 17:53:02 -05:00
Billy D.	9e9a93b838	fix: Use internal HTTP endpoint for rootless DinD runner ... - Switch from external HTTPS to internal HTTP (gitea-http.gitea.svc.cluster.local:3000) - Remove sudo commands that don't work in rootless Docker-in-Docker - Use direct docker login with --password-stdin for compatibility - Add http=true to buildkitd config for HTTP registry	2026-02-04 15:27:53 -05:00
Billy D.	110d1eab55	fix: Configure Docker daemon for insecure registry before login ... The docker/login-action needs the registry marked as insecure in the Docker daemon config, not just in buildkitd. This adds a step to configure /etc/docker/daemon.json with insecure-registries before attempting to login.	2026-02-04 15:18:06 -05:00
Billy D.	e299f6476e	fix: Use external registry URL for proper Bearer token auth ... Gitea's container registry uses Bearer token auth with realm pointing to external URL. Changed from internal K8s service URL to registry.lab.daviestechlabs.io for proper auth flow. Also removed insecure registry buildx config since using HTTPS now.	2026-02-04 08:13:35 -05:00
Billy D.	5cb79a0fe7	fix: Use docker/login-action for buildx registry authentication ... docker login doesn't properly propagate credentials to buildx builders. docker/login-action handles this correctly and creates proper ~/.docker/config.json	2026-02-04 08:00:12 -05:00
Billy D.	338b668388	feat: Add semantic versioning based on commit message prefixes ... - Added determine-version job that runs BEFORE builds - Version bump based on commit message: - major: or BREAKING CHANGE → major bump - minor:, feat:, or feature: → minor bump - everything else → patch bump - All build jobs now depend on determine-version - Images tagged with calculated version (e.g. v1.2.3) + latest - Release job creates git tag after successful builds - Notify job includes version info in notifications - PRs get tagged with pr-<number> - Manual tag pushes use tag directly (no version recalculation)	2026-02-03 22:30:48 -05:00
Billy D.	96921fe799	fix: workflow conditions for push events ... The if conditions were checking github.event.inputs.image == '' which fails for push events where inputs is undefined. Changed logic to run all builds unless this is a workflow_dispatch with a specific image selected.	2026-02-03 21:39:17 -05:00
Billy D.	a8943c79ad	refactor: remove ray-serve (moved to dedicated repo) ... Implements ADR-0024: Ray Repository Structure ray-serve is now a standalone PyPI package repo: - https://git.daviestechlabs.io/billy/ray-serve kuberay-images now contains only Docker images for Ray workers	2026-02-03 07:45:48 -05:00
Billy D.	8af9d04210	fix(ci): configure Docker buildx for insecure HTTP registry	2026-02-02 17:21:39 -05:00
Billy D.	456f08ec81	fix: use internal K8s service URL for container registry ... - Switch from external git.daviestechlabs.io to internal gitea-http.gitea.svc - Avoids Cloudflare/Authentik routing since runner is in-cluster - Add REGISTRY_HOST env var for login steps	2026-02-02 13:28:51 -05:00
Billy D.	4e813cea64	fix: use twine for PyPI upload with internal URL ... Replaces curl-based upload with twine which handles the PyPI upload protocol correctly. Uses TWINE_REPOSITORY_URL env var to point to internal Gitea service.	2026-02-02 12:40:33 -05:00
Billy D.	7b4871f554	debug: check if secrets are being passed	2026-02-02 12:20:39 -05:00
Billy D.	e497fe110d	ci: use internal cluster service URL for PyPI upload	2026-02-02 12:14:01 -05:00
Billy D.	a4ee672c19	feat: correct ntfy topic.	2026-02-02 12:01:37 -05:00
Billy D.	280c08722f	ci: use curl for PyPI upload with SSL skip ... [ray-serve only] Twine lacks SSL skip option, use curl -k for self-signed internal cert	2026-02-02 11:31:22 -05:00
Billy D.	072cb233c7	ci: disable SSL verification for internal registry ... [ray-serve only] Self-signed cert on internal network requires --disable-certificate-verification	2026-02-02 11:25:17 -05:00
Billy D.	1943a77992	ci: use internal registry URL for PyPI uploads (ADR-0020) ... [ray-serve only] Bypass Cloudflare 100MB limit by using registry.lab.daviestechlabs.io	2026-02-02 11:19:33 -05:00
Billy D.	16f6199534	ci: add [skip images] support and trigger ray-serve publish ... [ray-serve only] - Add skip conditions to all image build jobs - Commit message [skip images] or [ray-serve only] skips image builds - Touch ray_serve/__init__.py to trigger publish workflow	2026-02-02 11:02:12 -05:00
Billy D.	bf93c5d7f4	ci: add path filters to avoid building images on ray-serve changes ... Only trigger image builds when dockerfiles/ changes. ray-serve package changes now only trigger publish-ray-serve.yaml.	2026-02-02 10:59:17 -05:00
Billy D.	7efdcb059e	feat: add pyproject.toml and CI for ray-serve-apps package ... - Restructure ray-serve as proper Python package (ray_serve/) - Add pyproject.toml with hatch build system - Add CI workflow to publish to Gitea PyPI - Add py.typed for PEP 561 compliance - Aligns with ADR-0019 handler deployment strategy	2026-02-02 09:22:03 -05:00
Billy D.	876188a150	feat: add ntfy notifications and semantic versioning (ADR-0015)	2026-02-02 08:00:33 -05:00
Billy D.	e1529ad923	ci: fix registry login - skip on PRs, add Docker Hub auth ... - Only login to Gitea registry on push (not PRs) - Add optional Docker Hub login to avoid pull rate limits - Requires REGISTRY_USER, REGISTRY_TOKEN secrets in Gitea - Optional: DOCKERHUB_USERNAME (var) + DOCKERHUB_TOKEN (secret)	2026-02-02 07:35:20 -05:00
Billy D.	a16ffff73f	feat: Add GPU-specific Ray worker images with CI/CD ... - Add Dockerfiles for nvidia, rdna2, strixhalo, and intel GPU targets - Add ray-serve modules (embeddings, whisper, tts, llm, reranker) - Add Gitea Actions workflow for automated builds - Add Makefile for local development - Update README with comprehensive documentation	2026-02-01 15:04:31 -05:00