Apply suggestion from @kirkrodrigues #43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) Facebook, Inc. and its affiliates. | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| name: Build Velox Builder Image | |
| on: | |
| # Called by other workflows (e.g., linux-build-base.yml) to get the builder image | |
| workflow_call: | |
| outputs: | |
| image-tag: | |
| description: Fully qualified Docker image tag (ghcr.io/owner/repo/image:hash) | |
| value: ${{ jobs.builder-image.outputs.image-tag }} | |
| # Allow manual trigger via GitHub Actions UI for rebuilding the image on-demand | |
| workflow_dispatch: {} | |
| # Automatically rebuild image when dependency installation scripts change | |
| push: | |
| paths: | |
| - scripts/** | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| builder-image: | |
| name: Build and publish builder image | |
| runs-on: [self-hosted, cores=32] | |
| outputs: | |
| # This output is used by calling workflows to get the image tag | |
| image-tag: ${{ steps.image-tag.outputs.tag }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Calculate dependency hash | |
| id: deps-hash | |
| run: | | |
| # Use hashFiles for deterministic hashing of dependency files | |
| # Only hash scripts/** to avoid rebuilding when workflow logic changes | |
| HASH="${{ hashFiles('scripts/**') }}" | |
| # Take first 12 characters for shorter tag (e.g., "a1b2c3d4e5f6") | |
| SHORT_HASH="${HASH:0:12}" | |
| echo "hash=${SHORT_HASH}" >> "$GITHUB_OUTPUT" | |
| echo "Dependency hash: ${SHORT_HASH}" | |
| - name: Set image tag | |
| id: image-tag | |
| env: | |
| DEPS_HASH: ${{ steps.deps-hash.outputs.hash }} | |
| run: | | |
| # GHCR requires lowercase repository names (owner/repo) | |
| # Example: "y-scope/velox" -> "y-scope/velox" | |
| REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') | |
| # Final tag format: ghcr.io/y-scope/velox/y-scope-velox-builder:a1b2c3d4e5f6 | |
| TAG="ghcr.io/${REPO_LOWER}/y-scope-velox-builder:${DEPS_HASH}" | |
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | |
| echo "Image tag: ${TAG}" | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check if image exists | |
| id: check-image | |
| continue-on-error: true | |
| env: | |
| IMAGE_TAG: ${{ steps.image-tag.outputs.tag }} | |
| run: | | |
| # Use docker manifest inspect to check remote registry without pulling | |
| # This is more efficient than docker pull for existence checks | |
| # If image with this hash already exists, we can skip the ~60min rebuild | |
| if docker manifest inspect "${IMAGE_TAG}" > /dev/null 2>&1; then | |
| echo "exists=true" >> "$GITHUB_OUTPUT" | |
| echo "Image already exists, skipping build" | |
| else | |
| echo "exists=false" >> "$GITHUB_OUTPUT" | |
| echo "Image does not exist, will build" | |
| fi | |
| # Only run the following steps if image doesn't exist (conditional on exists == 'false') | |
| # Docker Buildx is required for docker/build-push-action to build and push images | |
| # It provides advanced build features like multi-stage builds and efficient layer caching | |
| - name: Set up Docker Buildx | |
| if: steps.check-image.outputs.exists == 'false' | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push builder image | |
| if: steps.check-image.outputs.exists == 'false' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: scripts/docker/yscope-velox-builder.dockerfile | |
| push: true | |
| tags: ${{ steps.image-tag.outputs.tag }} |