Automate GHCR environment publishing
This commit is contained in:
parent
6406f673c1
commit
89d0cb93bf
5 changed files with 78 additions and 1 deletions
46
.github/workflows/publish-environments.yml
vendored
Normal file
46
.github/workflows/publish-environments.yml
vendored
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
name: Publish Environments
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
release:
|
||||
types:
|
||||
- published
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
|
||||
concurrency:
|
||||
group: publish-environments-${{ github.ref }}
|
||||
cancel-in-progress: false
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
runs-on: ubuntu-24.04
|
||||
env:
|
||||
UV_CACHE_DIR: .uv-cache
|
||||
OCI_REGISTRY_USERNAME: ${{ github.actor }}
|
||||
OCI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||
steps:
|
||||
- name: Check out source
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.12"
|
||||
|
||||
- name: Set up uv
|
||||
uses: astral-sh/setup-uv@v6
|
||||
|
||||
- name: Install project dependencies
|
||||
run: make setup
|
||||
|
||||
- name: Run project checks
|
||||
run: make check
|
||||
|
||||
- name: Build real runtime inputs
|
||||
run: make runtime-materialize
|
||||
|
||||
- name: Publish official environments to GHCR
|
||||
run: make runtime-publish-official-environments-oci
|
||||
|
|
@ -18,6 +18,7 @@ This repository ships `pyro-mcp`, an MCP-compatible package for ephemeral VM lif
|
|||
- The packaged runtime images under `src/pyro_mcp/runtime_bundle/` are stored in Git LFS.
|
||||
- Use `make runtime-bundle` to regenerate the packaged runtime bundle from `runtime_sources/`.
|
||||
- Use `make runtime-materialize` to build real runtime inputs into `build/runtime_sources/`.
|
||||
- Use `make runtime-publish-official-environments-oci` after materialization to push the official OCI environments to their configured registry targets.
|
||||
- Use `make runtime-fetch-binaries`, `make runtime-build-kernel-real`, and `make runtime-build-rootfs-real` if you need to debug the real-source pipeline step by step.
|
||||
- Use `make runtime-boot-check` to run a direct Firecracker boot validation against the bundled runtime artifacts.
|
||||
- Use `make runtime-network-check` to validate outbound internet access from inside the guest.
|
||||
|
|
@ -30,6 +31,7 @@ This repository ships `pyro-mcp`, an MCP-compatible package for ephemeral VM lif
|
|||
- After heavy runtime work, reclaim local space with `rm -rf build` and `git lfs prune`.
|
||||
- The pre-migration `pre-lfs-*` tag is local backup material only; do not push it or it will keep the old giant blobs reachable.
|
||||
- Public contract documentation lives in `docs/public-contract.md`.
|
||||
- Official GHCR publication workflow lives in `.github/workflows/publish-environments.yml`.
|
||||
|
||||
## Quality Gates
|
||||
|
||||
|
|
|
|||
16
Makefile
16
Makefile
|
|
@ -10,8 +10,9 @@ RUNTIME_BUNDLE_DIR ?= src/pyro_mcp/runtime_bundle
|
|||
RUNTIME_MATERIALIZED_DIR ?= build/runtime_sources
|
||||
RUNTIME_OCI_LAYOUT_DIR ?= build/oci_layouts
|
||||
RUNTIME_ENVIRONMENT ?= debian:12-base
|
||||
RUNTIME_ENVIRONMENTS ?= debian:12-base debian:12 debian:12-build
|
||||
|
||||
.PHONY: help setup lint format typecheck test check dist-check demo network-demo doctor ollama ollama-demo run-server install-hooks runtime-bundle runtime-binaries runtime-kernel runtime-rootfs runtime-agent runtime-validate runtime-manifest runtime-sync runtime-clean runtime-fetch-binaries runtime-build-kernel-real runtime-build-rootfs-real runtime-materialize runtime-export-environment-oci runtime-publish-environment-oci runtime-boot-check runtime-network-check
|
||||
.PHONY: help setup lint format typecheck test check dist-check demo network-demo doctor ollama ollama-demo run-server install-hooks runtime-bundle runtime-binaries runtime-kernel runtime-rootfs runtime-agent runtime-validate runtime-manifest runtime-sync runtime-clean runtime-fetch-binaries runtime-build-kernel-real runtime-build-rootfs-real runtime-materialize runtime-export-environment-oci runtime-export-official-environments-oci runtime-publish-environment-oci runtime-publish-official-environments-oci runtime-boot-check runtime-network-check
|
||||
|
||||
help:
|
||||
@printf '%s\n' \
|
||||
|
|
@ -43,7 +44,9 @@ help:
|
|||
' runtime-build-rootfs-real Materialize the real guest rootfs images' \
|
||||
' runtime-materialize Run all real-source materialization steps' \
|
||||
' runtime-export-environment-oci Export one environment as a local OCI layout' \
|
||||
' runtime-export-official-environments-oci Export all official environments as OCI layouts' \
|
||||
' runtime-publish-environment-oci Publish one exported OCI layout to its registry target' \
|
||||
' runtime-publish-official-environments-oci Publish all official environments to their registry targets' \
|
||||
' runtime-boot-check Validate direct Firecracker boot from the bundled runtime' \
|
||||
' runtime-network-check Validate outbound guest networking from the bundled runtime' \
|
||||
' runtime-clean Remove generated runtime build artifacts'
|
||||
|
|
@ -133,9 +136,20 @@ runtime-materialize:
|
|||
runtime-export-environment-oci:
|
||||
uv run python -m pyro_mcp.runtime_build export-environment-oci --platform "$(RUNTIME_PLATFORM)" --source-dir "$(RUNTIME_SOURCE_DIR)" --build-dir "$(RUNTIME_BUILD_DIR)" --bundle-dir "$(RUNTIME_BUNDLE_DIR)" --materialized-dir "$(RUNTIME_MATERIALIZED_DIR)" --environment "$(RUNTIME_ENVIRONMENT)" --output-dir "$(RUNTIME_OCI_LAYOUT_DIR)"
|
||||
|
||||
runtime-export-official-environments-oci:
|
||||
@for environment in $(RUNTIME_ENVIRONMENTS); do \
|
||||
$(MAKE) runtime-export-environment-oci RUNTIME_ENVIRONMENT="$$environment"; \
|
||||
done
|
||||
|
||||
runtime-publish-environment-oci:
|
||||
uv run python -m pyro_mcp.runtime_build publish-environment-oci --platform "$(RUNTIME_PLATFORM)" --source-dir "$(RUNTIME_SOURCE_DIR)" --build-dir "$(RUNTIME_BUILD_DIR)" --bundle-dir "$(RUNTIME_BUNDLE_DIR)" --materialized-dir "$(RUNTIME_MATERIALIZED_DIR)" --environment "$(RUNTIME_ENVIRONMENT)" --layout-root "$(RUNTIME_OCI_LAYOUT_DIR)"
|
||||
|
||||
runtime-publish-official-environments-oci:
|
||||
@for environment in $(RUNTIME_ENVIRONMENTS); do \
|
||||
$(MAKE) runtime-export-environment-oci RUNTIME_ENVIRONMENT="$$environment"; \
|
||||
$(MAKE) runtime-publish-environment-oci RUNTIME_ENVIRONMENT="$$environment"; \
|
||||
done
|
||||
|
||||
runtime-boot-check:
|
||||
uv run python -m pyro_mcp.runtime_boot_check
|
||||
|
||||
|
|
|
|||
10
README.md
10
README.md
|
|
@ -192,3 +192,13 @@ make dist-check
|
|||
```
|
||||
|
||||
Contributor runtime source artifacts are still maintained under `src/pyro_mcp/runtime_bundle/` and `runtime_sources/`.
|
||||
|
||||
Official environment publication is automated through
|
||||
`.github/workflows/publish-environments.yml`.
|
||||
For a local publish dry run against GHCR-compatible credentials:
|
||||
|
||||
```bash
|
||||
make runtime-materialize
|
||||
OCI_REGISTRY_USERNAME="$GITHUB_USER" OCI_REGISTRY_PASSWORD="$GITHUB_TOKEN" \
|
||||
make runtime-publish-official-environments-oci
|
||||
```
|
||||
|
|
|
|||
|
|
@ -15,6 +15,11 @@ Materialization workflow:
|
|||
3. `make runtime-build-rootfs-real`
|
||||
4. `make runtime-bundle`
|
||||
|
||||
Official environment publication workflow:
|
||||
1. `make runtime-materialize`
|
||||
2. `OCI_REGISTRY_USERNAME=... OCI_REGISTRY_PASSWORD=... make runtime-publish-official-environments-oci`
|
||||
3. or run the repo workflow at `.github/workflows/publish-environments.yml`
|
||||
|
||||
Build requirements for the real path:
|
||||
- `docker`
|
||||
- outbound network access to GitHub and Debian snapshot mirrors
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue