chroma/.github/workflows/_build_release_container.yml at main · amikos-tech/chroma · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: Build and publish container image to Docker and GitHub Container Registry

on:
  workflow_dispatch:
    inputs:
      push:
        description: 'Push the built image to registries'
        required: true
        default: false
        type: boolean
      tag:
        description: 'Tag to publish'
        required: true
        type: string
      tag_as_latest:
        description: 'Tag as latest'
        required: false
        default: false
        type: boolean

  workflow_call:
    inputs:
      push:
        description: 'Push the built image to registries'
        required: true
        default: false
        type: boolean
      tag:
        description: 'Tag to publish'
        required: true
        type: string
      tag_as_latest:
        description: 'Tag as latest'
        required: false
        default: false
        type: boolean

permissions:
  contents: read
  id-token: write
  packages: write

env:
  GHCR_IMAGE_NAME: "ghcr.io/chroma-core/chroma"
  DOCKERHUB_IMAGE_NAME: "chromadb/chroma"

jobs:
  build:
    name: Build image for ${{ matrix.platform }}
    runs-on: ${{ matrix.runner }}
    strategy:
      fail-fast: false
      matrix:
        platform: [amd64, arm64]
        include:
          - platform: amd64
            runner: blacksmith-16vcpu-ubuntu-2404
            docker_platform: linux/amd64
          - platform: arm64
            runner: blacksmith-16vcpu-ubuntu-2404-arm
            docker_platform: linux/arm64
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Docker
        uses: ./.github/actions/docker
        with:
          ghcr-username: ${{ github.actor }}
          ghcr-password: ${{ secrets.GITHUB_TOKEN }}
          dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
          dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Compute arch-specific tags
        id: tags
        shell: bash
        run: |
          arch_tag="${{ inputs.tag }}-${{ matrix.platform }}"
          ghcr="${{ env.GHCR_IMAGE_NAME }}:${arch_tag}"
          dhub="${{ env.DOCKERHUB_IMAGE_NAME }}:${arch_tag}"
          echo "arch_tag=$arch_tag"      >> $GITHUB_OUTPUT

          # expose *matrix-unique* step outputs
          echo "ghcr_tag_${{ matrix.platform }}=$ghcr"         >> $GITHUB_OUTPUT
          echo "dockerhub_tag_${{ matrix.platform }}=$dhub"    >> $GITHUB_OUTPUT

          # these two tags are what the build-push action will publish for *this* arch
          echo "tags=$ghcr,$dhub" >> $GITHUB_OUTPUT

      - name: Pre-pull base images
        shell: bash
        run: |
          set -euo pipefail

          # Pre-pull base images to speed up the build
          docker pull --platform ${{ matrix.docker_platform }} rust:1.92.0
          docker pull --platform ${{ matrix.docker_platform }} debian:stable-slim

      - name: Build and push image
        uses: useblacksmith/build-push-action@v2
        with:
          context: .
          file: rust/Dockerfile
          target: cli
          platforms: ${{ matrix.docker_platform }}
          push: ${{ inputs.push }}
          build-args: |
            RELEASE_MODE=1
          tags: ${{ steps.tags.outputs.tags }}
    outputs:
      ghcr_tag_amd64:      ${{ steps.tags.outputs.ghcr_tag_amd64 }}
      ghcr_tag_arm64:      ${{ steps.tags.outputs.ghcr_tag_arm64 }}
      dockerhub_tag_amd64: ${{ steps.tags.outputs.dockerhub_tag_amd64 }}
      dockerhub_tag_arm64: ${{ steps.tags.outputs.dockerhub_tag_arm64 }}

  merge:
    name: Merge platform manifests
    runs-on: blacksmith-4vcpu-ubuntu-2404
    if: ${{ inputs.push == true }}
    needs:
      - build
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Docker
        uses: ./.github/actions/docker
        with:
          ghcr-username: ${{ github.actor }}
          ghcr-password: ${{ secrets.GITHUB_TOKEN }}
          dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
          dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Create and push manifest
        shell: bash
        run: |
          set -euo pipefail

          # Pull the per-arch tags from job-level outputs
          ghcr_amd64='${{ needs.build.outputs.ghcr_tag_amd64 }}'
          ghcr_arm64='${{ needs.build.outputs.ghcr_tag_arm64 }}'
          dhub_amd64='${{ needs.build.outputs.dockerhub_tag_amd64 }}'
          dhub_arm64='${{ needs.build.outputs.dockerhub_tag_arm64 }}'

          base_tag='${{ inputs.tag }}'
          ghcr_base="${{ env.GHCR_IMAGE_NAME }}:${base_tag}"
          dhub_base="${{ env.DOCKERHUB_IMAGE_NAME }}:${base_tag}"

          docker buildx imagetools create --tag "$ghcr_base" $ghcr_amd64 $ghcr_arm64
          docker buildx imagetools create --tag "$dhub_base"  $dhub_amd64 $dhub_arm64

          if [[ "${{ inputs.tag_as_latest }}" == "true" ]]; then
            docker buildx imagetools create --tag "${{ env.GHCR_IMAGE_NAME }}:latest"  $ghcr_amd64 $ghcr_arm64
            docker buildx imagetools create --tag "${{ env.DOCKERHUB_IMAGE_NAME }}:latest" $dhub_amd64 $dhub_arm64
          fi

      - name: Inspect image
        run: |
          docker buildx imagetools inspect ${{ env.GHCR_IMAGE_NAME }}:${{ inputs.tag }}
          docker buildx imagetools inspect ${{ env.DOCKERHUB_IMAGE_NAME }}:${{ inputs.tag }}