[chore]: streamline makefiles to address minimize cognitive load, lower maintenance burden, and remove duplication #135 (#137)

Author: mchmarny

.github/actions/build-container/action.yml

@@ -16,15 +16,6 @@ name: 'Build Container'
 description: 'Build container for validation without publishing'
 
 inputs:
-  safe_ref_name:
-    description: 'Safe reference name for container tags'
-    required: true
-  nvcr_container_repo:
-    description: 'Container registry URL'
-    required: true
-  container_org:
-    description: 'Container organization/namespace'
-    required: true
   make_command:
     description: 'Make command to run for building (should use docker-build, not docker-publish)'
     required: true
@@ -56,14 +47,14 @@ runs:
     - name: Build container (validation only)
       shell: bash
       env:
-        SAFE_REF_NAME: ${{ inputs.safe_ref_name }}
-        NVCR_CONTAINER_REPO: ${{ inputs.nvcr_container_repo }}
-        NGC_ORG: ${{ inputs.container_org }}
         DOCKER_BUILDKIT: 1
         BUILDX_CACHE_FROM: type=local,src=/tmp/.buildx-cache
         BUILDX_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new,mode=max
       run: |
-        echo "Building container for validation..."
+        # Compute SAFE_REF_NAME from CI_COMMIT_REF_NAME or fallback to GITHUB_REF_NAME
+        SAFE_REF_NAME=$(echo "${CI_COMMIT_REF_NAME:-${GITHUB_REF_NAME}}" | sed 's/\//-/g')
+        export SAFE_REF_NAME
+        echo "Building container for validation with ref: ${SAFE_REF_NAME}..."
         ${{ inputs.make_command }}
 
         # Clean up built images to save space

.github/actions/prepare-vars/action.yml

@@ -16,26 +16,9 @@ name: 'Publish Container'
 description: 'Complete container publishing workflow with Docker setup, login, and build'
 
 inputs:
-  safe_ref_name:
-    description: 'Safe reference name for container tags'
-    required: true
-  nvcr_container_repo:
-    description: 'Container registry URL'
-    required: true
-  container_org:
-    description: 'Container organization/namespace'
-    required: true
   make_command:
     description: 'Make command to run for building and publishing'
     required: true
-  registry:
-    description: 'Container registry (default: ghcr.io)'
-    required: false
-    default: 'ghcr.io'
-  registry_username:
-    description: 'Registry username (default: github.actor)'
-    required: false
-    default: ${{ github.actor }}
   registry_password:
     description: 'Registry password'
     required: true
@@ -65,26 +48,25 @@ runs:
     - name: Log in to Container Registry
       uses: docker/login-action@v3
       with:
-        registry: ${{ inputs.registry }}
-        username: ${{ inputs.registry_username }}
+        registry: ghcr.io
+        username: ${{ github.actor }}
         password: ${{ inputs.registry_password }}
 
     - name: Build and publish container
       shell: bash
       id: image
       env:
-        SAFE_REF_NAME: ${{ inputs.safe_ref_name }}
-        NVCR_CONTAINER_REPO: ${{ inputs.nvcr_container_repo }}
-        NGC_ORG: ${{ inputs.container_org }}
         DOCKER_BUILDKIT: 1
         BUILDX_CACHE_FROM: type=local,src=/tmp/.buildx-cache
         BUILDX_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new,mode=max
       run: |
         ${{ inputs.make_command }}
 
-        DIGEST="$(crane digest ${{ inputs.nvcr_container_repo }}/${{ inputs.container_org }}/${{ inputs.container_name }}:${{ inputs.safe_ref_name }}${{ inputs.tag_suffix }})"
+        # Compute SAFE_REF_NAME the same way the Makefile does
+        SAFE_REF_NAME=$(echo "${CI_COMMIT_REF_NAME:-${GITHUB_REF_NAME}}" | sed 's/\//-/g')
+        DIGEST="$(crane digest ghcr.io/nvidia/${{ inputs.container_name }}:${SAFE_REF_NAME}${{ inputs.tag_suffix }})"
         echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
-        echo "name=${{ inputs.nvcr_container_repo }}/${{ inputs.container_org }}/${{ inputs.container_name }}" >> "$GITHUB_OUTPUT"
+        echo "name=ghcr.io/nvidia/${{ inputs.container_name }}" >> "$GITHUB_OUTPUT"
 
         # Move cache to prevent it from growing indefinitely
         if [ -d "/tmp/.buildx-cache-new" ]; then

.github/actions/publish-container/action.yml

@@ -34,8 +34,6 @@ on:
       - '.github/workflows/container-build-test.yml'
       - '.github/actions/build-container/**'
       - '.github/actions/setup-build-env/**'
-      # Build scripts
-      - 'build_image_list.sh'
   workflow_dispatch:
     inputs:
       components:
@@ -131,18 +129,23 @@ jobs:
         if: steps.should-build.outputs.build == 'false'
         run: echo "Skipping ${{ matrix.component }} (not in selected components list)"
 
+      - name: Compute ref name with short SHA
+        if: steps.should-build.outputs.build == 'true'
+        id: ref-name
+        run: |
+          SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
+          echo "value=${{ github.ref_name }}-${SHORT_SHA}" >> $GITHUB_OUTPUT
+
       - name: Execute build
         if: steps.should-build.outputs.build == 'true'
         uses: ./.github/actions/build-container
         env:
+          CI_COMMIT_REF_NAME: ${{ steps.ref-name.outputs.value }}
           # Disable registry cache for pull requests to avoid permission issues
           DISABLE_REGISTRY_CACHE: ${{ (github.event_name == 'pull_request' || startsWith(github.ref, 'refs/heads/pull-request/')) && 'true' || 'false' }}
           # Disable --load flag in CI builds (causes issues with multi-platform builds)
           DOCKER_LOAD_ARG: ''
         with:
-          safe_ref_name: ${{ needs.prepare-environment.outputs.safe_ref_name }}
-          nvcr_container_repo: ${{ needs.prepare-environment.outputs.nvcr_container_repo }}
-          container_org: ${{ needs.prepare-environment.outputs.container_org }}
           make_command: ${{ matrix.make_command }}
 
   container-build-summary:

ci.Dockerfile renamed to .github/ci.Dockerfile

@@ -203,11 +203,15 @@ jobs:
           chmod +x scripts/configure-ctlptl-registry.sh
           ./scripts/configure-ctlptl-registry.sh
 
+      - name: Compute ref name with short SHA
+        id: ref-name
+        run: |
+          SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
+          echo "value=${{ github.ref_name }}-${SHORT_SHA}" >> $GITHUB_OUTPUT
+
       - name: Create cluster for E2E tests
         env:
-          SAFE_REF_NAME: ${{ needs.prepare-environment.outputs.safe_ref_name }}
-          NVCR_CONTAINER_REPO: ${{ needs.prepare-environment.outputs.nvcr_container_repo }}
-          NGC_ORG: ${{ needs.prepare-environment.outputs.container_org }}
+          CI_COMMIT_REF_NAME: ${{ steps.ref-name.outputs.value }}
           CTLPTL_YAML: ctlptl-config.yaml
           # Make cluster names unique per architecture to avoid conflicts in parallel runs
           CLUSTER_NAME_SUFFIX: "-${{ matrix.arch }}"
@@ -222,9 +226,7 @@ jobs:
 
       - name: Run E2E tests
         env:
-          SAFE_REF_NAME: ${{ needs.prepare-environment.outputs.safe_ref_name }}
-          NVCR_CONTAINER_REPO: ${{ needs.prepare-environment.outputs.nvcr_container_repo }}
-          NGC_ORG: ${{ needs.prepare-environment.outputs.container_org }}
+          CI_COMMIT_REF_NAME: ${{ steps.ref-name.outputs.value }}
           CTLPTL_YAML: ctlptl-config.yaml
           # Use same cluster name suffix for consistency
           CLUSTER_NAME_SUFFIX: "-${{ matrix.arch }}"

license-header.txt renamed to .github/headers/LICENSE

@@ -132,15 +132,22 @@ jobs:
           helm version --short
           kwok --version
 
+      - name: Compute ref name with short SHA
+        id: ref-name
+        run: |
+          SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
+          echo "value=${{ github.ref_name }}-${SHORT_SHA}" >> $GITHUB_OUTPUT
+
       - name: Build container images locally
         env:
-          SAFE_REF_NAME: ${{ needs.prepare-environment.outputs.safe_ref_name }}
-          NVCR_CONTAINER_REPO: localhost
-          NGC_ORG: nvsentinel-e2e
+          CI_COMMIT_REF_NAME: ${{ steps.ref-name.outputs.value }}
+          CONTAINER_REGISTRY: localhost
+          CONTAINER_ORG: nvsentinel-e2e
           PLATFORMS: linux/amd64
           DISABLE_REGISTRY_CACHE: true
         run: |
           make docker-all
+          SAFE_REF_NAME=$(echo "${CI_COMMIT_REF_NAME}" | sed 's/\//-/g')
           docker images | grep "localhost/nvsentinel-e2e/nvsentinel-.*:${SAFE_REF_NAME}" || docker images | grep nvsentinel
 
       - name: Create Kind cluster
@@ -182,8 +189,9 @@ jobs:
 
       - name: Load images into Kind cluster
         env:
-          SAFE_REF_NAME: ${{ needs.prepare-environment.outputs.safe_ref_name }}
+          CI_COMMIT_REF_NAME: ${{ steps.ref-name.outputs.value }}
         run: |
+          SAFE_REF_NAME=$(echo "${CI_COMMIT_REF_NAME}" | sed 's/\//-/g')
           mapfile -t images < <(docker images --format "{{.Repository}}:{{.Tag}}" | grep "localhost/nvsentinel-e2e/nvsentinel-.*:.*${SAFE_REF_NAME}")
           [ ${#images[@]} -eq 0 ] && { echo "No images found"; exit 1; }
 
@@ -223,8 +231,10 @@ jobs:
 
       - name: Patch values for E2E testing
         env:
-          SAFE_REF_NAME: ${{ needs.prepare-environment.outputs.safe_ref_name }}
+          CI_COMMIT_REF_NAME: ${{ steps.ref-name.outputs.value }}
         run: |
+          SAFE_REF_NAME=$(echo "${CI_COMMIT_REF_NAME}" | sed 's/\//-/g')
+          
           # Replace repository URLs in chart files
           sed -i 's|ghcr\.io/nvidia/nvsentinel-|localhost/nvsentinel-e2e/nvsentinel-|g' \
             distros/kubernetes/nvsentinel/charts/*/values.yaml \
@@ -255,20 +265,24 @@ jobs:
           EOF
 
       - name: Install NVSentinel via Helm
+        env:
+          CI_COMMIT_REF_NAME: ${{ steps.ref-name.outputs.value }}
         run: |
+          SAFE_REF_NAME=$(echo "${CI_COMMIT_REF_NAME}" | sed 's/\//-/g')
           helm upgrade --install nvsentinel ./distros/kubernetes/nvsentinel \
             --create-namespace \
             --namespace ${{ env.NVSENTINEL_NAMESPACE }} \
             --values /tmp/values-patched.yaml \
-            --set global.image.tag="${{ needs.prepare-environment.outputs.safe_ref_name }}" \
+            --set global.image.tag="${SAFE_REF_NAME}" \
             --debug
 
           kubectl get pods -n ${{ env.NVSENTINEL_NAMESPACE }}
 
       - name: Validate deployment with retry
         env:
-          SAFE_REF_NAME: ${{ needs.prepare-environment.outputs.safe_ref_name }}
+          CI_COMMIT_REF_NAME: ${{ steps.ref-name.outputs.value }}
         run: |
+          SAFE_REF_NAME=$(echo "${CI_COMMIT_REF_NAME}" | sed 's/\//-/g')
           chmod +x scripts/validate-nvsentinel.sh
           max_attempts=$((${{ env.VALIDATION_TIMEOUT_MINUTES }} * 60 / ${{ env.VALIDATION_INTERVAL_SECONDS }}))
 
@@ -293,13 +307,16 @@ jobs:
 
       - name: Collect debug artifacts
         if: failure()
+        env:
+          CI_COMMIT_REF_NAME: ${{ steps.ref-name.outputs.value }}
         run: |
+          SAFE_REF_NAME=$(echo "${CI_COMMIT_REF_NAME}" | sed 's/\//-/g')
           mkdir -p /tmp/debug-artifacts
           kubectl get all --all-namespaces > /tmp/debug-artifacts/all-resources.yaml || true
           kubectl get events --all-namespaces --sort-by='.lastTimestamp' > /tmp/debug-artifacts/all-events.yaml || true
           kubectl get pods -n ${{ env.NVSENTINEL_NAMESPACE }} -o yaml > /tmp/debug-artifacts/nvsentinel-pods.yaml || true
           kubectl logs -n ${{ env.NVSENTINEL_NAMESPACE }} --all-containers=true --tail=500 > /tmp/debug-artifacts/nvsentinel-logs.txt || true
-          ./scripts/validate-nvsentinel.sh --version "${{ needs.prepare-environment.outputs.safe_ref_name }}" --namespace "${{ env.NVSENTINEL_NAMESPACE }}" --image-pattern "localhost/nvsentinel-e2e/nvsentinel" --verbose > /tmp/debug-artifacts/validation-output.txt 2>&1 || true
+          ./scripts/validate-nvsentinel.sh --version "${SAFE_REF_NAME}" --namespace "${{ env.NVSENTINEL_NAMESPACE }}" --image-pattern "localhost/nvsentinel-e2e/nvsentinel" --verbose > /tmp/debug-artifacts/validation-output.txt 2>&1 || true
           docker images > /tmp/debug-artifacts/docker-images.txt
           df -h > /tmp/debug-artifacts/disk-usage.txt