-
Notifications
You must be signed in to change notification settings - Fork 3
142 lines (133 loc) · 5.62 KB
/
Copy pathmain.yml
File metadata and controls
142 lines (133 loc) · 5.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# This requires
# vars.DOCKERHUB_USERNAME for the result image account
# secrets.DOCKERHUB_USERNAME for the account that pushes the image
# secrets.DOCKERHUB_TOKEN for the account password that pushes the image
name: Docker
on:
push:
branches:
- main
paths-ignore:
- 'torch-wheel.Dockerfile'
- '.github/workflows/torch-wheel.yml'
- 'torchvision-wheel.Dockerfile'
- '.github/workflows/torchvision-wheel.yml'
# We want to monthly update the base image for security
# TODO Can we avoid building the same image?
schedule:
# min hour dom month dow
- cron: '42 3 2 * *'
workflow_dispatch:
permissions:
contents: write # For the tag creation
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
include:
# Check torch + torchvision compatibility from https://github.com/pytorch/vision?tab=readme-ov-file#installation
- torch: '2.3.1'
torch-wheel-tag: '2.3.1'
torchvision: '0.18.1'
python: '3.11.9-slim'
platforms: linux/amd64,linux/arm64
constraints: constraints-2.3.1.txt
- torch: '2.3.1'
torch-wheel-tag: '2.3.1'
torchvision: '0.18.1'
python: '3.11.10'
platforms: linux/amd64,linux/arm64
constraints: constraints-2.3.1.txt
- torch: '2.3.1'
torch-wheel-tag: '2.3.1'
torchvision: '0.18.1'
python: '3.11.10-slim'
platforms: linux/amd64,linux/arm64
constraints: constraints-2.3.1.txt
- torch: '2.3.1+cpu'
torch-wheel-tag: '2.3.1'
python: '3.11.10'
extra-index-url: 'https://download.pytorch.org/whl/cpu'
platforms: linux/amd64
constraints: constraints-2.3.1.txt
steps:
- id: created
run: echo "created=$(date --utc +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
- name: Log in to Docker Hub
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
if: github.ref == 'refs/heads/main'
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build Tag
id: build-tag
# Tags have limited set of valid character, '+' not included
# https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pulling-manifests
run: |
echo "tag=$(echo -n "${{ matrix.torch }}-${{ matrix.python }}" | tr -c 'a-zA-Z0-9._-' '[-*]')" >> $GITHUB_OUTPUT
- uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
context: .
push: ${{ github.ref == 'refs/heads/main' }}
build-args: |
CREATED=${{ steps.created.outputs.created }}
SOURCE_COMMIT=${{ github.sha }}
PYTHON=${{ matrix.python }}
TORCH=${{ matrix.torch }}
TORCH_REQUIREMENT=${{ matrix.url || format('torch=={0}', matrix.torch) }}
TORCH_WHEEL_SOURCE=${{ matrix.torch-wheel-tag && format('{0}/torch-wheels:{1}', vars.DOCKERHUB_USERNAME, matrix.torch-wheel-tag) || 'scratch'}}
TORCHVISION_WHEEL_SOURCE=${{ matrix.torchvision && format('{0}/torchvision-wheels:{1}', vars.DOCKERHUB_USERNAME, matrix.torchvision) || 'scratch'}}
EXTRA_INDEX_URL=${{ matrix.extra-index-url }}
${{ matrix.constraints && format('CONSTRAINTS={0}', matrix.constraints) || '' }}
# TODO add the latest tag, maybe somehow via docker/metadata-action
tags: |
${{ vars.DOCKERHUB_USERNAME }}/python-torch:${{ steps.build-tag.outputs.tag }}
# https://docs.docker.com/build/ci/github-actions/cache/
cache-from: type=gha,scope=${{ matrix.torch }}-${{ matrix.python }}
cache-to: type=gha,scope=${{ matrix.torch }}-${{ matrix.python }},mode=max
platforms: ${{ matrix.platforms || 'linux/amd64,linux/arm64' }}
# With org.opencontainers.image.source pointing to this repository Dockerfile FROM updates in pull requests can be scanned
# if the commits have matching tags with the image.
# https://github.blog/changelog/2023-04-13-dependabot-now-supports-fetching-release-notes-and-changelogs-for-docker-images/
# https://octokit.github.io/rest.js/v19#git-create-ref
# https://octokit.github.io/rest.js/v19#git-update-ref
- name: Tag the commit or update tag
if: github.ref == 'refs/heads/main'
uses: actions/github-script@v7
with:
script: |
try {
await github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'refs/tags/${{ steps.build-tag.outputs.tag }}',
sha: context.sha,
});
} catch(e) {
if (e.status === 422) {
await github.rest.git.updateRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'tags/${{ steps.build-tag.outputs.tag }}',
sha: context.sha,
force: true,
});
}
}
# Can not use Personal Access Token to update the README. Returns FORBIDDEN.
describe:
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Docker Hub Description
uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
repository: ${{ vars.DOCKERHUB_USERNAME }}/python-torch