OpenShell/.github/workflows/docker-build.yml at main · htekdev/OpenShell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
name: Docker Build

on:
  workflow_call:
    inputs:
      component:
        description: "Component to build (gateway, cluster)"
        required: true
        type: string
      timeout-minutes:
        description: "Job timeout in minutes"
        required: false
        type: number
        default: 20
      push:
        description: "Push image to registry"
        required: false
        type: boolean
        default: true
      platform:
        description: "Target platform(s) for Docker build"
        required: false
        type: string
        default: "linux/amd64,linux/arm64"
      runner:
        description: "GitHub Actions runner label"
        required: false
        type: string
        default: "build-amd64"
      cargo-version:
        description: "Pre-computed cargo version (skips internal git-based computation)"
        required: false
        type: string
        default: ""

env:
  MISE_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  SCCACHE_MEMCACHED_ENDPOINT: ${{ vars.SCCACHE_MEMCACHED_ENDPOINT }}

permissions:
  contents: read
  packages: write

jobs:
  build:
    name: Build ${{ inputs.component }}
    runs-on: ${{ inputs.runner }}
    timeout-minutes: ${{ inputs.timeout-minutes }}
    container:
      image: ghcr.io/nvidia/openshell/ci:latest
      credentials:
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}
      options: --privileged
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock
    env:
      IMAGE_TAG: ${{ github.sha }}
      IMAGE_REGISTRY: ghcr.io/nvidia/openshell
      DOCKER_PUSH: ${{ inputs.push && '1' || '0' }}
      DOCKER_PLATFORM: ${{ inputs.platform }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Mark workspace safe for git
        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

      - name: Fetch tags
        run: git fetch --tags --force

      - name: Compute cargo version
        id: version
        run: |
          set -eu
          if [[ -n "${{ inputs.cargo-version }}" ]]; then
            echo "cargo_version=${{ inputs.cargo-version }}" >> "$GITHUB_OUTPUT"
          else
            echo "cargo_version=$(uv run python tasks/scripts/release.py get-version --cargo)" >> "$GITHUB_OUTPUT"
          fi

      - name: Log in to GHCR
        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin

      - name: Set up Docker Buildx
        uses: ./.github/actions/setup-buildx

      - name: Build ${{ inputs.component }} image
        env:
          DOCKER_BUILDER: openshell
          OPENSHELL_CARGO_VERSION: ${{ steps.version.outputs.cargo_version }}
          # Enable dev-settings feature for test settings (dummy_bool, dummy_int)
          # used by e2e tests.
          EXTRA_CARGO_FEATURES: openshell-core/dev-settings
        run: mise run --no-prepare docker:build:${{ inputs.component }}