From 7f80fd8c0d4648b81fb1e6c11b26da1488e4f0b6 Mon Sep 17 00:00:00 2001 From: Dmitrii Suchkov Date: Mon, 3 Nov 2025 09:48:43 +0000 Subject: [PATCH 1/2] Replace ECR publish from github with OIDC see https://bugtracker.codiodev.com/issue/codio-17213 --- .dockerignore | 16 +++++++ .github/workflows/release.yml | 84 ++++++++++++++++++++++++++--------- 2 files changed, 78 insertions(+), 22 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..9ca4082 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,16 @@ +.git +.github +Dockerfile + +.DS_Store +*.class +*.log +*~ + +# idea +.idea +.idea_modules +/.worksheet/ + +# Visual Studio Code +.vscode diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6571235..0a9e9c6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,49 +1,89 @@ -name: Deploy Docker +name: BricksLLM Docker Build on: [push] +env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + REPOSITORY_NAME: ${{ github.event.repository.name }} + ECR_REPOSITORY: codio/llm-proxy + +permissions: + contents: read + id-token: write + jobs: build-docker: - name: "Build docker" runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: actions/checkout@v5 with: - aws-access-key-id: ${{ secrets.ECR_UPLOADER_KEY }} - aws-secret-access-key: ${{ secrets.ECR_UPLOADER_SECRET }} - aws-region: us-east-1 + fetch-depth: 0 + + - name: Get Current Branch + id: get-branch + uses: codio/get-branch-name-github-action@v1 - name: Get Current Branch id: get-branch uses: codio/get-branch-name-github-action@v1 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@main + with: + aws-region: us-east-1 + role-to-assume: arn:aws:iam::878986216776:role/Github/GithubECRUploadRole_${{ env.REPOSITORY_NAME }} + role-session-name: GithubAction + - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Create and use a new builder instance + run: | + docker buildx create --name ga-builder --use + - name: Build release docker image - run: docker build -t temp_image --file ./Dockerfile.prod . + uses: docker/build-push-action@v5 + timeout-minutes: 20 if: github.ref == 'refs/heads/main' + with: + context: . + file: ./Dockerfile.prod + push: true + tags: | + ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ steps.get-branch.outputs.branch }} + builder: ga-builder + cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:cache + cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:cache - name: Build dev docker image - run: docker build -t temp_image --file ./Dockerfile.dev . + uses: docker/build-push-action@v5 + timeout-minutes: 20 if: github.ref != 'refs/heads/main' + with: + context: . + file: ./Dockerfile.dev + push: true + tags: | + ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ steps.get-branch.outputs.branch }} + builder: ga-builder + cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:cache + cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:cache - - name: Push docker image to Amazon ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: codio/llm-proxy - IMAGE_TAG: ${{ github.sha }} - BRANCH: ${{ steps.get-branch.outputs.branch }} - run: | - docker tag temp_image $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker tag temp_image $ECR_REGISTRY/$ECR_REPOSITORY:$BRANCH - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$BRANCH - name: Logout of Amazon ECR if: always() run: docker logout ${{ steps.login-ecr.outputs.registry }} + + - name: Slack + uses: codio/codio-slack-action@master + with: + slack_hook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + message: " for ${{ github.repository }} by ${{ github.actor }} has ${{ job.status }} on branch ${{ github.ref_name }}" + success: ${{ job.status }} + if: always() From bcb7c9df392725acaeb01568a0b455811ed1fb83 Mon Sep 17 00:00:00 2001 From: Dmitrii Suchkov Date: Mon, 3 Nov 2025 09:51:23 +0000 Subject: [PATCH 2/2] remove duplicate --- .github/workflows/release.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0a9e9c6..487cbf6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,10 +23,6 @@ jobs: id: get-branch uses: codio/get-branch-name-github-action@v1 - - name: Get Current Branch - id: get-branch - uses: codio/get-branch-name-github-action@v1 - - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@main with: