From fc1bd38ef1c9c6037230733806111889c6cb5092 Mon Sep 17 00:00:00 2001 From: Denis Date: Tue, 30 Jun 2026 11:33:07 +0100 Subject: [PATCH 1/6] Fix docker build --- .github/workflows/docker.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e15dc476..02418abb 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -7,7 +7,7 @@ name: Build and Push Docker Images on: push: - branches: [main] + branches: [main, test-build] tags: - 'v*.*.*' workflow_dispatch: @@ -169,7 +169,7 @@ jobs: BASE_IMAGE=${{ env.CUDA_BASE_IMAGE }} CHECKPOINTS_IMAGE=${{ steps.checkpoint-ref.outputs.image }} cache-from: type=registry,ref=${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_IMAGE_NAME }}:buildcache,mode=max + cache-to: type=registry,ref=${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_IMAGE_NAME }}:buildcache,mode=max,ignore-error=true provenance: false - name: Publish public image ref for Astera overlay @@ -229,7 +229,7 @@ jobs: build-args: | PIXI_WITH_CHECKPOINTS_IMAGE=${{ needs.public.outputs.image-ref }} cache-from: type=registry,ref=${{ env.ASTERA_REGISTRY }}/${{ env.ASTERA_IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.ASTERA_REGISTRY }}/${{ env.ASTERA_IMAGE_NAME }}:buildcache,mode=max + cache-to: type=registry,ref=${{ env.ASTERA_REGISTRY }}/${{ env.ASTERA_IMAGE_NAME }}:buildcache,mode=max,ignore-error=true provenance: false - name: Astera image digest From 1cab98548f1732f9a133fe3f4c213693ccdc0f53 Mon Sep 17 00:00:00 2001 From: Denis Date: Tue, 30 Jun 2026 14:00:49 +0100 Subject: [PATCH 2/6] Fix docker build --- .github/workflows/docker.yml | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 02418abb..fee1d722 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -108,7 +108,7 @@ jobs: permissions: contents: read outputs: - image-ref: ${{ steps.public-ref.outputs.image }} + image-digest: ${{ steps.public-build.outputs.digest }} steps: - name: Checkout code @@ -172,12 +172,6 @@ jobs: cache-to: type=registry,ref=${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_IMAGE_NAME }}:buildcache,mode=max,ignore-error=true provenance: false - - name: Publish public image ref for Astera overlay - id: public-ref - run: | - short_sha="${GITHUB_SHA:0:${DOCKER_METADATA_SHORT_SHA_LENGTH}}" - echo "image=${PUBLIC_REGISTRY}/${PUBLIC_IMAGE_NAME}:sha-${short_sha}" >> "$GITHUB_OUTPUT" - - name: Public image digest run: echo "Public image pushed with digest ${{ steps.public-build.outputs.digest }}" @@ -216,6 +210,21 @@ jobs: type=semver,pattern={{version}} type=semver,pattern=v{{version}} + - name: Resolve public image input + id: public-ref + env: + PUBLIC_IMAGE_DIGEST: ${{ needs.public.outputs.image-digest }} + run: | + if [ -z "${PUBLIC_IMAGE_DIGEST}" ]; then + echo "public job did not produce an image digest." + exit 1 + fi + if [ "${PUBLIC_IMAGE_DIGEST}" = "${PUBLIC_IMAGE_DIGEST#sha256:}" ]; then + echo "public job produced a non-sha256 digest: ${PUBLIC_IMAGE_DIGEST}" + exit 1 + fi + echo "image=${PUBLIC_REGISTRY}/${PUBLIC_IMAGE_NAME}@${PUBLIC_IMAGE_DIGEST}" >> "$GITHUB_OUTPUT" + - name: Build and push Astera image id: astera-build uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7 @@ -227,7 +236,7 @@ jobs: tags: ${{ steps.astera-meta.outputs.tags }} labels: ${{ steps.astera-meta.outputs.labels }} build-args: | - PIXI_WITH_CHECKPOINTS_IMAGE=${{ needs.public.outputs.image-ref }} + PIXI_WITH_CHECKPOINTS_IMAGE=${{ steps.public-ref.outputs.image }} cache-from: type=registry,ref=${{ env.ASTERA_REGISTRY }}/${{ env.ASTERA_IMAGE_NAME }}:buildcache cache-to: type=registry,ref=${{ env.ASTERA_REGISTRY }}/${{ env.ASTERA_IMAGE_NAME }}:buildcache,mode=max,ignore-error=true provenance: false From 3cadcecc700a9b3f444f827d1382492b115a19a7 Mon Sep 17 00:00:00 2001 From: Denis Date: Tue, 30 Jun 2026 14:08:44 +0100 Subject: [PATCH 3/6] Fix docker build --- .github/workflows/docker.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fee1d722..c1a16826 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -210,8 +210,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern=v{{version}} - - name: Resolve public image input - id: public-ref + - name: Validate public image digest env: PUBLIC_IMAGE_DIGEST: ${{ needs.public.outputs.image-digest }} run: | @@ -223,7 +222,6 @@ jobs: echo "public job produced a non-sha256 digest: ${PUBLIC_IMAGE_DIGEST}" exit 1 fi - echo "image=${PUBLIC_REGISTRY}/${PUBLIC_IMAGE_NAME}@${PUBLIC_IMAGE_DIGEST}" >> "$GITHUB_OUTPUT" - name: Build and push Astera image id: astera-build @@ -236,7 +234,7 @@ jobs: tags: ${{ steps.astera-meta.outputs.tags }} labels: ${{ steps.astera-meta.outputs.labels }} build-args: | - PIXI_WITH_CHECKPOINTS_IMAGE=${{ steps.public-ref.outputs.image }} + PIXI_WITH_CHECKPOINTS_IMAGE=${{ env.PUBLIC_REGISTRY }}/${{ env.PUBLIC_IMAGE_NAME }}@${{ needs.public.outputs.image-digest }} cache-from: type=registry,ref=${{ env.ASTERA_REGISTRY }}/${{ env.ASTERA_IMAGE_NAME }}:buildcache cache-to: type=registry,ref=${{ env.ASTERA_REGISTRY }}/${{ env.ASTERA_IMAGE_NAME }}:buildcache,mode=max,ignore-error=true provenance: false From f8c9771d11d65edc26a6e773f166ffec939bcad5 Mon Sep 17 00:00:00 2001 From: Denis Date: Tue, 30 Jun 2026 14:15:13 +0100 Subject: [PATCH 4/6] Fix docker build --- .github/workflows/docker.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c1a16826..87cf646e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -198,6 +198,13 @@ jobs: username: ${{ secrets.HARBOR_USERNAME }} password: ${{ secrets.HARBOR_PASSWORD }} + - name: Login to public registry + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 + with: + registry: ${{ env.PUBLIC_REGISTRY }} + username: ${{ secrets.SAMPLEWORKS_PUBLIC_REGISTRY_USERNAME || secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.SAMPLEWORKS_PUBLIC_REGISTRY_PASSWORD || secrets.DOCKERHUB_TOKEN }} + - name: Docker metadata for Astera image id: astera-meta uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6 From 3312ca054683e43b522a0919dd5a3e4bf549f3ec Mon Sep 17 00:00:00 2001 From: Denis Date: Tue, 30 Jun 2026 16:38:57 +0100 Subject: [PATCH 5/6] Fix docker build --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 87cf646e..c799383f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -7,7 +7,7 @@ name: Build and Push Docker Images on: push: - branches: [main, test-build] + branches: [main] tags: - 'v*.*.*' workflow_dispatch: From 19423b8132967f9fcf74f29c42714d2f688e7039 Mon Sep 17 00:00:00 2001 From: Denis Date: Tue, 30 Jun 2026 17:21:01 +0100 Subject: [PATCH 6/6] Fix pixi build --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a271259a..a5cbdc6b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,6 +35,9 @@ concurrency: group: ci-${{ github.ref }} cancel-in-progress: true +env: + CONDA_OVERRIDE_CUDA: "12" + jobs: lint: runs-on: ubuntu-latest