From ae980c8fef372f2e30e01c1cfb4be3fe6f5a943f Mon Sep 17 00:00:00 2001 From: Maroon Ayoub Date: Sun, 18 May 2025 03:07:46 +0300 Subject: [PATCH 1/4] fix gha image build on merge --- .github/actions/docker-build-and-push/action.yml | 7 +------ .github/workflows/ci-merge.yaml | 2 ++ Dockerfile | 14 +++++++++++--- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/.github/actions/docker-build-and-push/action.yml b/.github/actions/docker-build-and-push/action.yml index c41bc3343..9d4d88522 100644 --- a/.github/actions/docker-build-and-push/action.yml +++ b/.github/actions/docker-build-and-push/action.yml @@ -33,16 +33,11 @@ runs: echo "Registry: ${{ inputs.registry }}" shell: bash - - name: Configure Git to use token for private modules - run: | - git config --global url."https://${{ inputs.kv-cache-manager-token }}@github.com/".insteadOf "https://github.com/" - go env -w GOPRIVATE=github.com/llm-d/* - shell: bash - - name: Build image run: | docker buildx build \ --platform linux/amd64 \ + --build-arg RUNNING_IN_GHA=true \ -t ${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.tag }} \ --push . shell: bash diff --git a/.github/workflows/ci-merge.yaml b/.github/workflows/ci-merge.yaml index 20008b8da..cae1da5f5 100644 --- a/.github/workflows/ci-merge.yaml +++ b/.github/workflows/ci-merge.yaml @@ -50,3 +50,5 @@ jobs: registry: ${{ steps.version.outputs.registry }} github-token: ${{ secrets.GHCR_TOKEN }} kv-cache-manager-token: ${{ secrets.KV_CACHE_MANAGER_TOKEN }} + secrets: | + kv_cache_manager_token=${{ secrets.KV_CACHE_MANAGER_TOKEN }} diff --git a/Dockerfile b/Dockerfile index 117a3876e..95cea6cd5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,9 +9,18 @@ RUN dnf install -y gcc-c++ libstdc++ libstdc++-devel clang && dnf clean all WORKDIR /workspace ## llm-d internal repos pull config +ARG RUNNING_IN_GHA ARG KV_CACHE_MANAGER_TOKEN -RUN git config --global url."https://${KV_CACHE_MANAGER_TOKEN}@github.com/".insteadOf "https://github.com/" -ENV GOPRIVATE=github.com/llm-d/* + +RUN --mount=type=secret,id=kv_cache_manager_token \ + if [ "${RUNNING_IN_GHA}" = "true" ]; then \ + KV_CACHE_MANAGER_TOKEN=$(cat /run/secrets/kv_cache_manager_token) && \ + git config --global url."https://${KV_CACHE_MANAGER_TOKEN}@github.com/".insteadOf "https://github.com/" && \ + go env -w GOPRIVATE=github.com/llm-d/*; \ + else \ + git config --global url."https://${KV_CACHE_MANAGER_TOKEN}@github.com/".insteadOf "https://github.com/" && \ + export GOPRIVATE=github.com/llm-d/*; \ + fi # Copy the Go Modules manifests COPY go.mod go.mod @@ -36,7 +45,6 @@ ENV CGO_ENABLED=1 ENV GOOS=${TARGETOS:-linux} ENV GOARCH=${TARGETARCH} RUN go build -a -o bin/epp -ldflags="-extldflags '-L$(pwd)/lib'" cmd/epp/main.go cmd/epp/health.go -RUN rm -rf ~/.netrc # remove git token # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details From 9dc5599464413d00b859837e3a749c347fb09e57 Mon Sep 17 00:00:00 2001 From: Maroon Ayoub Date: Sun, 18 May 2025 03:52:10 +0300 Subject: [PATCH 2/4] fix gha image build and push on CI-push --- .../actions/docker-build-and-push/action.yml | 11 ++++---- .github/actions/push-image/action.yml | 16 ------------ .../workflows/{ci-merge.yaml => ci-push.yaml} | 26 +++++++++---------- .github/workflows/ci-release.yaml | 1 + Dockerfile | 13 ++-------- 5 files changed, 21 insertions(+), 46 deletions(-) delete mode 100644 .github/actions/push-image/action.yml rename .github/workflows/{ci-merge.yaml => ci-push.yaml} (60%) diff --git a/.github/actions/docker-build-and-push/action.yml b/.github/actions/docker-build-and-push/action.yml index 9d4d88522..928c808ab 100644 --- a/.github/actions/docker-build-and-push/action.yml +++ b/.github/actions/docker-build-and-push/action.yml @@ -12,7 +12,7 @@ inputs: description: GitHub token for login kv-cache-manager-token: required: true - description: Token for llm-d-kv-cache-manager private module + description: KV Cache Manager llm-d repo token registry: required: true description: Container registry (e.g., ghcr.io/llm-d) @@ -33,11 +33,12 @@ runs: echo "Registry: ${{ inputs.registry }}" shell: bash - - name: Build image + - name: Build image and push run: | docker buildx build \ --platform linux/amd64 \ - --build-arg RUNNING_IN_GHA=true \ + --build-arg KV_CACHE_MANAGER_TOKEN=${{ inputs.kv-cache-manager-token }} \ -t ${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.tag }} \ - --push . - shell: bash + --push . && \ + docker push ${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.tag }} + shell: bash \ No newline at end of file diff --git a/.github/actions/push-image/action.yml b/.github/actions/push-image/action.yml deleted file mode 100644 index ebbe635b7..000000000 --- a/.github/actions/push-image/action.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Push Docker Image -description: Push built image to container registry -inputs: - image-name: - required: true - tag: - required: true - registry: - required: true -runs: - using: "composite" - steps: - - name: Push image - run: | - docker push ${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.tag }} - shell: bash diff --git a/.github/workflows/ci-merge.yaml b/.github/workflows/ci-push.yaml similarity index 60% rename from .github/workflows/ci-merge.yaml rename to .github/workflows/ci-push.yaml index cae1da5f5..9164a5f96 100644 --- a/.github/workflows/ci-merge.yaml +++ b/.github/workflows/ci-push.yaml @@ -1,4 +1,4 @@ -name: CI - Merge - Docker Container Image +name: CI - Push on: push: @@ -20,35 +20,33 @@ jobs: - name: Load version information id: version run: | + repo="${GITHUB_REPOSITORY##*/}" VERSION_FILE=".version.json" dev_version=$(jq -r '.["dev-version"]' "$VERSION_FILE") - dev_registry=$(jq -r '.["dev-registry"]' "$VERSION_FILE") prod_version=$(jq -r '.["prod-version"]' "$VERSION_FILE") - prod_registry=$(jq -r '.["prod-registry"]' "$VERSION_FILE") + if [[ "${GITHUB_REF_NAME}" == "dev" ]]; then echo "tag=$dev_version" >> "$GITHUB_OUTPUT" - echo "registry=$dev_registry" >> "$GITHUB_OUTPUT" + echo "project_name=$repo-dev" >> "$GITHUB_OUTPUT" elif [[ "${GITHUB_REF_NAME}" == "main" ]]; then echo "tag=$prod_version" >> "$GITHUB_OUTPUT" - echo "registry=$prod_registry" >> "$GITHUB_OUTPUT" + echo "project_name=$repo" >> "$GITHUB_OUTPUT" else echo "tag=$dev_version" >> "$GITHUB_OUTPUT" - echo "registry=$dev_registry" >> "$GITHUB_OUTPUT" + echo "project_name=$repo-dev" >> "$GITHUB_OUTPUT" fi shell: bash - - name: Print version and registry + - name: Print project name and tag run: | - echo "Tag: ${{ steps.version.outputs.tag }}" - echo "Registry: ${{ steps.version.outputs.registry }}" + echo "Project is ${{ steps.version.outputs.project_name }}" + echo "Tag is ${{ steps.version.outputs.tag }}" - name: Build and push image uses: ./.github/actions/docker-build-and-push with: tag: ${{ steps.version.outputs.tag }} - image-name: llm-d-inference-scheduler - registry: ${{ steps.version.outputs.registry }} + image-name: ${{ steps.version.outputs.project_name }} + registry: ghcr.io/llm-d github-token: ${{ secrets.GHCR_TOKEN }} - kv-cache-manager-token: ${{ secrets.KV_CACHE_MANAGER_TOKEN }} - secrets: | - kv_cache_manager_token=${{ secrets.KV_CACHE_MANAGER_TOKEN }} + kv-cache-manager-token: ${{ secrets.KV_CACHE_MANAGER_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml index 757b26302..41bb045d2 100644 --- a/.github/workflows/ci-release.yaml +++ b/.github/workflows/ci-release.yaml @@ -42,6 +42,7 @@ jobs: image-name: ${{ steps.version.outputs.project_name }} registry: ghcr.io/llm-d github-token: ${{ secrets.GHCR_TOKEN }} + kv-cache-manager-token: ${{ secrets.KV_CACHE_MANAGER_TOKEN }} - name: Run Trivy scan uses: ./.github/actions/trivy-scan diff --git a/Dockerfile b/Dockerfile index 95cea6cd5..fd7cfb655 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,18 +9,9 @@ RUN dnf install -y gcc-c++ libstdc++ libstdc++-devel clang && dnf clean all WORKDIR /workspace ## llm-d internal repos pull config -ARG RUNNING_IN_GHA ARG KV_CACHE_MANAGER_TOKEN - -RUN --mount=type=secret,id=kv_cache_manager_token \ - if [ "${RUNNING_IN_GHA}" = "true" ]; then \ - KV_CACHE_MANAGER_TOKEN=$(cat /run/secrets/kv_cache_manager_token) && \ - git config --global url."https://${KV_CACHE_MANAGER_TOKEN}@github.com/".insteadOf "https://github.com/" && \ - go env -w GOPRIVATE=github.com/llm-d/*; \ - else \ - git config --global url."https://${KV_CACHE_MANAGER_TOKEN}@github.com/".insteadOf "https://github.com/" && \ - export GOPRIVATE=github.com/llm-d/*; \ - fi +RUN git config --global url."https://${KV_CACHE_MANAGER_TOKEN}@github.com/".insteadOf "https://github.com/" +ENV GOPRIVATE=github.com/llm-d/* # Copy the Go Modules manifests COPY go.mod go.mod From abe3aed00bd08d0d922b532745f5fc21b7a7734d Mon Sep 17 00:00:00 2001 From: Maroon Ayoub Date: Sun, 18 May 2025 03:59:00 +0300 Subject: [PATCH 3/4] fix gha image push on CI-push --- .github/actions/docker-build-and-push/action.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/actions/docker-build-and-push/action.yml b/.github/actions/docker-build-and-push/action.yml index 928c808ab..3e0bb9afa 100644 --- a/.github/actions/docker-build-and-push/action.yml +++ b/.github/actions/docker-build-and-push/action.yml @@ -39,6 +39,5 @@ runs: --platform linux/amd64 \ --build-arg KV_CACHE_MANAGER_TOKEN=${{ inputs.kv-cache-manager-token }} \ -t ${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.tag }} \ - --push . && \ - docker push ${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.tag }} + --push . shell: bash \ No newline at end of file From a47d290d3ed3829c4bd187cd337b0f3fac6d5724 Mon Sep 17 00:00:00 2001 From: Maroon Ayoub Date: Sun, 18 May 2025 04:03:35 +0300 Subject: [PATCH 4/4] remove PR trigger from ci-push after testing --- .github/workflows/ci-push.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/ci-push.yaml b/.github/workflows/ci-push.yaml index 9164a5f96..22cd3c48d 100644 --- a/.github/workflows/ci-push.yaml +++ b/.github/workflows/ci-push.yaml @@ -5,10 +5,6 @@ on: branches: - dev - main - pull_request: # temporary trigger for testing in PRs - branches: - - dev - - main jobs: docker-build-and-push: