diff --git a/.github/workflows/docker-build-push-backend-container-on-tag.yml b/.github/workflows/docker-build-push-backend-container-on-tag.yml index d31738b3ec7..634bba7151c 100644 --- a/.github/workflows/docker-build-push-backend-container-on-tag.yml +++ b/.github/workflows/docker-build-push-backend-container-on-tag.yml @@ -6,27 +6,25 @@ on: - '*' env: - REGISTRY_NAME: ghcr.io/stackhpc - REGISTRY_IMAGE: danswer/danswer-backend + REGISTRY_IMAGE: ghcr.io/stackhpc/danswer/danswer-backend jobs: build-and-push: - # TODO: make this a matrix build like the web containers - runs-on: - group: amd64-image-builders + runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Login to Docker Hub + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Backend Image Docker Build and Push uses: docker/build-push-action@v5 @@ -40,11 +38,13 @@ jobs: ${{ env.REGISTRY_IMAGE }}:latest build-args: | DANSWER_VERSION=${{ github.ref_name }} + cache-from: type=gha + cache-to: type=gha,mode=max - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: # To run locally: trivy image --severity HIGH,CRITICAL danswer/danswer-backend - image-ref: ${{ env.REGISTRY_NAME }}/${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }} + image-ref: ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }} severity: 'CRITICAL,HIGH' trivyignores: ./backend/.trivyignore diff --git a/.github/workflows/docker-build-push-model-server-container-on-tag.yml b/.github/workflows/docker-build-push-model-server-container-on-tag.yml index 134b77d43c2..e4352b4042c 100644 --- a/.github/workflows/docker-build-push-model-server-container-on-tag.yml +++ b/.github/workflows/docker-build-push-model-server-container-on-tag.yml @@ -5,23 +5,26 @@ on: tags: - '*' +env: + REGISTRY_IMAGE: ghcr.io/stackhpc/danswer/danswer-model-server + jobs: build-and-push: - runs-on: - group: amd64-image-builders + runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Login to Docker Hub + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Model Server Image Docker Build and Push uses: docker/build-push-action@v5 @@ -31,13 +34,15 @@ jobs: platforms: linux/amd64,linux/arm64 push: true tags: | - danswer/danswer-model-server:${{ github.ref_name }} - danswer/danswer-model-server:latest + ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }} + ${{ env.REGISTRY_IMAGE }}:latest build-args: | DANSWER_VERSION=${{ github.ref_name }} + cache-from: type=gha + cache-to: type=gha,mode=max - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: docker.io/danswer/danswer-model-server:${{ github.ref_name }} + image-ref: ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }} severity: 'CRITICAL,HIGH' diff --git a/.github/workflows/docker-build-push-web-container-on-tag.yml b/.github/workflows/docker-build-push-web-container-on-tag.yml index 0a97a01f7c8..13f59b7b8b4 100644 --- a/.github/workflows/docker-build-push-web-container-on-tag.yml +++ b/.github/workflows/docker-build-push-web-container-on-tag.yml @@ -6,28 +6,27 @@ on: - '*' env: - REGISTRY_IMAGE: danswer/danswer-web-server + REGISTRY_IMAGE: ghcr.io/stackhpc/danswer/danswer-web-server jobs: build: - runs-on: - group: ${{ matrix.platform == 'linux/amd64' && 'amd64-image-builders' || 'arm64-image-builders' }} + runs-on: ubuntu-latest strategy: fail-fast: false matrix: platform: - linux/amd64 - - linux/arm64 + # - linux/arm64 steps: - name: Prepare run: | platform=${{ matrix.platform }} - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout uses: actions/checkout@v4 - + - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -36,16 +35,17 @@ jobs: tags: | type=raw,value=${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }} type=raw,value=${{ env.REGISTRY_IMAGE }}:latest - + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - - name: Login to Docker Hub + + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push by digest id: build uses: docker/build-push-action@v5 @@ -56,17 +56,17 @@ jobs: push: true build-args: | DANSWER_VERSION=${{ github.ref_name }} - # needed due to weird interactions with the builds for different platforms + # needed due to weird interactions with the builds for different platforms no-cache: true labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - + - name: Export digest run: | mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" - touch "/tmp/digests/${digest#sha256:}" - + touch "/tmp/digests/${digest#sha256:}" + - name: Upload digest uses: actions/upload-artifact@v4 with: @@ -86,28 +86,29 @@ jobs: path: /tmp/digests pattern: digests-* merge-multiple: true - + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - + - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY_IMAGE }} - - - name: Login to Docker Hub + + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Create manifest list and push working-directory: /tmp/digests run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) - + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + - name: Inspect image run: | docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} @@ -115,5 +116,5 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: docker.io/${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }} + image-ref: ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }} severity: 'CRITICAL,HIGH'