skyhook-packages/.github/workflows/pr_build.yaml at 0b24d6862bc4988539233715827e90b33a7c843b · NVIDIA/skyhook-packages · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Build Changed Packages (PR)

on:
  pull_request:
    branches:
      - main

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  # First job: detect which packages have changed
  detect-changes:
    runs-on: ubuntu-latest
    outputs:
      packages: ${{ steps.changes.outputs.packages }}
      has_changes: ${{ steps.changes.outputs.has_changes }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Detect changed packages
        id: changes
        run: |
          # Get list of changed files compared to base branch
          CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)

          echo "Changed files:"
          echo "$CHANGED_FILES"

          # Find unique package directories that have changes
          # A package is any directory containing a Dockerfile
          PACKAGES=""
          for dir in */; do
            dir_name="${dir%/}"
            # Skip hidden directories and non-package directories
            [[ "$dir_name" == .* ]] && continue
            [[ "$dir_name" == "scripts" ]] && continue

            # Check if this directory has a Dockerfile
            if [ -f "${dir_name}/Dockerfile" ]; then
              # Check if any files in this package changed
              if echo "$CHANGED_FILES" | grep -q "^${dir_name}/"; then
                if [ -n "$PACKAGES" ]; then
                  PACKAGES="${PACKAGES},\"${dir_name}\""
                else
                  PACKAGES="\"${dir_name}\""
                fi
                echo "Package changed: ${dir_name}"
              fi
            fi
          done

          if [ -n "$PACKAGES" ]; then
            echo "packages=[${PACKAGES}]" >> $GITHUB_OUTPUT
            echo "has_changes=true" >> $GITHUB_OUTPUT
          else
            echo "packages=[]" >> $GITHUB_OUTPUT
            echo "has_changes=false" >> $GITHUB_OUTPUT
            echo "No package changes detected"
          fi

  # Second job: validate changed packages
  validate:
    needs: detect-changes
    if: needs.detect-changes.outputs.has_changes == 'true'
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        package: ${{ fromJson(needs.detect-changes.outputs.packages) }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Check if package changed and config.json exists
        id: check-config
        shell: bash
        run: |
          CONFIG_FILE="${{ matrix.package }}/config.json"
          DOCKERFILE="${{ matrix.package }}/Dockerfile"
          PACKAGE_DIR="${{ matrix.package }}/"

          # Check if config.json exists
          if [ ! -f "$CONFIG_FILE" ]; then
            # Check if Dockerfile exists and has a FROM that references a skyhook-packages image
            if [ -f "$DOCKERFILE" ]; then
              # Check if FROM line contains "skyhook-packages" (indicating it inherits from another package)
              if grep -q "^FROM.*skyhook-packages" "$DOCKERFILE"; then
                echo "config_exists=false" >> $GITHUB_OUTPUT
                echo "config_changed=false" >> $GITHUB_OUTPUT
                echo "No config.json found, but Dockerfile inherits from skyhook-packages image - validation skipped"
              else
                # If we get here, config.json is missing and it's not inheriting from skyhook-packages
                echo "ERROR: config.json is required for package ${{ matrix.package }}" >&2
                echo "Package must have a config.json file unless it inherits from another skyhook-packages image." >&2
                echo "Current Dockerfile FROM line:" >&2
                grep "^FROM" "$DOCKERFILE" >&2 || echo "  (no FROM line found)" >&2
                exit 1
              fi
            else
              echo "ERROR: config.json is required for package ${{ matrix.package }}" >&2
              exit 1
            fi
          else
            echo "config_exists=true" >> $GITHUB_OUTPUT
          fi

          # Check if any file in the package changed (for validation)
          CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
          if echo "$CHANGED_FILES" | grep -q "^${PACKAGE_DIR}"; then
            echo "package_changed=true" >> $GITHUB_OUTPUT
            echo "Package ${{ matrix.package }} has changed files, validation will run if config.json exists"
            # If config.json exists, we should validate it when package changes
            if [ -f "$CONFIG_FILE" ]; then
              echo "config_changed=true" >> $GITHUB_OUTPUT
              echo "Package changed and config.json exists, validation required"
            else
              echo "config_changed=false" >> $GITHUB_OUTPUT
            fi
          else
            echo "package_changed=false" >> $GITHUB_OUTPUT
            echo "config_changed=false" >> $GITHUB_OUTPUT
            echo "No files changed in package ${{ matrix.package }}, skipping validation"
          fi

      - name: Check if package inherits from skyhook-packages
        id: check-inheritance
        if: steps.check-config.outputs.config_exists == 'true' && steps.check-config.outputs.package_changed == 'true'
        shell: bash
        run: |
          DOCKERFILE="${{ matrix.package }}/Dockerfile"

          if [ -f "$DOCKERFILE" ] && grep -q "^FROM.*skyhook-packages" "$DOCKERFILE"; then
            echo "inherits_from_skyhook_packages=true" >> $GITHUB_OUTPUT
            echo "Package inherits from skyhook-packages image - will use validate-inherited target"
          else
            echo "inherits_from_skyhook_packages=false" >> $GITHUB_OUTPUT
            echo "Package is standalone - will use validate-standalone target"
          fi

      - name: Validate config.json (standalone packages)
        if: steps.check-config.outputs.config_exists == 'true' && steps.check-config.outputs.package_changed == 'true' && steps.check-inheritance.outputs.inherits_from_skyhook_packages == 'false'
        shell: bash
        run: |
          make validate-standalone PACKAGE="${{ matrix.package }}"

      - name: Validate config.json (inherited packages)
        if: steps.check-config.outputs.config_exists == 'true' && steps.check-config.outputs.package_changed == 'true' && steps.check-inheritance.outputs.inherits_from_skyhook_packages == 'true'
        shell: bash
        run: |
          make validate-inherited PACKAGE="${{ matrix.package }}"

  # Third job: test changed packages
  test:
    needs: [detect-changes, validate]
    if: needs.detect-changes.outputs.has_changes == 'true'
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        package: ${{ fromJson(needs.detect-changes.outputs.packages) }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Check if package changed
        id: check-package
        shell: bash
        run: |
          PACKAGE_DIR="${{ matrix.package }}/"
          CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
          if echo "$CHANGED_FILES" | grep -q "^${PACKAGE_DIR}"; then
            echo "package_changed=true" >> $GITHUB_OUTPUT
            echo "Package ${{ matrix.package }} has changed files, tests will run"
          else
            echo "package_changed=false" >> $GITHUB_OUTPUT
            echo "No files changed in package ${{ matrix.package }}, skipping tests"
          fi

      - name: Install test dependencies
        if: steps.check-package.outputs.package_changed == 'true'
        shell: bash
        run: |
          make test-deps

      - name: Verify Docker is available for tests
        if: steps.check-package.outputs.package_changed == 'true'
        shell: bash
        run: |
          # Verify Docker daemon is running and accessible
          docker info > /dev/null 2>&1 || {
            echo "ERROR: Docker daemon is not accessible. Tests require Docker to run containers." >&2
            exit 1
          }
          echo "Docker is available and ready for tests"

      - name: Run tests for package
        if: steps.check-package.outputs.package_changed == 'true'
        shell: bash
        run: |
          make test-package PACKAGE="${{ matrix.package }}"

  # Fourth job: build changed packages
  build:
    needs: [detect-changes, validate]
    if: needs.detect-changes.outputs.has_changes == 'true'
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        package: ${{ fromJson(needs.detect-changes.outputs.packages) }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Get latest tag and short SHA
        id: version
        run: |
          # Get short SHA
          SHORT_SHA="sha$(git rev-parse --short HEAD)"
          echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT

          # Find the latest tag for this package (format: package/X.Y.Z)
          LATEST_TAG=$(git tag -l "${{ matrix.package }}/*" --sort=-v:refname | head -1)

          if [ -n "$LATEST_TAG" ]; then
            # Extract version from tag (e.g., "nvidia_tuned/1.2.0" -> "1.2.0")
            VERSION=$(echo "$LATEST_TAG" | cut -d'/' -f2)
            echo "Found latest tag: $LATEST_TAG (version: $VERSION)"
          else
            # No existing tag, use 0.0.0 as base
            VERSION="0.0.0"
            echo "No existing tags found for ${{ matrix.package }}, using $VERSION"
          fi

          echo "version=${VERSION}" >> $GITHUB_OUTPUT
          echo "full_tag=${VERSION}-dev.${SHORT_SHA}" >> $GITHUB_OUTPUT

      - name: Build and push Docker image
        uses: ./.github/actions/build-package
        with:
          package_name: ${{ matrix.package }}
          tags: |
            type=raw,value=${{ steps.version.outputs.full_tag }}
          registry: ${{ env.REGISTRY }}
          image_name: ${{ env.IMAGE_NAME }}
          generate_attestation: 'false'
          save_image_info: 'true'

  # Summary job to report status
  build-summary:
    needs: [detect-changes, validate, build]
    if: always()
    runs-on: ubuntu-latest
    steps:
      - name: Download all image info artifacts
        if: needs.build.result == 'success'
        uses: actions/download-artifact@v4
        with:
          pattern: image-info-*
          path: /tmp/image-info
          merge-multiple: true

      - name: Check build results and list images
        run: |
          if [ "${{ needs.detect-changes.outputs.has_changes }}" == "false" ]; then
            echo "✅ No packages changed - nothing to build"
            exit 0
          fi

          if [ "${{ needs.build.result }}" == "success" ]; then
            echo "✅ All changed packages built and pushed successfully"
            echo ""
            echo "## Images Pushed"
            echo ""

            # List all pushed images from artifacts
            for file in /tmp/image-info/*.txt; do
              [ -f "$file" ] || continue
              IMAGE=$(cat "$file")
              echo "- \`${IMAGE}\`"
            done
          elif [ "${{ needs.build.result }}" == "skipped" ]; then
            echo "⏭️ Build was skipped"
          else
            echo "❌ Some packages failed to build"
            exit 1
          fi