|
| 1 | +name: Shadow — Docker Build (local driver + GHA cache) |
| 2 | + |
| 3 | +# OS-49 Phase 3 / PR 3 — non-blocking shadow of docker-build.yml. |
| 4 | +# |
| 5 | +# Exercises buildx's local (docker-container) driver plus GHA-cache |
| 6 | +# (type=gha, scoped per component+arch) so Docker builds no longer depend on |
| 7 | +# the in-cluster BuildKit pods. Per-arch matrix on nv-gha-runners; each job |
| 8 | +# builds a single platform natively (no QEMU). No multi-arch manifest |
| 9 | +# merging — that folds into the real cut-over in Phase 6. |
| 10 | +# |
| 11 | +# Plan, decision thresholds, and results: OS-127 Linear issue. Dispatch |
| 12 | +# manually 4–5 times after merge to collect cold + warm numbers. |
| 13 | + |
| 14 | +on: |
| 15 | + push: |
| 16 | + branches: [main] |
| 17 | + workflow_dispatch: |
| 18 | + |
| 19 | +permissions: |
| 20 | + contents: read |
| 21 | + packages: read |
| 22 | + |
| 23 | +env: |
| 24 | + MISE_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 25 | + |
| 26 | +jobs: |
| 27 | + shadow-build: |
| 28 | + name: shadow ${{ matrix.component }} (${{ matrix.arch }}) |
| 29 | + strategy: |
| 30 | + fail-fast: false |
| 31 | + matrix: |
| 32 | + component: [gateway, supervisor, cluster] |
| 33 | + arch: [amd64, arm64] |
| 34 | + include: |
| 35 | + - arch: amd64 |
| 36 | + runner: linux-amd64-cpu8 |
| 37 | + - arch: arm64 |
| 38 | + runner: linux-arm64-cpu8 |
| 39 | + runs-on: ${{ matrix.runner }} |
| 40 | + container: |
| 41 | + image: ghcr.io/nvidia/openshell/ci:latest |
| 42 | + credentials: |
| 43 | + username: ${{ github.actor }} |
| 44 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 45 | + options: --privileged |
| 46 | + volumes: |
| 47 | + - /var/run/docker.sock:/var/run/docker.sock |
| 48 | + timeout-minutes: 45 |
| 49 | + steps: |
| 50 | + - uses: actions/checkout@v4 |
| 51 | + with: |
| 52 | + fetch-depth: 0 |
| 53 | + |
| 54 | + - name: Mark workspace safe for git |
| 55 | + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" |
| 56 | + |
| 57 | + - name: Install tools |
| 58 | + run: mise install |
| 59 | + |
| 60 | + - name: Set up buildx (local driver) |
| 61 | + uses: ./.github/actions/setup-buildx |
| 62 | + with: |
| 63 | + driver: local |
| 64 | + |
| 65 | + - name: Package Helm chart (cluster only) |
| 66 | + if: matrix.component == 'cluster' |
| 67 | + run: | |
| 68 | + mkdir -p deploy/docker/.build/charts |
| 69 | + helm package deploy/helm/openshell -d deploy/docker/.build/charts/ |
| 70 | +
|
| 71 | + - name: Build ${{ matrix.component }} (${{ matrix.arch }}) |
| 72 | + # Matches docker-build.yml's default EXTRA_CARGO_FEATURES so CI image |
| 73 | + # content is comparable. No --push: the shadow measures build/cache |
| 74 | + # mechanics, not publish behavior. Multi-arch manifests are Phase 6. |
| 75 | + run: | |
| 76 | + docker buildx build \ |
| 77 | + --builder openshell \ |
| 78 | + --platform linux/${{ matrix.arch }} \ |
| 79 | + --cache-from type=gha,scope=${{ matrix.component }}-${{ matrix.arch }} \ |
| 80 | + --cache-to type=gha,mode=max,scope=${{ matrix.component }}-${{ matrix.arch }} \ |
| 81 | + --build-arg EXTRA_CARGO_FEATURES=openshell-core/dev-settings \ |
| 82 | + --load \ |
| 83 | + --file deploy/docker/Dockerfile.images \ |
| 84 | + --target ${{ matrix.component }} \ |
| 85 | + . |
| 86 | +
|
| 87 | + - name: buildx du |
| 88 | + if: always() |
| 89 | + run: docker buildx du --builder openshell || true |
0 commit comments