-
Notifications
You must be signed in to change notification settings - Fork 145
138 lines (118 loc) · 4.16 KB
/
build-soci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Build and push docker image with soci indexes to ghcr
on:
workflow_dispatch:
push:
branches:
- 'INFRA-2132-soci'
jobs:
build-and-push-image:
concurrency:
group: ${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
runs-on: a100-runner
permissions:
contents: write
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
submodules: recursive
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false
android: true
dotnet: true
haskell: true
large-packages: false
swap-storage: true
- name: Install soci
uses: lerentis/[email protected]
with:
soci-release: 'v0.4.0'
- name: Set up QEMU
uses: docker/[email protected]
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Set up containerd for ubuntu
uses: crazy-max/[email protected]
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/predibase/lorax
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha,prefix=,suffix=,format=short
type=raw,value=latest
- name: Set output
id: vars
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Build Docker image
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile # Path to your Dockerfile
push: false
tags: ${{ steps.meta.outputs.tags }}
outputs: type=oci,dest=/tmp/lorax-${{ steps.vars.outputs.sha_short }}.tar
- name: Import image in containerd
env:
sha_short: ${{ steps.vars.outputs.sha_short }}
run: |
echo "Importing $sha_short to GHCR"
sudo ctr i import --digests /tmp/lorax-$sha_short.tar
- name: Log in to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PAT }}
- name: Push image with containerd
env:
tags: ${{ steps.meta.outputs.tags }}
run: |
for tag in $tags
do
echo "Pushing $tag to GHCR"
sudo ctr i push --user "${{ github.repository_owner }}:${{ secrets.GHCR_PAT }}" $tag
done
- name: Create and push soci index
env:
tags: ${{ steps.meta.outputs.tags }}
run: |
export SOCI_PATH=$HOME/.soci/soci
for tag in $tags
do
echo "Creating soci index for $tag"
sudo $SOCI_PATH create $tag
echo "Pushing soci index for $tag"
sudo $SOCI_PATH push --user ${{ github.repository_owner }}:${{ secrets.GHCR_PAT }} $tag
done
- name: Push image with containerd (again) to ensure latest tag is "latest"
env:
tags: ${{ steps.meta.outputs.tags }}
run: |
# We do this because if soci index is the last one pushed, it messes up the quick start on GHCR
for tag in $tags
do
echo "Pushing $tag to GHCR"
sudo ctr i push --user "${{ github.repository_owner }}:${{ secrets.GHCR_PAT }}" $tag
done
- name: Prune older images
env:
sha_short: ${{ steps.vars.outputs.sha_short }}
run: |
# Delete images older than a day from docker store
docker image prune -a -f --filter "until=24h"
# Delete the on disk copy
rm -rf "/tmp/lorax-$sha_short.tar"
# Delete the SHA image(s) from containerd store
sudo ctr i rm $(sudo ctr i ls -q)