From 0a7fc2c84d7ff7a05ae3439065a6d5e05dd69ac2 Mon Sep 17 00:00:00 2001 From: moze Date: Wed, 6 May 2026 01:20:51 +0200 Subject: [PATCH] ci: fix docker workflow - registry cache, build-push-action@v6, REGISTRY_TOKEN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Replace type=gha cache (disabled on this runner) with type=registry cache - Upgrade docker/build-push-action v5 → v6 (matches whisper-rtx2080 pattern) - Switch auth to REGISTRY_USERNAME/REGISTRY_TOKEN repo secrets - Split into two parallel jobs (build-cpu / build-gpu) for visibility - Use github.ref conditions (Gitea compat) instead of is_default_branch --- .gitea/workflows/docker.yml | 101 +++++++++++++++++++++--------------- 1 file changed, 59 insertions(+), 42 deletions(-) diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml index f95e628..5b276da 100644 --- a/.gitea/workflows/docker.yml +++ b/.gitea/workflows/docker.yml @@ -9,77 +9,94 @@ on: - 'v*.*.*' workflow_dispatch: +env: + REGISTRY: git.sal.giize.com + IMAGE_NAME: mozempk/trueref + jobs: - docker: - name: Build and push + # ── CPU image ────────────────────────────────────────────────────────────── + build-cpu: + name: Build and push CPU image runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - # Set up Docker Buildx for efficient layer caching. - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - # Log in to the Gitea container registry. - # The built-in GITEA_TOKEN is injected automatically by Gitea Actions and - # has write access to packages in the same organisation/user namespace. - name: Log in to Gitea registry uses: docker/login-action@v3 with: - registry: git.sal.giize.com - username: ${{ gitea.actor }} - password: ${{ secrets.GITEA_TOKEN }} + registry: ${{ env.REGISTRY }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_TOKEN }} - # ── Determine tags ─────────────────────────────────────────────────── # On a version tag (v1.2.3): latest, cpu, cpu-1.2.3, 1.2.3 # On branch push (main/master): latest, cpu - name: Docker metadata (CPU) - id: meta_cpu + id: meta uses: docker/metadata-action@v5 with: - images: git.sal.giize.com/mozempk/trueref - flavor: | - latest=auto + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=raw,value=cpu,enable={{is_default_branch}} + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' }} + type=raw,value=cpu,enable=${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' }} type=semver,pattern={{version}},prefix=cpu- type=semver,pattern={{version}} - - name: Docker metadata (GPU) - id: meta_gpu - uses: docker/metadata-action@v5 - with: - images: git.sal.giize.com/mozempk/trueref - flavor: | - latest=false - tags: | - type=raw,value=gpu,enable={{is_default_branch}} - type=semver,pattern={{version}},prefix=gpu- - - # ── CPU image ──────────────────────────────────────────────────────── - name: Build and push CPU image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: Dockerfile - push: true - tags: ${{ steps.meta_cpu.outputs.tags }} - labels: ${{ steps.meta_cpu.outputs.labels }} - cache-from: type=gha,scope=cpu - cache-to: type=gha,mode=max,scope=cpu + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + # Registry-backed layer cache — works without the GHA cache service. + cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-cpu + cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-cpu,mode=max + platforms: linux/amd64 + + # ── GPU image ────────────────────────────────────────────────────────────── + build-gpu: + name: Build and push GPU image + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Gitea registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_TOKEN }} + + # On a version tag (v1.2.3): gpu, gpu-1.2.3 + # On branch push (main/master): gpu + - name: Docker metadata (GPU) + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=gpu,enable=${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' }} + type=semver,pattern={{version}},prefix=gpu- - # ── GPU image ──────────────────────────────────────────────────────── - # Built from the same source; only the runtime base image differs. - name: Build and push GPU image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: Dockerfile.gpu - push: true - tags: ${{ steps.meta_gpu.outputs.tags }} - labels: ${{ steps.meta_gpu.outputs.labels }} - cache-from: type=gha,scope=gpu - cache-to: type=gha,mode=max,scope=gpu + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-gpu + cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache-gpu,mode=max + platforms: linux/amd64