dimos/.github/workflows/_docker-build-template.yml at 5d14ce9a23e9bb9608fcc39b320feed4e7d80795 · dimensionalOS/dimos · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: docker-build-template
on:
  workflow_call:
    inputs:
      from-image:  { type: string, required: true }
      to-image:    { type: string, required: true }
      dockerfile:  { type: string, required: true }
      freespace:   { type: boolean, default: true }
      should-run:  { type: boolean, default: false }
      context:     { type: string, default: '.' }

# you can run this locally as well via
# ./bin/dockerbuild [image-name]
jobs:
  build:
    runs-on: [self-hosted, Linux]
    permissions:
      contents: read
      packages: write

    steps:
      - name: Fix permissions
        if: ${{ inputs.should-run }}
        run: |
          sudo chown -R $USER:$USER ${{ github.workspace }} || true

      - uses: actions/checkout@v4
        if: ${{ inputs.should-run }}
        with:
          fetch-depth: 0

      - name: free up disk space
        # explicitly enable this for large builds
        if: ${{ inputs.should-run && inputs.freespace }}
        run: |
          echo -e "pre cleanup space:\n $(df -h)"
          sudo rm -rf /opt/ghc
          sudo rm -rf /usr/share/dotnet
          sudo rm -rf /usr/local/share/boost
          sudo rm -rf /usr/local/lib/android

          echo "=== Cleaning images from deleted branches ==="

          # Get list of all remote branches
          git ls-remote --heads origin | awk '{print $2}' | sed 's|refs/heads/||' > /tmp/active_branches.txt

          # Check each docker image tag against branch list
          docker images --format "{{.Repository}}:{{.Tag}}|{{.ID}}" | \
          grep "ghcr.io/dimensionalos" | \
          grep -v ":<none>" | \
          while IFS='|' read image_ref id; do
            tag=$(echo "$image_ref" | cut -d: -f2)

            # Skip if tag matches an active branch
            if grep -qx "$tag" /tmp/active_branches.txt; then
              echo "Branch exists: $tag - keeping $image_ref"
            else
              echo "Branch deleted: $tag - removing $image_ref"
              docker rmi "$id" 2>/dev/null || true
            fi
          done

          rm -f /tmp/active_branches.txt

          USAGE=$(df / | awk 'NR==2 {print $5}' | sed 's/%//')
          echo "Pre-docker-cleanup disk usage: ${USAGE}%"

          if [ $USAGE -gt 60 ]; then
            echo "=== Running quick cleanup (usage > 60%) ==="

            # Keep newest image per tag
            docker images --format "{{.Repository}}|{{.Tag}}|{{.ID}}" | \
            grep "ghcr.io/dimensionalos" | \
            grep -v "<none>" | \
            while IFS='|' read repo tag id; do
              created_ts=$(docker inspect -f '{{.Created}}' "$id" 2>/dev/null)
              created_unix=$(date -d "$created_ts" +%s 2>/dev/null || echo "0")
              echo "${repo}|${tag}|${id}|${created_unix}"
            done | sort -t'|' -k1,1 -k2,2 -k4,4nr | \
            awk -F'|' '
            {
              repo=$1; tag=$2; id=$3
              repo_tag = repo ":" tag

              # Skip protected tags
              if (tag ~ /^(main|dev|latest)$/) next

              # Keep newest per tag, remove older duplicates
              if (!(repo_tag in seen_combos)) {
                seen_combos[repo_tag] = 1
              } else {
                system("docker rmi " id " 2>/dev/null || true")
              }
            }'

            docker image prune -f
            docker volume prune -f
          fi

          # Aggressive cleanup if still above 85%
          USAGE=$(df / | awk 'NR==2 {print $5}' | sed 's/%//')
          if [ $USAGE -gt 85 ]; then
            echo "=== AGGRESSIVE cleanup (usage > 85%) - removing all except main/dev ==="

            # Remove ALL images except main and dev tags
            docker images --format "{{.Repository}}:{{.Tag}} {{.ID}}" | \
            grep -E "ghcr.io/dimensionalos" | \
            grep -vE ":(main|dev)$" | \
            awk '{print $2}' | xargs -r docker rmi -f || true

            docker container prune -f
            docker volume prune -a -f
            docker network prune -f
            docker image prune -f
          fi

          echo -e "post cleanup space:\n $(df -h)"

      - uses: docker/login-action@v3
        if: ${{ inputs.should-run }}
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # required for github cache of docker layers
      - uses: crazy-max/ghaction-github-runtime@v3
        if: ${{ inputs.should-run }}

      # required for github cache of docker layers
      - uses: docker/setup-buildx-action@v3
        if: ${{ inputs.should-run }}
        with:
          driver: docker-container
          install: true
          use: true

      - uses: docker/build-push-action@v6
        if: ${{ inputs.should-run }}
        with:
          push: true
          context: ${{ inputs.context }}
          file:   docker/${{ inputs.dockerfile }}/Dockerfile
          tags:   ${{ inputs.to-image }}
          cache-from: type=gha,scope=${{ inputs.dockerfile }}
          cache-to:   type=gha,mode=max,scope=${{ inputs.dockerfile }}
          #cache-from: type=gha,scope=${{ inputs.dockerfile }}-${{ inputs.from-image }}
          #cache-to:   type=gha,mode=max,scope=${{ inputs.dockerfile }}-${{ inputs.from-image }}
          build-args: FROM_IMAGE=${{ inputs.from-image }}