From 20de9946560bf03a3b66bfb0347ca55d3af4133d Mon Sep 17 00:00:00 2001 From: "fangyaozheng@bytedance.com" Date: Thu, 4 Sep 2025 13:51:41 +0800 Subject: [PATCH 1/5] feat(deploy): build base veadk-python image --- .../workflows/push-preview-image-to-vecr.yaml | 65 +++++++++++++++++ .../workflows/push-stable-image-to-vecr.yaml | 70 +++++++++++++++++++ docker/Dockerfile.preview | 20 ++++++ docker/Dockerfile.stable | 22 ++++++ 4 files changed, 177 insertions(+) create mode 100644 .github/workflows/push-preview-image-to-vecr.yaml create mode 100644 .github/workflows/push-stable-image-to-vecr.yaml create mode 100644 docker/Dockerfile.preview create mode 100644 docker/Dockerfile.stable diff --git a/.github/workflows/push-preview-image-to-vecr.yaml b/.github/workflows/push-preview-image-to-vecr.yaml new file mode 100644 index 00000000..419aa335 --- /dev/null +++ b/.github/workflows/push-preview-image-to-vecr.yaml @@ -0,0 +1,65 @@ +# Copyright (c) 2025 Beijing Volcano Engine Technology Co., Ltd. and/or its affiliates. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Push Preview Image to Volcengine Container Registry + +on: + push: + branches: + - main + workflow_dispatch: + +jobs: + build-and-push: + runs-on: ubuntu-latest + + # To avoid forked repo execute this workflow + if: github.repository == 'volcengine/veadk-python' + + # Set global environments + env: + CR_URL: veadk-cn-beijing.cr.volces.com + CR_NAMESPACE: veadk + CR_REPO: veadk-python + DOCKERFILE: docker/Dockerfile.preview + # veadk-python:preview + IMAGE_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:preview + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Volcengine Container Registry + run: | + echo "${{ secrets.VE_CR_PASSWORD }}" | \ + docker login veadk-cn-beijing.cr.volces.com \ + -u "${{ secrets.VE_CR_USERNAME }}" \ + --password-stdin + + # Specify a platform, as VeFaaS required `linux/amd64` + - name: Build and push + run: | + docker buildx build \ + --file $DOCKERFILE \ + --tag $IMAGE_TAG \ + --platform linux/amd64 \ + --push \ + --cache-from=type=gha \ + --cache-to=type=gha,mode=max \ + . \ No newline at end of file diff --git a/.github/workflows/push-stable-image-to-vecr.yaml b/.github/workflows/push-stable-image-to-vecr.yaml new file mode 100644 index 00000000..d2c3815e --- /dev/null +++ b/.github/workflows/push-stable-image-to-vecr.yaml @@ -0,0 +1,70 @@ +# Copyright (c) 2025 Beijing Volcano Engine Technology Co., Ltd. and/or its affiliates. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Push Stable Image to Volcengine Container Registry + +on: + push: + # Trigger only when creating tags + tags: + - '*' + workflow_dispatch: + +jobs: + build-and-push: + runs-on: ubuntu-latest + + # To avoid forked repo execute this workflow + if: github.repository == 'volcengine/veadk-python' + + # Set global environments + env: + CR_URL: veadk-cn-beijing.cr.volces.com + CR_NAMESPACE: veadk + CR_REPO: veadk-python + DOCKERFILE: docker/Dockerfile.stable + # veadk-python:latest + LATEST_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:latest + # veadk-python:x.x.x + VERSION_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:${{ github.ref_name }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Volcengine Container Registry + run: | + echo "${{ secrets.VE_CR_PASSWORD }}" | \ + docker login veadk-cn-beijing.cr.volces.com \ + -u "${{ secrets.VE_CR_USERNAME }}" \ + --password-stdin + + # Specify a platform, as VeFaaS required `linux/amd64` + # push 2 tags (x.x.x and latest) in one push + - name: Build and push + run: | + docker buildx build \ + --file $DOCKERFILE \ + --tag $VERSION_TAG \ + --tag $LATEST_TAG \ + --platform linux/amd64 \ + --push \ + --cache-from=type=gha \ + --cache-to=type=gha,mode=max \ + . \ No newline at end of file diff --git a/docker/Dockerfile.preview b/docker/Dockerfile.preview new file mode 100644 index 00000000..e0ead7a1 --- /dev/null +++ b/docker/Dockerfile.preview @@ -0,0 +1,20 @@ +# Copyright (c) 2025 Beijing Volcano Engine Technology Co., Ltd. and/or its affiliates. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM python:3.12 + +# Install git and install veadk-python via git +RUN apt-get install -y git && \ + pip3 install --no-cache-dir git+https://github.com/volcengine/veadk-python.git && \ + apt-get clean && rm -rf /var/lib/apt/lists/* \ No newline at end of file diff --git a/docker/Dockerfile.stable b/docker/Dockerfile.stable new file mode 100644 index 00000000..0cb49951 --- /dev/null +++ b/docker/Dockerfile.stable @@ -0,0 +1,22 @@ +# Copyright (c) 2025 Beijing Volcano Engine Technology Co., Ltd. and/or its affiliates. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM python:3.12 + +# In order to avoid PyPI not update VeADK new package, +# we still use git code to build image here. +# TODO: use PyPI source +RUN apt-get install -y git && \ + pip3 install --no-cache-dir git+https://github.com/volcengine/veadk-python.git && \ + apt-get clean && rm -rf /var/lib/apt/lists/* \ No newline at end of file From d012e462ae0caa0fe4e7dd8b76e4708de1e6ed10 Mon Sep 17 00:00:00 2001 From: "fangyaozheng@bytedance.com" Date: Thu, 4 Sep 2025 13:57:20 +0800 Subject: [PATCH 2/5] fix env combine --- .github/workflows/push-preview-image-to-vecr.yaml | 3 +-- .github/workflows/push-stable-image-to-vecr.yaml | 6 ++---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/push-preview-image-to-vecr.yaml b/.github/workflows/push-preview-image-to-vecr.yaml index 419aa335..f4fa222e 100644 --- a/.github/workflows/push-preview-image-to-vecr.yaml +++ b/.github/workflows/push-preview-image-to-vecr.yaml @@ -33,8 +33,6 @@ jobs: CR_NAMESPACE: veadk CR_REPO: veadk-python DOCKERFILE: docker/Dockerfile.preview - # veadk-python:preview - IMAGE_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:preview steps: - name: Checkout code @@ -55,6 +53,7 @@ jobs: # Specify a platform, as VeFaaS required `linux/amd64` - name: Build and push run: | + IMAGE_TAG=${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:preview docker buildx build \ --file $DOCKERFILE \ --tag $IMAGE_TAG \ diff --git a/.github/workflows/push-stable-image-to-vecr.yaml b/.github/workflows/push-stable-image-to-vecr.yaml index d2c3815e..b3c358b2 100644 --- a/.github/workflows/push-stable-image-to-vecr.yaml +++ b/.github/workflows/push-stable-image-to-vecr.yaml @@ -34,10 +34,6 @@ jobs: CR_NAMESPACE: veadk CR_REPO: veadk-python DOCKERFILE: docker/Dockerfile.stable - # veadk-python:latest - LATEST_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:latest - # veadk-python:x.x.x - VERSION_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:${{ github.ref_name }} steps: - name: Checkout code @@ -59,6 +55,8 @@ jobs: # push 2 tags (x.x.x and latest) in one push - name: Build and push run: | + LATEST_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:latest + VERSION_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:${{ github.ref_name }} docker buildx build \ --file $DOCKERFILE \ --tag $VERSION_TAG \ From abb451270eede80949253b3291c85dd379d2cb93 Mon Sep 17 00:00:00 2001 From: "fangyaozheng@bytedance.com" Date: Thu, 4 Sep 2025 15:45:19 +0800 Subject: [PATCH 3/5] fix env combine --- .github/workflows/push-preview-image-to-vecr.yaml | 2 +- .github/workflows/push-stable-image-to-vecr.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push-preview-image-to-vecr.yaml b/.github/workflows/push-preview-image-to-vecr.yaml index f4fa222e..3b35311b 100644 --- a/.github/workflows/push-preview-image-to-vecr.yaml +++ b/.github/workflows/push-preview-image-to-vecr.yaml @@ -53,7 +53,7 @@ jobs: # Specify a platform, as VeFaaS required `linux/amd64` - name: Build and push run: | - IMAGE_TAG=${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:preview + IMAGE_TAG=$CR_URL/$CR_NAMESPACE/$CR_REPO:preview docker buildx build \ --file $DOCKERFILE \ --tag $IMAGE_TAG \ diff --git a/.github/workflows/push-stable-image-to-vecr.yaml b/.github/workflows/push-stable-image-to-vecr.yaml index b3c358b2..6f4e276a 100644 --- a/.github/workflows/push-stable-image-to-vecr.yaml +++ b/.github/workflows/push-stable-image-to-vecr.yaml @@ -55,8 +55,8 @@ jobs: # push 2 tags (x.x.x and latest) in one push - name: Build and push run: | - LATEST_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:latest - VERSION_TAG: ${{ env.CR_URL }}/${{ env.CR_NAMESPACE }}/${{ env.CR_REPO }}:${{ github.ref_name }} + LATEST_TAG=$CR_URL/$CR_NAMESPACE/$CR_REPO:latest + VERSION_TAG=$CR_URL/$CR_NAMESPACE/$CR_REPO:$GITHUB_REF_NAME docker buildx build \ --file $DOCKERFILE \ --tag $VERSION_TAG \ From c2f8c2ffbddcad183afe1bbcb50de0c67d0dbcb7 Mon Sep 17 00:00:00 2001 From: "fangyaozheng@bytedance.com" Date: Thu, 4 Sep 2025 15:48:15 +0800 Subject: [PATCH 4/5] add permissions --- .github/workflows/push-preview-image-to-vecr.yaml | 4 ++++ .github/workflows/push-stable-image-to-vecr.yaml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/push-preview-image-to-vecr.yaml b/.github/workflows/push-preview-image-to-vecr.yaml index 3b35311b..3538e346 100644 --- a/.github/workflows/push-preview-image-to-vecr.yaml +++ b/.github/workflows/push-preview-image-to-vecr.yaml @@ -14,6 +14,10 @@ name: Push Preview Image to Volcengine Container Registry + +permissions: + contents: read + on: push: branches: diff --git a/.github/workflows/push-stable-image-to-vecr.yaml b/.github/workflows/push-stable-image-to-vecr.yaml index 6f4e276a..a30e1b65 100644 --- a/.github/workflows/push-stable-image-to-vecr.yaml +++ b/.github/workflows/push-stable-image-to-vecr.yaml @@ -24,6 +24,8 @@ on: jobs: build-and-push: runs-on: ubuntu-latest + permissions: + contents: read # To avoid forked repo execute this workflow if: github.repository == 'volcengine/veadk-python' From 0d338bc7b3402a2bb52ea50cb6b188ddfc3b4da4 Mon Sep 17 00:00:00 2001 From: "fangyaozheng@bytedance.com" Date: Thu, 4 Sep 2025 16:02:56 +0800 Subject: [PATCH 5/5] fix typo --- .github/workflows/push-preview-image-to-vecr.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/push-preview-image-to-vecr.yaml b/.github/workflows/push-preview-image-to-vecr.yaml index 3538e346..fec65e14 100644 --- a/.github/workflows/push-preview-image-to-vecr.yaml +++ b/.github/workflows/push-preview-image-to-vecr.yaml @@ -14,7 +14,6 @@ name: Push Preview Image to Volcengine Container Registry - permissions: contents: read