Feat: double step dockerfile (#687)

Rotheem · web-flow · commit 001b352a3942 · 2025-04-01T17:44:09.000+02:00
### Description

Please explain the changes you made here.

### Checklist

- [ ] Created tests which fail without the change (if possible)
- [ ] All tests passing
- [ ] Extended the documentation, if necessary
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -1,45 +1,72 @@
-name: Build and Publish Hyperion Docker Images
-on:
-  workflow_dispatch:
-  push:
-    tags:
-      - 'v*.*.*'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-
-    steps:
-      - name: Check out the code
-        uses: actions/checkout@v4
-
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ secrets.DOCKER_REGISTRY_IDENTIFER }}/hyperion
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ secrets.DOCKER_REGISTRY_URL }}
-          username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
-          password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
-
-      - name: Build and push app
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          platforms: linux/amd64 #,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+name: Build and Publish Hyperion Docker Images
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Check out the code
+        uses: actions/checkout@v4
+
+      - name: Calculate requirements md5
+        run: |
+            echo "REQUIREMENTS_MD5=$(cat requirements-common.txt requirements-prod.txt | md5sum | cut -d ' ' -f 1)" >> $GITHUB_ENV
+          
+      - name: Check if base image exists
+        run: |
+          HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
+              -u ${{ secrets.DOCKER_REGISTRY_USERNAME }}:${{ secrets.DOCKER_REGISTRY_PASSWORD }} \
+              -H "Accept: application/vnd.oci.image.index.v1+json" \
+              "${{ secrets.DOCKER_REGISTRY_URL }}/v2/hyperion-base/manifests/${{ env.REQUIREMENTS_MD5 }}")
+    
+          echo "HTTP_CODE=$HTTP_CODE" >> $GITHUB_ENV
+    
+          if [ "$HTTP_CODE" -ne 200 ]; then
+            echo "Error: Base image not found, wait for the base image to be built first"
+            exit 1
+          fi
+    
+          echo "EXISTS=true" >> $GITHUB_ENV
+
+      - name: Docker metadata
+        if: env.EXISTS == 'true'
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKER_REGISTRY_IDENTIFER }}/hyperion
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Set up Docker Buildx
+        if: env.EXISTS == 'true'
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        if: env.EXISTS == 'true'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_REGISTRY_URL }}
+          username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
+          password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+
+      - name: Build and push app
+        if: env.EXISTS == 'true'
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64 #,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            REQUIREMENTS_MD5=${{env.REQUIREMENTS_MD5}}
+            DOCKER_REGISTRY_IDENTIFER=${{ secrets.DOCKER_REGISTRY_IDENTIFER }}
diff --git a/.github/workflows/publishbase.yml b/.github/workflows/publishbase.yml
@@ -0,0 +1,66 @@
+name: Build and Publish Hyperion Base Docker Images
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - 'Dockerfile.base'
+      - 'requirements-common.txt'
+      - 'requirements-prod.txt'
+
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Check out the code
+        uses: actions/checkout@v4
+
+      - name: Calculate requirements md5
+        run: |
+          echo "REQUIREMENTS_MD5=$(cat requirements-common.txt requirements-prod.txt | md5sum | cut -d ' ' -f 1)" >> $GITHUB_ENV
+
+      - name: Check if image exists
+        run: |
+          HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
+              -u ${{ secrets.DOCKER_REGISTRY_USERNAME }}:${{ secrets.DOCKER_REGISTRY_PASSWORD }} \
+              -H "Accept: application/vnd.oci.image.index.v1+json" \
+              "${{ secrets.DOCKER_REGISTRY_URL }}/v2/hyperion-base/manifests/${{ env.REQUIREMENTS_MD5 }}")
+          [ "$HTTP_CODE" -eq 200 ] && exists=true || exists=false
+          echo "EXISTS=$exists" >> $GITHUB_ENV
+                
+
+      - name: Docker metadata
+        if: env.EXISTS == 'false'
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKER_REGISTRY_IDENTIFER }}/hyperion-base
+          tags: |
+            ${{ env.REQUIREMENTS_MD5 }}
+
+      - name: Set up Docker Buildx
+        if: env.EXISTS == 'false'
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        if: env.EXISTS == 'false'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_REGISTRY_URL }}
+          username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
+          password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+
+      - name: Build and push app
+        if: env.EXISTS == 'false'
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile.base
+          platforms: linux/amd64 #,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
@@ -1,22 +1,20 @@
-FROM ghcr.io/astral-sh/uv:python3.11-bookworm
-
-ENV PYTHONDONTWRITEBYTECODE=1
-ENV PYTHONUNBUFFERED=1
-ENV UV_COMPILE_BYTECODE=1
-
-WORKDIR /hyperion
-
-COPY requirements-common.txt .
-COPY requirements-prod.txt .
-RUN uv pip install --system --no-cache-dir -r requirements-prod.txt
-
-COPY init.py .
-COPY alembic.ini .
-COPY migrations migrations/
-COPY assets assets/
-COPY app app/
-
-COPY start.sh .
-RUN chmod +x start.sh
-
-ENTRYPOINT ["./start.sh"]
+ARG REQUIREMENTS_MD5
+ARG DOCKER_REGISTRY_IDENTIFER
+FROM ${DOCKER_REGISTRY_IDENTIFER}/hyperion-base:${REQUIREMENTS_MD5}
+
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV UV_COMPILE_BYTECODE=1
+
+WORKDIR /hyperion
+
+COPY init.py .
+COPY alembic.ini .
+COPY migrations migrations/
+COPY assets assets/
+COPY app app/
+
+COPY start.sh .
+RUN chmod +x start.sh
+
+ENTRYPOINT ["./start.sh"]
diff --git a/Dockerfile.base b/Dockerfile.base
@@ -0,0 +1,13 @@
+FROM ghcr.io/astral-sh/uv:python3.11-bookworm
+
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV UV_COMPILE_BYTECODE=1
+
+WORKDIR /hyperion
+
+COPY requirements-common.txt .
+COPY requirements-prod.txt .
+RUN uv pip install --system --no-cache-dir -r requirements-prod.txt
+
+ENTRYPOINT ["/bin/bash"]
