Publish Docker image #14796
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
# GitHub recommends pinning actions to a commit SHA. | |
# To get a newer version, you will need to update the SHA. | |
# You can also reference a tag or branch, but the action may change without warning. | |
name: Publish Docker image | |
on: | |
workflow_dispatch: # allows manual triggering | |
schedule: | |
# Rebuild daily rather than on every push because it is expensive | |
- cron: '12 4 * * *' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref && github.ref || github.run_id }} | |
cancel-in-progress: true | |
# Fine-grant permission | |
# https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token | |
permissions: | |
packages: write | |
jobs: | |
push_to_registry: | |
name: Push Docker image to Docker Hub | |
runs-on: ubuntu-latest | |
env: | |
COMMIT_SHA: ${{ github.sha }} | |
strategy: | |
matrix: | |
config: | |
# Multi-stage build | |
- { tag: "cpu", dockerfile: ".devops/cpu.Dockerfile", platforms: "linux/amd64,linux/arm64", full: true, light: true, server: true, freediskspace: false} | |
- { tag: "cuda", dockerfile: ".devops/cuda.Dockerfile", platforms: "linux/amd64", full: true, light: true, server: true, freediskspace: false} | |
- { tag: "musa", dockerfile: ".devops/musa.Dockerfile", platforms: "linux/amd64", full: true, light: true, server: true, freediskspace: false} | |
- { tag: "intel", dockerfile: ".devops/intel.Dockerfile", platforms: "linux/amd64", full: true, light: true, server: true, freediskspace: false} | |
- { tag: "vulkan", dockerfile: ".devops/vulkan.Dockerfile", platforms: "linux/amd64", full: true, light: true, server: true, freediskspace: false} | |
# Note: the rocm images are failing due to a compiler error and are disabled until this is fixed to allow the workflow to complete | |
#- {tag: "rocm", dockerfile: ".devops/rocm.Dockerfile", platforms: "linux/amd64,linux/arm64", full: true, light: true, server: true, freediskspace: true } | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # preserve git history, so we can determine the build number | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Determine tag name | |
id: tag | |
shell: bash | |
run: | | |
BUILD_NUMBER="$(git rev-list --count HEAD)" | |
SHORT_HASH="$(git rev-parse --short=7 HEAD)" | |
REPO_OWNER="${GITHUB_REPOSITORY_OWNER@L}" # to lower case | |
REPO_NAME="${{ github.event.repository.name }}" | |
# determine tag name postfix (build number, commit hash) | |
if [[ "${{ env.GITHUB_BRANCH_NAME }}" == "master" ]]; then | |
TAG_POSTFIX="-b${BUILD_NUMBER}" | |
else | |
SAFE_NAME=$(echo "${{ env.GITHUB_BRANCH_NAME }}" | tr '/' '-') | |
TAG_POSTFIX="-${SAFE_NAME}-${SHORT_HASH}" | |
fi | |
# list all tags possible | |
if [[ "${{ matrix.config.tag }}" == "cpu" ]]; then | |
TYPE="" | |
else | |
TYPE="-${{ matrix.config.tag }}" | |
fi | |
PREFIX="ghcr.io/${REPO_OWNER}/${REPO_NAME}:" | |
FULLTAGS="${PREFIX}full${TYPE},${PREFIX}full${TYPE}${TAG_POSTFIX}" | |
LIGHTTAGS="${PREFIX}light${TYPE},${PREFIX}light${TYPE}${TAG_POSTFIX}" | |
SERVERTAGS="${PREFIX}server${TYPE},${PREFIX}server${TYPE}${TAG_POSTFIX}" | |
echo "full_output_tags=$FULLTAGS" >> $GITHUB_OUTPUT | |
echo "light_output_tags=$LIGHTTAGS" >> $GITHUB_OUTPUT | |
echo "server_output_tags=$SERVERTAGS" >> $GITHUB_OUTPUT | |
echo "full_output_tags=$FULLTAGS" # print out for debugging | |
echo "light_output_tags=$LIGHTTAGS" # print out for debugging | |
echo "server_output_tags=$SERVERTAGS" # print out for debugging | |
env: | |
GITHUB_BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
GITHUB_REPOSITORY_OWNER: '${{ github.repository_owner }}' | |
# https://github.com/jlumbroso/free-disk-space/tree/54081f138730dfa15788a46383842cd2f914a1be#example | |
- name: Free Disk Space (Ubuntu) | |
if: ${{ matrix.config.free_disk_space == true }} | |
uses: jlumbroso/free-disk-space@main | |
with: | |
# this might remove tools that are actually needed, | |
# if set to "true" but frees about 6 GB | |
tool-cache: false | |
# all of these default to true, but feel free to set to | |
# "false" if necessary for your workflow | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
docker-images: true | |
swap-storage: true | |
- name: Build and push Full Docker image (tagged + versioned) | |
if: ${{ (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.config.full == true }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
platforms: ${{ matrix.config.platforms }} | |
# tag list is generated from step above | |
tags: ${{ steps.tag.outputs.full_output_tags }} | |
file: ${{ matrix.config.dockerfile }} | |
target: full | |
provenance: false | |
# using github experimental cache | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
# return to this if the experimental github cache is having issues | |
#cache-to: type=local,dest=/tmp/.buildx-cache | |
#cache-from: type=local,src=/tmp/.buildx-cache | |
- name: Build and push Light Docker image (tagged + versioned) | |
if: ${{ (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.config.light == true }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
platforms: ${{ matrix.config.platforms }} | |
# tag list is generated from step above | |
tags: ${{ steps.tag.outputs.light_output_tags }} | |
file: ${{ matrix.config.dockerfile }} | |
target: light | |
provenance: false | |
# using github experimental cache | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
# return to this if the experimental github cache is having issues | |
#cache-to: type=local,dest=/tmp/.buildx-cache | |
#cache-from: type=local,src=/tmp/.buildx-cache | |
- name: Build and push Server Docker image (tagged + versioned) | |
if: ${{ (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.config.server == true }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
platforms: ${{ matrix.config.platforms }} | |
# tag list is generated from step above | |
tags: ${{ steps.tag.outputs.server_output_tags }} | |
file: ${{ matrix.config.dockerfile }} | |
target: server | |
provenance: false | |
# using github experimental cache | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
# return to this if the experimental github cache is having issues | |
#cache-to: type=local,dest=/tmp/.buildx-cache | |
#cache-from: type=local,src=/tmp/.buildx-cache |