name: Build and Push Images on: push: branches: - main tags: - 'v*' paths: - 'dockerfiles/**' - 'amdsmi-shim/**' - '.gitea/workflows/build-push.yaml' pull_request: branches: - main paths: - 'dockerfiles/**' - 'amdsmi-shim/**' - '.gitea/workflows/build-push.yaml' workflow_dispatch: inputs: image: description: 'Image to build (all, nvidia, rdna2, strixhalo, intel)' required: false default: 'all' env: # Use internal HTTP endpoint (avoids Cloudflare 100MB limit and HTTPS issues) REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000 NTFY_URL: http://ntfy.observability.svc.cluster.local:80 jobs: # Determine semantic version BEFORE building images determine-version: runs-on: ubuntu-latest outputs: version: ${{ steps.version.outputs.version }} bump: ${{ steps.version.outputs.bump }} should_release: ${{ steps.version.outputs.should_release }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Calculate semantic version id: version run: | # Skip version calculation for PRs and tag pushes if [[ "${{ github.event_name }}" == "pull_request" ]]; then echo "version=pr-${{ github.event.number }}" >> $GITHUB_OUTPUT echo "bump=none" >> $GITHUB_OUTPUT echo "should_release=false" >> $GITHUB_OUTPUT exit 0 fi # For tag pushes, use the tag directly if [[ "${{ github.ref }}" == refs/tags/v* ]]; then VERSION="${{ github.ref_name }}" echo "version=$VERSION" >> $GITHUB_OUTPUT echo "bump=tag" >> $GITHUB_OUTPUT echo "should_release=false" >> $GITHUB_OUTPUT exit 0 fi # Get latest tag or default to v0.0.0 LATEST=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0") VERSION=${LATEST#v} IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION" # Check commit message for version bump keywords MSG="${{ github.event.head_commit.message }}" if echo "$MSG" | grep -qiE "^major:|BREAKING CHANGE"; then MAJOR=$((MAJOR + 1)); MINOR=0; PATCH=0 BUMP="major" elif echo "$MSG" | grep -qiE "^(minor:|feat:|feature:)"; then MINOR=$((MINOR + 1)); PATCH=0 BUMP="minor" else PATCH=$((PATCH + 1)) BUMP="patch" fi NEW_VERSION="v${MAJOR}.${MINOR}.${PATCH}" echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT echo "bump=$BUMP" >> $GITHUB_OUTPUT echo "should_release=true" >> $GITHUB_OUTPUT echo "📦 Version: $LATEST → $NEW_VERSION ($BUMP bump)" # Build all GPU worker images using a matrix strategy # Runs sequentially on single runner, but one job definition = simpler dependency graph build: needs: [determine-version] if: "!contains(github.event.head_commit.message, '[skip images]') && !contains(github.event.head_commit.message, '[ray-serve only]')" runs-on: ubuntu-latest strategy: fail-fast: false matrix: include: - name: nvidia dockerfile: Dockerfile.ray-worker-nvidia - name: rdna2 dockerfile: Dockerfile.ray-worker-rdna2 - name: strixhalo dockerfile: Dockerfile.ray-worker-strixhalo - name: intel dockerfile: Dockerfile.ray-worker-intel steps: # For workflow_dispatch, allow building a single image - name: Check if should build this variant id: check run: | if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then INPUT="${{ github.event.inputs.image }}" if [[ -n "$INPUT" && "$INPUT" != "all" && "$INPUT" != "${{ matrix.name }}" ]]; then echo "skip=true" >> $GITHUB_OUTPUT echo "⏭ Skipping ${{ matrix.name }} (dispatch requested: $INPUT)" exit 0 fi fi echo "skip=false" >> $GITHUB_OUTPUT echo "🔨 Building ${{ matrix.name }}" - name: Checkout if: steps.check.outputs.skip != 'true' uses: actions/checkout@v4 # Clean stale buildx builders from persistent Docker cache (prevents GPU capability errors) - name: Clean stale buildx builders if: steps.check.outputs.skip != 'true' run: | for b in $(docker buildx ls --format '{{.Name}}' 2>/dev/null | grep -v default | grep -v '\*' | sort -u); do docker buildx rm "$b" --force 2>/dev/null || true done docker container prune --force 2>/dev/null || true - name: Set up Docker Buildx if: steps.check.outputs.skip != 'true' uses: docker/setup-buildx-action@v3 with: buildkitd-config-inline: | [registry."gitea-http.gitea.svc.cluster.local:3000"] http = true insecure = true - name: Login to Docker Hub if: steps.check.outputs.skip != 'true' && vars.DOCKERHUB_USERNAME != '' uses: docker/login-action@v3 with: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Configure Gitea Registry Auth if: steps.check.outputs.skip != 'true' && github.event_name != 'pull_request' run: | AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0) mkdir -p ~/.docker cat > ~/.docker/config.json << EOF { "auths": { "${{ env.REGISTRY_HOST }}": { "auth": "$AUTH" } } } EOF echo "Auth configured for ${{ env.REGISTRY_HOST }}" - name: Extract metadata if: steps.check.outputs.skip != 'true' id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/ray-worker-${{ matrix.name }} tags: | type=raw,value=${{ needs.determine-version.outputs.version }} type=raw,value=latest,enable={{is_default_branch}} - name: Build and push if: steps.check.outputs.skip != 'true' uses: docker/build-push-action@v5 with: context: . file: dockerfiles/${{ matrix.dockerfile }} push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ env.REGISTRY }}/ray-worker-${{ matrix.name }}:buildcache cache-to: type=registry,ref=${{ env.REGISTRY }}/ray-worker-${{ matrix.name }}:buildcache,mode=max,image-manifest=true,compression=zstd release: name: Release runs-on: ubuntu-latest needs: [determine-version, build] if: "needs.determine-version.outputs.should_release == 'true' && github.ref == 'refs/heads/main' && github.event_name == 'push'" steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Create and push tag run: | VERSION="${{ needs.determine-version.outputs.version }}" BUMP="${{ needs.determine-version.outputs.bump }}" echo "📦 Creating release tag: $VERSION ($BUMP bump)" git config user.name "gitea-actions[bot]" git config user.email "actions@git.daviestechlabs.io" git tag -a "$VERSION" -m "Release $VERSION ($BUMP)" git push origin "$VERSION" notify: name: Notify runs-on: ubuntu-latest needs: [determine-version, build] if: always() steps: - name: Notify on success if: "needs.build.result == 'success' || needs.build.result == 'skipped'" run: | curl -s \ -H "Title: ✅ Images Built: ${{ gitea.repository }}" \ -H "Priority: default" \ -H "Tags: white_check_mark,docker" \ -H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \ -d "Branch: ${{ gitea.ref_name }} Version: ${{ needs.determine-version.outputs.version }} (${{ needs.determine-version.outputs.bump }}) Build: ${{ needs.build.result }}" \ ${{ env.NTFY_URL }}/gitea-ci - name: Notify on failure or cancellation if: "needs.build.result == 'failure' || needs.build.result == 'cancelled'" run: | curl -s \ -H "Title: ❌ Image Build Failed: ${{ gitea.repository }}" \ -H "Priority: high" \ -H "Tags: x,docker" \ -H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \ -d "Branch: ${{ gitea.ref_name }} Version: ${{ needs.determine-version.outputs.version }} Build: ${{ needs.build.result }}" \ ${{ env.NTFY_URL }}/gitea-ci