Compiler - Docker images build & publish #234
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Build and publish Docker images for different applications using AWS EC2. | |
| name: Compiler - Docker images build & publish | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| instance_id: | |
| description: 'Instance ID' | |
| type: string | |
| instance_image_id: | |
| description: 'Instance AMI ID' | |
| type: string | |
| instance_type: | |
| description: 'Instance product type' | |
| type: string | |
| runner_name: | |
| description: 'Action runner name' | |
| type: string | |
| request_id: | |
| description: 'Slab request ID' | |
| type: string | |
| matrix_item: | |
| description: 'Build matrix item' | |
| type: string | |
| # concurrency: | |
| # group: compiler_publish_docker_images-${{ github.ref }} | |
| # cancel-in-progress: true | |
| env: | |
| THIS_FILE: .github/workflows/compiler_publish_docker_images.yml | |
| jobs: | |
| BuildAndPushDockerImages: | |
| needs: [BuildAndPublishHPXDockerImage, BuildAndPublishCUDADockerImage] | |
| name: Build & Publish Docker Images | |
| runs-on: ${{ github.event.inputs.runner_name }} | |
| strategy: | |
| matrix: | |
| include: | |
| - name: test-env | |
| image: ghcr.io/zama-ai/concrete-compiler | |
| dockerfile: docker/Dockerfile.concrete-compiler-env | |
| steps: | |
| - name: Instance configuration used | |
| run: | | |
| echo "IDs: ${{ inputs.instance_id }}" | |
| echo "AMI: ${{ inputs.instance_image_id }}" | |
| echo "Type: ${{ inputs.instance_type }}" | |
| echo "Request ID: ${{ inputs.request_id }}" | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| submodules: recursive | |
| token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} | |
| - name: Login to Registry | |
| run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io | |
| # label was initially a need from the frontend CI | |
| - name: Build Image | |
| run: | | |
| DOCKER_BUILDKIT=1 docker build --no-cache \ | |
| --label "commit-sha=${{ github.sha }}" -t ${{ matrix.image }} -f ${{ matrix.dockerfile }} . | |
| - name: Tag and Publish Image | |
| run: | | |
| docker image tag ${{ matrix.image }} ${{ matrix.image }}:${{ github.sha }} | |
| docker image push ${{ matrix.image }}:latest | |
| docker image push ${{ matrix.image }}:${{ github.sha }} | |
| - name: Tag and Publish Release Image | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| docker image tag ${{ matrix.image }} ${{ matrix.image }}:${{ github.ref_name }} | |
| docker image push ${{ matrix.image }}:${{ github.ref_name }} | |
| BuildAndPublishHPXDockerImage: | |
| name: Build & Publish HPX Docker Image | |
| runs-on: ${{ github.event.inputs.runner_name }} | |
| env: | |
| IMAGE: ghcr.io/zama-ai/hpx | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up env | |
| run: | | |
| echo "HOME=/home/ubuntu" >> "${GITHUB_ENV}" | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v44.5.24 | |
| - name: Login | |
| id: login | |
| if: contains(steps.changed-files.outputs.modified_files, 'docker/Dockerfile.hpx-env') || contains(steps.changed-files.outputs.modified_files, env.THIS_FILE) | |
| run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io | |
| - name: Build Tag and Publish | |
| if: ${{ steps.login.conclusion != 'skipped' }} | |
| run: | | |
| docker build -t "${IMAGE}" -f docker/Dockerfile.hpx-env . | |
| docker push "${IMAGE}:latest" | |
| BuildAndPublishCUDADockerImage: | |
| name: Build & Publish CUDA Docker Image | |
| runs-on: ${{ github.event.inputs.runner_name }} | |
| env: | |
| IMAGE: ghcr.io/zama-ai/cuda | |
| strategy: | |
| matrix: | |
| include: | |
| - name: cuda-12-3 | |
| tag: 12-3 | |
| dockerfile: docker/Dockerfile.cuda-123-env | |
| - name: cuda-11-8 | |
| tag: 11-8 | |
| dockerfile: docker/Dockerfile.cuda-118-env | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up env | |
| run: | | |
| echo "HOME=/home/ubuntu" >> "${GITHUB_ENV}" | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v44.5.24 | |
| - name: Login | |
| id: login | |
| # from the docs: The jobs.<job_id>.if condition is evaluated before jobs.<job_id>.strategy.matrix is applied. So we can't just use matrix.dockerfile | |
| # so we have to build both images if one of the two files change, or we will have to split this into two | |
| # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idif | |
| if: contains(steps.changed-files.outputs.modified_files, 'docker/Dockerfile.cuda-118-env') || contains(steps.changed-files.outputs.modified_files, 'docker/Dockerfile.cuda-123-env') || contains(steps.changed-files.outputs.modified_files, env.THIS_FILE) | |
| run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io | |
| - name: Build Tag and Publish | |
| if: ${{ steps.login.conclusion != 'skipped' }} | |
| run: | | |
| docker build -t "${IMAGE}" -f ${{ matrix.dockerfile }} . | |
| docker image tag "${IMAGE}" "${IMAGE}:${{ matrix.tag }}" | |
| docker push "${IMAGE}:${{ matrix.tag }}" | |
| - name: Push Latest Image | |
| if: ${{ steps.login.conclusion != 'skipped' && matrix.tag == '11-8' }} | |
| run: docker push "${IMAGE}:latest" |