ome-projects · slin1237 · Jun 28, 2025 · Jun 28, 2025 · gemini-code-assist · Jun 28, 2025
@@ -1,4 +1,4 @@
-name: Publish Helm Charts to GitHub Pages
+name: Publish Helm Charts to GitHub Pages and OCI Registry
 
 on:
   push:
@@ -14,6 +14,11 @@ permissions:
   contents: write
   pages: write
   id-token: write
+  packages: write
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_ORG: moirai-internal
 
 jobs:
   publish-charts:
@@ -34,6 +39,13 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.MOIRAI_REGISTRY_TOKEN }}
+
       - name: Prepare charts directory
         run: |
           mkdir -p .charts-repo
@@ -55,6 +67,12 @@ jobs:
             helm package "${chart}" -d .charts-repo
           done
 
+      - name: Push charts to OCI registry
+        run: |
+          for chart in .charts-repo/*.tgz; do
+            helm push ${chart} oci://${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/charts
+          done
+
       - name: Checkout gh-pages branch
         run: |
           git fetch origin gh-pages || true
@@ -98,6 +116,14 @@ jobs:
 
               <div class="instructions">
                   <h2>Installation Instructions</h2>
+
+                  <h3>Option 1: OCI Registry (Recommended)</h3>
+                  <pre>
+# Install directly from OCI registry
+helm install ome-crd oci://ghcr.io/moirai-internal/charts/ome-crd --namespace ome --create-namespace
+helm install ome oci://ghcr.io/moirai-internal/charts/ome-resources --namespace ome</pre>
+
+                  <h3>Option 2: Helm Repository</h3>
                   <pre>
 # Add the OME Helm repository
 helm repo add ome https://sgl-project.github.io/ome

@@ -48,7 +48,7 @@ jobs:
           # Create VEX document for known false positives or accepted risks
           vexctl create \
             --author="OME Maintainers" \
-            --role="Project Maintainer" \
+            --author-role="Project Maintainer" \
             --product="pkg:github/sgl-project/ome@${TAG}" \
             --file="ome-${TAG}.vex.json"
 

@@ -137,21 +137,33 @@ jobs:
         with:
           version: 'latest'
 
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.MOIRAI_REGISTRY_TOKEN }}
+
       - name: Update chart versions
         run: |
           VERSION=${{ needs.prepare.outputs.version }}
+          TAG=${{ needs.prepare.outputs.tag }}
 
           # Update chart versions
           for chart in charts/*/; do
             yq eval -i ".version = \"${VERSION}\"" ${chart}Chart.yaml
             yq eval -i ".appVersion = \"${VERSION}\"" ${chart}Chart.yaml
 
-            # Update image tags in values.yaml
-            if [[ -f ${chart}values.yaml ]]; then
-              yq eval -i ".image.tag = \"${{ needs.prepare.outputs.tag }}\"" ${chart}values.yaml
-              yq eval -i ".image.repository = \"ghcr.io/moirai-internal/ome-manager\"" ${chart}values.yaml
-              yq eval -i ".modelAgent.image.repository = \"ghcr.io/moirai-internal/model-agent\"" ${chart}values.yaml
-              yq eval -i ".modelAgent.image.tag = \"${{ needs.prepare.outputs.tag }}\"" ${chart}values.yaml
+            # Update image tags in values.yaml for ome-resources chart
+            if [[ -f ${chart}values.yaml ]] && [[ $(basename ${chart}) == "ome-resources" ]]; then
+              # Update the defaultVersion anchor
+              yq eval -i ".ome.version = \"${TAG}\"" ${chart}values.yaml
+
+              # Update specific image tags that don't use the anchor
+              yq eval -i ".ome.benchmarkJob.tag = \"${TAG}\"" ${chart}values.yaml
+              yq eval -i ".ome.multinodeProber.tag = \"${TAG}\"" ${chart}values.yaml
+              yq eval -i ".ome.omeAgent.tag = \"${TAG}\"" ${chart}values.yaml
+              yq eval -i ".modelAgent.image.tag = \"${TAG}\"" ${chart}values.yaml
             fi
           done
 
@@ -162,7 +174,14 @@ jobs:
             helm package ${chart} -d .charts
           done
 
-      - name: Create chart index
+      - name: Push charts to OCI registry
+        run: |
+          for chart in .charts/*.tgz; do
+            chart_name=$(basename ${chart%.tgz} | cut -d- -f1)
+            helm push ${chart} oci://${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/charts
+          done
+
+      - name: Create chart index for GitHub Pages
         run: |
           helm repo index .charts --url https://github.com/sgl-project/ome/releases/download/${{ needs.prepare.outputs.tag }}
 
@@ -262,6 +281,16 @@ jobs:
 
           ## ⎈ Helm Installation
 
+          ### Option 1: OCI Registry (Recommended)
+
+          \`\`\`bash
+          # Install directly from OCI registry
+          helm install ome-crd oci://ghcr.io/moirai-internal/charts/ome-crd --version ${{ needs.prepare.outputs.version }} --namespace ome --create-namespace
+          helm install ome oci://ghcr.io/moirai-internal/charts/ome-resources --version ${{ needs.prepare.outputs.version }} --namespace ome
+          \`\`\`
+
+          ### Option 2: GitHub Releases
+
           \`\`\`bash
           # Add the OME Helm repository
           helm repo add ome https://github.com/sgl-project/ome/releases/download/${{ needs.prepare.outputs.tag }}

@@ -41,11 +41,25 @@ jobs:
           syft dir:. -o spdx-json > ome-${TAG}-sbom.spdx.json
           syft dir:. -o cyclonedx-json > ome-${TAG}-sbom.cyclonedx.json
 
-          # Generate SBOM for container images
+          # Generate SBOM for container images with retry logic
           for image in ome-manager model-agent ome-agent multinode-prober; do
             echo "Generating SBOM for ${image}..."
-            syft ghcr.io/moirai-internal/ome/${image}:${TAG} -o spdx-json > ${image}-${TAG}-sbom.spdx.json
-            syft ghcr.io/moirai-internal/ome/${image}:${TAG} -o cyclonedx-json > ${image}-${TAG}-sbom.cyclonedx.json
+
+            # Retry up to 5 times with 30 second delays
+            for attempt in {1..5}; do
+              if syft ghcr.io/moirai-internal/${image}:${TAG} -o spdx-json > ${image}-${TAG}-sbom.spdx.json 2>/dev/null; then
+                syft ghcr.io/moirai-internal/${image}:${TAG} -o cyclonedx-json > ${image}-${TAG}-sbom.cyclonedx.json
+                echo "✅ Successfully generated SBOM for ${image}"
+                break
+              else
+                echo "⏳ Attempt ${attempt}/5 failed. Image might not be available yet. Retrying in 30s..."
+                if [ ${attempt} -lt 5 ]; then
+                  sleep 30
+                else
+                  echo "❌ Failed to generate SBOM for ${image} after 5 attempts"
+                fi
+              fi
+            done
           done
 
       - name: Upload SBOMs to release

@@ -45,21 +45,37 @@ Read the [documentation](https://sgl-project.github.io/ome/docs/) to learn more
 
 **Requires Kubernetes 1.28 or newer**
 
-To install OME in your cluster using Helm:
+### Option 1: OCI Registry (Recommended)
+
+Install OME directly from the OCI registry:
+
+```bash
+# Install OME CRDs
+helm upgrade --install ome-crd oci://ghcr.io/moirai-internal/charts/ome-crd --namespace ome --create-namespace
+
+# Install OME resources
+helm upgrade --install ome oci://ghcr.io/moirai-internal/charts/ome-resources --namespace ome
-helm upgrade --install ome-crd oci://ghcr.io/moirai-internal/charts/ome-crd --namespace ome --create-namespace
-
-# Install OME resources
-helm upgrade --install ome oci://ghcr.io/moirai-internal/charts/ome-resources --namespace ome
+helm upgrade --install ome-crd oci://ghcr.io/sgl-project/charts/ome-crd --namespace ome --create-namespace
+
+# Install OME resources
+helm upgrade --install ome oci://ghcr.io/sgl-project/charts/ome-resources --namespace ome
-helm upgrade --install ome-crd oci://ghcr.io/moirai-internal/charts/ome-crd --namespace ome --create-namespace
-
-# Install OME resources
-helm upgrade --install ome oci://ghcr.io/moirai-internal/charts/ome-resources --namespace ome
+helm upgrade --install ome-crd oci://ghcr.io/sgl-project/charts/ome-crd --namespace ome --create-namespace
+
+# Install OME resources
+helm upgrade --install ome oci://ghcr.io/sgl-project/charts/ome-resources --namespace ome
+```
+
+### Option 2: Helm Repository
+
+Install using the traditional Helm repository:
 
 ```bash
 # Add the OME Helm repository
 helm repo add ome https://sgl-project.github.io/ome
 helm repo update
 
 # Install OME CRDs first
-helm install ome-crd ome/ome-crd --namespace ome --create-namespace
+helm upgrade --install ome-crd ome/ome-crd --namespace ome --create-namespace
 
 # Install OME resources
-helm install ome ome/ome-resources --namespace ome
+helm upgrade --install ome ome/ome-resources --namespace ome
 ```
 
-For installation from source:
+### Option 3: Install from Source
+
+For development or customization:
 
 ```bash
 # Clone the repository