-
Notifications
You must be signed in to change notification settings - Fork 19
267 lines (242 loc) · 10.8 KB
/
docker-build.yml
File metadata and controls
267 lines (242 loc) · 10.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
name: Docker Build
on:
merge_group:
types: [ checks_requested ]
pull_request:
branches:
- main
push:
branches:
- main
tags:
- "[0-9]+.[0-9]+.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-RC[0-9]+"
workflow_dispatch:
env:
REGISTRY: ghcr.io
IS_PR: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-RC') }}
jobs:
build:
name: Build ${{ matrix.docker.jibImage || matrix.docker.image }} Docker Image
runs-on: ubuntu-24.04
services:
registry:
image: registry:3
ports:
- 5000:5000
permissions:
packages: write
strategy:
matrix:
# Define the Docker images to build. The job first builds an image using Docker which is used for the ui and for
# worker base images. Then the job builds an image using Jib. Both steps are optional, e.g., not all Jib builds
# need a base image, and the ui build does not need a Jib build.
#
# If the image is built with Docker:
# preparationTask (optional): Gradle task to run before building the image.
# image: Name of the image, used for the Docker image name.
# context: Path to the Docker context directory.
# dockerfile: Path of the Dockerfile to use, relative to context.
#
# If the image is built with Jib:
# jibImage: Name of the image built by Jib.
# task: Gradle task to build the image.
#
# Optional properties:
# freeDiskSpace: Whether to free disk space before building the image.
# skipWorkerBaseImage: Whether to skip building the worker base image.
docker:
- jibImage: core
task: :core:tinyJibDocker
- jibImage: orchestrator
task: :orchestrator:tinyJibDocker
- jibImage: maintenance-tasks
task: :tasks:tinyJibDocker
- jibImage: advisor-worker
task: :workers:advisor:tinyJibDocker
- image: analyzer-worker-base-image
context: workers/analyzer/docker
dockerfile: Analyzer.Dockerfile
jibImage: analyzer-worker
task: :workers:analyzer:tinyJibDocker
freeDiskSpace: true
- jibImage: config-worker
task: :workers:config:tinyJibDocker
- jibImage: evaluator-worker
task: :workers:evaluator:tinyJibDocker
- jibImage: notifier-worker
task: :workers:notifier:tinyJibDocker
- image: reporter-worker-base-image
context: workers/reporter/docker
dockerfile: Reporter.Dockerfile
jibImage: reporter-worker
task: :workers:reporter:tinyJibDocker
- image: scanner-worker-base-image
context: workers/scanner/docker
dockerfile: Scanner.Dockerfile
jibImage: scanner-worker
task: :workers:scanner:tinyJibDocker
- preparationTask: :core:generateOpenApiSpec
image: ui
context: ui
dockerfile: docker/UI.Dockerfile
steps:
- name: Checkout Repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Free Disk Space
if: ${{ matrix.docker.freeDiskSpace }}
uses: ./.github/actions/free-disk-space
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
with:
driver-opts: network=host
- name: Login to GitHub Container Registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Gradle
uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
- name: Get ORT-Server Version
run: |
ORT_SERVER_VERSION=$(./gradlew -q printVersion)
echo "ORT_SERVER_VERSION=${ORT_SERVER_VERSION}" >> $GITHUB_ENV
- name: Run Preparation Task ${{ matrix.docker.preparationTask }}
if: ${{ matrix.docker.preparationTask != '' }}
run: ./gradlew ${{ matrix.docker.preparationTask }}
- name: Extract Docker Metadata for ${{ matrix.docker.image }} Image
if: ${{ matrix.docker.dockerfile != '' }}
id: meta-base
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/ort-server-${{ matrix.docker.image }}
tags: |
type=raw,value=${{ env.ORT_SERVER_VERSION }}
type=ref,event=branch
type=sha
type=raw,value=latest,enable=${{ env.IS_RELEASE }}
- name: Set cache-to
run: |
# Only write to the registry cache if the workflow is not running for a PR.
echo "CACHE_TO=$([[ ${{ env.IS_PR }} == 'false' ]] && echo 'type=registry,ref=${{ env.REGISTRY }}/${{ github.repository_owner }}/ort-server-${{ matrix.docker.image }}:cache,mode=max' || echo '')" >> $GITHUB_ENV
# Load the image to the Docker daemon if it is required as a base image for the Jib build.
echo "LOAD_IMAGE=$([[ '${{ matrix.docker.task }}' != '' ]] && echo 'true' || echo 'false')" >> $GITHUB_ENV
# Push the image to the registry if it is not a PR and no Jib build is configured.
echo "PUSH_IMAGE=$([[ ${{ env.IS_PR }} == 'false' ]] && echo 'true' || echo 'false')" >> $GITHUB_ENV
- name: Build worker base image
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
context: docker
file: docker/Base.Dockerfile
tags: localhost:5000/ort-server-base-image:${{ env.ORT_SERVER_VERSION }}
labels: ${{ steps.meta-base.outputs.labels }}
push: true
- name: Build ${{ matrix.docker.image }} Image
if: ${{ matrix.docker.dockerfile != '' }}
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
context: ${{ matrix.docker.context }}
file: ${{ matrix.docker.context }}/${{ matrix.docker.dockerfile }}
build-contexts: |
ort-server-base-image:latest=docker-image://localhost:5000/ort-server-base-image:latest
push: ${{ env.PUSH_IMAGE }}
load: ${{ env.LOAD_IMAGE }}
tags: ${{ steps.meta-base.outputs.tags }}
labels: ${{ steps.meta-base.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ github.repository_owner }}/ort-server-${{ matrix.docker.image }}:cache
cache-to: ${{ env.CACHE_TO }}
build-args: |
BASE_REGISTRY=localhost:5000/
BASE_IMAGE_TAG=${{ env.ORT_SERVER_VERSION }}
- name: Extract Docker Metadata for ${{ matrix.docker.jibImage }} Image
if: ${{ matrix.docker.task != '' }}
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
tags: |
type=raw,value=${{ env.ORT_SERVER_VERSION }}
type=ref,event=branch
type=sha
type=raw,value=latest,enable=${{ env.IS_RELEASE }}
- name: Prepare Jib Cache Directories
if: ${{ matrix.docker.task != '' }}
run: |
sudo mkdir -p /mnt/jib-app-cache /mnt/jib-base-cache /mnt/tmp
sudo chown $USER /mnt/jib-app-cache /mnt/jib-base-cache /mnt/tmp
- name: Determine Jib base image
id: jib-base-image
if: ${{ matrix.docker.task != '' }}
run: |
if [[ -n "${{ matrix.docker.dockerfile }}" ]]; then
baseImagePrefix="docker://${{ env.REGISTRY }}/${{ github.repository_owner }}"
else
baseImagePrefix="localhost:5000"
fi
baseImageTag="${{ env.ORT_SERVER_VERSION }}"
echo "baseImagePrefix=$baseImagePrefix" >> $GITHUB_OUTPUT
echo "baseImageTag=$baseImageTag" >> $GITHUB_OUTPUT
- name: Build ${{ matrix.docker.jibImage }} Image
if: ${{ matrix.docker.task != '' }}
run: |
./gradlew \
-PdockerBaseImagePrefix=${{ steps.jib-base-image.outputs.baseImagePrefix }}/ \
-PdockerBaseImageTag=${{ steps.jib-base-image.outputs.baseImageTag }} \
-PdockerImagePrefix=${{ env.REGISTRY }}/${{ github.repository_owner }}/ \
-PdockerImageTag=${{ env.ORT_SERVER_VERSION }} \
${{ matrix.docker.task }} \
-Djib.applicationCache=/mnt/jib-app-cache \
-Djib.baseImageCache=/mnt/jib-base-cache \
-Djib.allowInsecureRegistries=true \
-Djava.io.tmpdir=/mnt/tmp \
-Djib.container.labels="$(echo "${{ steps.meta.outputs.labels }}" | tr '\n' ',' | sed 's/,$//')" \
-Djib.to.tags="$(echo "${{ steps.meta.outputs.tags }}" | tr '\n' ',' | sed 's/,$//')"
if [ "${{ env.IS_PR }}" = "false" ]; then
docker push ${{ env.REGISTRY }}/${{ github.repository_owner }}/ort-server-${{ matrix.docker.jibImage }} --all-tags
fi
publish-base-image:
name: Publish Base Image
runs-on: ubuntu-24.04
if: ${{ github.event_name != 'pull_request' && github.event_name != 'merge_group' }}
permissions:
packages: write
steps:
- name: Checkout Repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Login to GitHub Container Registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Gradle
uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
- name: Get ORT-Server Version
run: |
ORT_SERVER_VERSION=$(./gradlew -q printVersion)
echo "ORT_SERVER_VERSION=${ORT_SERVER_VERSION}" >> $GITHUB_ENV
- name: Extract Docker Metadata for base image
id: meta-base-image
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/ort-server-base-image
tags: |
type=raw,value=${{ env.ORT_SERVER_VERSION }}
type=ref,event=branch
type=sha
type=raw,value=latest,enable=${{ env.IS_RELEASE }}
- name: Build and push base image to registry
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
context: docker
file: docker/Base.Dockerfile
tags: ${{ steps.meta-base-image.outputs.tags }}
labels: ${{ steps.meta-base-image.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ github.repository_owner }}/ort-server-base-image:cache
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ github.repository_owner }}/ort-server-base-image:cache,mode=max
push: true