NVIDIA · mmou-nv · Jan 19, 2026 · Jan 19, 2026 · Jan 19, 2026 · Jan 19, 2026
@@ -0,0 +1,225 @@
+name: Build CDS Containers
+
+# Only trigger when files in cds-containers/ folder are modified
+on:
+  push:
+    branches:
+      - main  # Only push images when merging to main
+    paths:
+      - 'cds-containers/**'
+      - '.github/workflows/build-cds-containers.yml'
+  pull_request:
+    paths:
+      - 'cds-containers/**'
+      - '.github/workflows/build-cds-containers.yml'
+  workflow_dispatch:  # Allow manual trigger
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAMESPACE: nvidia/dsx-github-actions
+
+permissions:
+  contents: read
+  packages: write  # Required to push to GHCR
+
+jobs:
+  # Job 1: Read version from VERSION.md
+  get-version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.extract-version.outputs.version }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Extract version from VERSION
+        id: extract-version
+        run: |
+          VERSION=$(cat cds-containers/VERSION | tr -d '[:space:]')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "📌 Container version: $VERSION"
+
+  # Job 2: Build and push all container images
+  build-and-push-images:
+    runs-on: ubuntu-latest
+    needs: get-version
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - name: cds-tools
+            path: cds-containers/tools
+            description: "CDS tools container with Bazel, Terraform, Helm, kubectl, NGC CLI, etc."
+          - name: cds-grafana-backup-tool
+            path: cds-containers/grafana-backup-tool
+            description: "Grafana backup tool container"
+          - name: cds-go-dev-1.24-alpine
+            path: cds-containers/go-dev-1.24-alpine
+            description: "Go 1.24 development container (Alpine-based, minimal size)"
+          - name: cds-go-dev-1.24-debian
+            path: cds-containers/go-dev-1.24-debian
+            description: "Go 1.24 development container (Debian-based, better compatibility)"
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${{ matrix.image.name }}
+          tags: |
+            # Version from VERSION.md: 0.0.1
+            type=raw,value=${{ needs.get-version.outputs.version }}
+            # Major.minor: 0.0.1 → 0.0
+            type=raw,value=${{ needs.get-version.outputs.version }},enable=true,suffix=-latest
+            # Latest tag
+            type=raw,value=latest
+            # Commit SHA: dev-abc1234 (for testing specific builds)
+            type=sha,prefix=dev-
+            # Branch name (for PR/branch builds)
+            type=ref,event=branch
+            type=ref,event=pr
+          labels: |
+            org.opencontainers.image.description=${{ matrix.image.description }}
+            org.opencontainers.image.vendor=NVIDIA
+            org.opencontainers.image.version=${{ needs.get-version.outputs.version }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./cds-containers
+          file: ${{ matrix.image.path }}/Dockerfile
+          # Only push on push events (not PRs) to avoid permission issues
+          push: ${{ github.event_name == 'push' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build summary
+        run: |
+          if [ "${{ github.event_name }}" = "push" ]; then
+            echo "✅ Image built and pushed to GHCR:"
+            echo "${{ steps.meta.outputs.tags }}" | sed 's/^/  - /'
+          else
+            echo "✅ Image built successfully (not pushed in PR)"
+            echo "📦 Tags that would be created:"
+            echo "${{ steps.meta.outputs.tags }}" | sed 's/^/  - /'
+          fi
+
+  # Job 3: Test using the built go-dev image
+  test-go-dev-image:
+    runs-on: ubuntu-latest
+    needs: [get-version, build-and-push-images]
+    # Only run tests when images are pushed (not on PRs)
+    if: github.event_name == 'push'
+
+    # Use the newly built go-dev container with version tag
+    container:
+      image: ghcr.io/nvidia/dsx-github-actions/cds-go-dev-1.24-alpine:${{ needs.get-version.outputs.version }}
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    steps:
+      - name: Test container tools
+        run: |
+          echo "Testing Go development container (v${{ needs.get-version.outputs.version }})..."
+          go version
+          golangci-lint --version
+          goimports -h || true
+
+          echo ""
+          echo "✅ Go container tools are working!"
+
+      - name: Test building Go code
+        run: |
+          # Create a simple Go program to test
+          cat > hello.go << 'EOF'
+          package main
+          import "fmt"
+          func main() {
+              fmt.Println("Hello from CDS Go container v${{ needs.get-version.outputs.version }}!")
+          }
+          EOF
+
+          go build hello.go
+          ./hello
+
+  # Job 4: Test using tools container
+  test-tools-image:
+    runs-on: ubuntu-latest
+    needs: [get-version, build-and-push-images]
+    # Only run tests when images are pushed (not on PRs)
+    if: github.event_name == 'push'
+
+    container:
+      image: ghcr.io/nvidia/dsx-github-actions/cds-tools:${{ needs.get-version.outputs.version }}
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    steps:
+      - name: Test tools container
+        run: |
+          echo "Testing CDS tools container (v${{ needs.get-version.outputs.version }})..."
+          echo ""
+
+          echo "🔧 Tool versions:"
+          echo "  - Bazel (default): $(bazel --version)"
+          echo "  - Bazel 6: $(bazel6 --version)"
+          echo "  - Bazel 8: $(bazel8 --version)"
+          echo "  - Kubectl: $(kubectl version --client --short 2>/dev/null || kubectl version --client)"
+          echo "  - Helm: $(helm version --short)"
+          echo "  - Terraform: $(terraform version -json | jq -r '.terraform_version')"
+          echo "  - Terragrunt: $(terragrunt --version)"
+          echo "  - NGC CLI: $(ngc version --json | jq -r '.version')"
+          echo "  - YQ: $(yq --version)"
+          echo "  - Node.js: $(node --version)"
+          echo "  - Python: $(python3 --version)"
+          echo "  - UV: $(uv --version)"
+          echo ""
+          echo "✅ All tools are working!"
+
+  # Job 5: Summary
+  summary:
+    runs-on: ubuntu-latest
+    needs: [get-version, build-and-push-images, test-go-dev-image, test-tools-image]
+    if: always()
+
+    steps:
+      - name: Build summary
+        run: |
+          echo "## 🎉 CDS Containers Build Summary"
+          echo ""
+          echo "📦 Version: ${{ needs.get-version.outputs.version }}"
+          echo "🔨 Trigger: ${{ github.event_name }}"
+          echo "📌 Commit: ${{ github.sha }}"
+          echo ""
+          echo "✅ Built and pushed 4 container images to GHCR:"
+          echo "  - ghcr.io/nvidia/dsx-github-actions/cds-tools:${{ needs.get-version.outputs.version }}"
+          echo "  - ghcr.io/nvidia/dsx-github-actions/cds-grafana-backup-tool:${{ needs.get-version.outputs.version }}"
+          echo "  - ghcr.io/nvidia/dsx-github-actions/cds-go-dev-1.24-alpine:${{ needs.get-version.outputs.version }}"
+          echo "  - ghcr.io/nvidia/dsx-github-actions/cds-go-dev-1.24-debian:${{ needs.get-version.outputs.version }}"
+          echo ""
+          echo "📍 Usage example:"
+          echo "   container:"
+          echo "     image: ghcr.io/nvidia/dsx-github-actions/cds-tools:${{ needs.get-version.outputs.version }}"
+          echo "     credentials:"
+          echo "       username: \${{ github.actor }}"
+          echo "       password: \${{ secrets.GITHUB_TOKEN }}"
+          echo ""
+          echo "✅ All tests passed!"
@@ -0,0 +1,12 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: mixed-line-ending
+        args: [--fix=lf]
+      - id: end-of-file-fixer
+      - id: forbid-submodules
+      - id: trailing-whitespace
@@ -0,0 +1,28 @@
+# Changelog
+
+All notable changes to CDS Containers will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.0.1] - 2026-01-19
+
+### Added
+- Initial GitHub version of CDS containers
+- `cds-tools` container with Bazel 6.5.0 & 8.4.0, kubectl, helm, terraform, terragrunt, NGC CLI
+- `cds-go-dev-1.24-alpine` container for Go development (Alpine-based, minimal size)
+- `cds-go-dev-1.24-debian` container for Go development (Debian-based, better compatibility)
+- `cds-grafana-backup-tool` container for Grafana backups
+- GitHub Actions workflow for building and pushing to GHCR
+- Version management via VERSION.md file
+- Path-filtered pipeline (only triggers on cds-containers/ changes)
+- Comprehensive documentation and usage examples
+
+### Removed
+- `nvault` (requires internal URM access, not available on GitHub runners)
+- `cds-cli` (requires internal GitLab access, not available on GitHub runners)
+
+### Changed
+- Container registry from GitLab to GitHub Container Registry (GHCR)
+- Image naming from `cds/cds-containers/*` to `nvidia/dsx-github-actions/cds-*`
+- Version tagging from Git tags to VERSION.md file-based versioning
@@ -0,0 +1,3 @@
+init:
+	pip install pre-commit
+	pre-commit install