Skip to content

feat: CI/CD speed-up and cache improvements #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 24, 2025
Merged

feat: CI/CD speed-up and cache improvements #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6cfd977
refactor: enhance Dockerfile build flow
atyrode Apr 24, 2025
1bae5b8
feat: implement multi-architecture Docker build workflow
atyrode Apr 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
165 changes: 160 additions & 5 deletions .github/workflows/docker-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,20 +12,22 @@ env:
IMAGE_NAME: ${{ github.repository }}

jobs:
build-and-push:
# Job for AMD64 architecture - runs on all events
build-amd64:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
id: buildx

- name: Log in to the Container registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
Expand All @@ -44,14 +46,167 @@ jobs:
type=semver,pattern={{major}}.{{minor}}
type=sha,format=long

- name: Build and push Docker image
- name: Build and push AMD64 Docker image
id: build
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
tags: ${{ steps.meta.outputs.tags }}-amd64
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max
builder: ${{ steps.buildx.outputs.name }}
outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}

- name: Export AMD64 digest
if: github.event_name != 'pull_request'
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
echo "AMD64_DIGEST=${digest}" >> $GITHUB_ENV

- name: Upload AMD64 digest
if: github.event_name != 'pull_request'
uses: actions/upload-artifact@v4
with:
name: amd64-digest
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1

# Job for ARM64 architecture - only runs on main branch
build-arm64:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# Only run this job for pushes to main, not for PRs
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
id: buildx

- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha,format=long

- name: Build and push ARM64 Docker image
id: build
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}-arm64
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
platforms: linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
builder: ${{ steps.buildx.outputs.name }}
outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true

- name: Export ARM64 digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
echo "ARM64_DIGEST=${digest}" >> $GITHUB_ENV

- name: Upload ARM64 digest
uses: actions/upload-artifact@v4
with:
name: arm64-digest
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1

# Job to create multi-architecture manifest
create-manifest:
runs-on: ubuntu-latest
needs: [build-amd64, build-arm64]
# This job only runs if at least build-amd64 completed successfully
# build-arm64 might be skipped for PRs, so we don't require it
if: github.event_name != 'pull_request' && always() && needs.build-amd64.result == 'success'
permissions:
contents: read
packages: write
steps:
- name: Download AMD64 digest
uses: actions/download-artifact@v4
with:
name: amd64-digest
path: /tmp/digests/amd64

- name: Download ARM64 digest
# Only try to download ARM64 digest if the job ran
if: needs.build-arm64.result == 'success'
uses: actions/download-artifact@v4
with:
name: arm64-digest
path: /tmp/digests/arm64

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha,format=long

- name: Create manifest list and push
run: |
# Get the first tag from meta outputs
FIRST_TAG=$(echo "${{ steps.meta.outputs.tags }}" | cut -d, -f1)

# If ARM64 build was skipped, only use AMD64 digest
if [ "${{ needs.build-arm64.result }}" != "success" ]; then
AMD64_DIGEST=$(cat /tmp/digests/amd64/*)
docker buildx imagetools create \
--tag ${FIRST_TAG} \
${AMD64_DIGEST}
else
# Otherwise use both digests
AMD64_DIGEST=$(cat /tmp/digests/amd64/*)
ARM64_DIGEST=$(cat /tmp/digests/arm64/*)
docker buildx imagetools create \
--tag ${FIRST_TAG} \
${AMD64_DIGEST} ${ARM64_DIGEST}
fi

- name: Inspect image
run: |
FIRST_TAG=$(echo "${{ steps.meta.outputs.tags }}" | cut -d, -f1)
docker buildx imagetools inspect ${FIRST_TAG}
35 changes: 33 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,45 @@
# Frontend build stage
FROM node:20-slim as frontend-builder
WORKDIR /app/frontend

# Copy package files first to leverage layer caching
COPY src/frontend/package.json src/frontend/yarn.lock ./
RUN yarn install --frozen-lockfile

# Copy all frontend files
COPY src/frontend/ ./

# Build the frontend
RUN yarn build

# Backend stage
FROM python:3.11-slim
WORKDIR /app
COPY src/backend /app

# Copy requirements first to leverage layer caching
COPY src/backend/requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Install curl for healthcheck
RUN apt-get update && apt-get install -y --no-install-recommends curl && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

# Copy backend files
COPY src/backend .

# Copy built frontend from the frontend-builder stage
COPY --from=frontend-builder /app/frontend/dist /app/frontend/dist

CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
# Add healthcheck
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8000/ || exit 1

# Set environment variables
ENV PYTHONUNBUFFERED=1

# Document the port number the container will expose
EXPOSE 8000

# Run the application
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]