@@ -34,6 +34,7 @@ variables:
3434 # Define the public staging registry
3535 STAGING_REGISTRY : ghcr.io/nvidia
3636 STAGING_VERSION : " ${CI_COMMIT_SHORT_SHA}"
37+ PUBLISH_VERSIONS : 535.274.02 570.195.03 580.95.05
3738
3839.image-pull-rules :
3940 # We delay the job start to allow the public pipeline to generate the required images.
@@ -337,7 +338,7 @@ scan-rhel9-arm64:
337338 OUT_REGISTRY_USER : " ${NGC_REGISTRY_USER}"
338339 OUT_REGISTRY_TOKEN : " ${NGC_REGISTRY_TOKEN}"
339340 OUT_REGISTRY : " ${NGC_REGISTRY}"
340- OUT_IMAGE_NAME : " ${NGC_REGISTRY_IMAGE} "
341+ OUT_IMAGE_NAME : " ${NGC_STAGING_REGISTRY}/driver "
341342
342343# Define the external release helpers
343344.release:ngc :
@@ -451,111 +452,95 @@ release:ngc-rhel9.6:
451452 variables :
452453 OUT_DIST : " rhel9.6"
453454
454- # Define the external image signing steps for NGC
455- # Download the ngc cli binary for use in the sign steps
456- .ngccli-setup :
457- before_script :
458- - apt-get update && apt-get install -y curl unzip jq bash make
459- - export REGCTL_VERSION=v0.7.1
460- - mkdir -p bin
461- - curl -sSLo bin/regctl https://github.com/regclient/regclient/releases/download/${REGCTL_VERSION}/regctl-linux-amd64
462- - chmod a+x bin/regctl
463- - export PATH=$(pwd)/bin:${PATH}
455+ generate-build-info :
456+ stage : ngc-publish
457+ artifacts :
458+ paths :
459+ - build-info/${CI_PIPELINE_ID}-full.txt
460+ script :
464461 - |
465- if [ -z "${NGCCLI_VERSION}" ]; then
466- NGC_VERSION_URL="https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions"
467- # Extract the latest version from the JSON data using jq
468- export NGCCLI_VERSION=$(curl -s $NGC_VERSION_URL | jq -r '.recipe.latestVersionIdStr')
462+ for DRIVER_VERSION in ${PUBLISH_VERSIONS}; do
463+ for file in build-info/${CI_PIPELINE_ID}-${DRIVER_VERSION}-*; do
464+ cat "$file" >> build-info/${CI_PIPELINE_ID}-full.txt
465+ done
466+ done
467+ if [ ! -s "build-info/${CI_PIPELINE_ID}-full.txt" ]; then
468+ echo "Error: No build information was collected from the release jobs"
469+ exit 1
469470 fi
470- echo "NGCCLI_VERSION ${NGCCLI_VERSION}"
471- curl -sSLo ngccli_linux.zip https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/${NGCCLI_VERSION}/files/ngccli_linux.zip
472- - unzip ngccli_linux.zip
473- - chmod u+x ngc-cli/ngc
474-
475- # .sign forms the base of the deployment jobs which signs images in the CI registry.
476- # This is extended with the image name and version to be deployed.
477- .sign:ngc :
478- image : ubuntu:latest
479- timeout : 30 minutes
480- when : always
481- stage : sign
482- rules :
483- - if : $CI_COMMIT_TAG
484- variables :
485- DIST : " ${SIGN_JOB_NAME}${VERSION}"
471+
472+ .update-nspect :
473+ stage : ngc-publish
474+ needs :
475+ - job : generate-build-info
476+ artifacts : true
477+ image :
478+ name : " ${CNT_NGC_PUBLISH_IMAGE}"
479+ pull_policy : always
486480 variables :
487- OUT_REGISTRY_USER : " ${CI_REGISTRY_USER}"
488- OUT_REGISTRY_TOKEN : " ${CI_REGISTRY_PASSWORD}"
489- OUT_REGISTRY : " ${CI_REGISTRY}"
490- NGC_CLI_API_KEY : " ${NGC_REGISTRY_TOKEN}"
491- IMAGE_NAME : " ${NGC_REGISTRY_IMAGE}"
492- IMAGE_TAG : " ${CI_COMMIT_TAG}"
481+ PROJECT_NAME : " gpu-driver-container"
482+ REPO_URL : " https://github.com/NVIDIA/gpu-driver-container.git"
493483 before_script :
494- - !reference [.ngccli-setup, before_script]
495- - ' if [[ "${PRECOMPILED}" != "true" ]]; then echo DRIVER_VERSION: ${DRIVER_VERSION} ; [[ -n "${DRIVER_VERSION}" ]] || exit 1; fi'
496- - regctl registry login "${OUT_REGISTRY}" -u "${OUT_REGISTRY_USER}" -p "${OUT_REGISTRY_TOKEN}"
497- - |
498- if [[ "${PRECOMPILED}" == "true" ]]; then
499- ./scripts/precompiled.sh version;
500- source kernel_version.txt
501- export IMAGE_TAG=${DRIVER_BRANCH}-${KERNEL_VERSION}-${DIST##*_}
502- else
503- export IMAGE_TAG=${DRIVER_VERSION}-${DIST##*_}
504- fi
505- # We ensure that the IMAGE_NAME and IMAGE_TAG is set
506- - ' echo Image Name: ${IMAGE_NAME} && [[ -n "${IMAGE_NAME}" ]] || exit 1'
507- - ' echo Image Tag: ${IMAGE_TAG} && [[ -n "${IMAGE_TAG}" ]] || exit 1'
484+ - export RELEASE_VERSION="${PUBLISH_VERSIONS// /_}"
508485 script :
509- - ' echo "Signing the image ${IMAGE_NAME}:${IMAGE_TAG}"'
510- - ngc-cli/ngc registry image publish --source ${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_NAME}:${IMAGE_TAG} --public --discoverable --allow-guest --sign --org nvidia
511-
512- sign:ngc-precompiled-ubuntu24.04 :
513- extends :
514- - .driver-versions-precompiled-ubuntu24.04
515- - .dist-ubuntu24.04
516- - .release-generic
517- - .release:ngc-variables
518- - .sign:ngc
519- variables :
520- DIST : signed_ubuntu24.04
521- BASE_TARGET : noble
522- PRECOMPILED : " true"
523- needs :
524- - release:ngc-precompiled-ubuntu24.04
525- rules :
526- # Only run NGC release job on scheduled pipelines
527- - if : $CI_PIPELINE_SOURCE == "schedule"
528-
529- sign:ngc-precompiled-ubuntu22.04 :
486+ - cnt-ngc-publish nspect --versions-file "build-info/${CI_PIPELINE_ID}-full.txt"
487+
488+ # Update the nspect staging environment to test the nspect publishing logic
489+ update-nspect-staging :
530490 extends :
531- - .driver-versions-precompiled-ubuntu22.04
532- - .dist-ubuntu22.04
533- - .release-generic
534- - .release:ngc-variables
535- - .sign:ngc
491+ - .update-nspect
492+ except :
493+ - tags
536494 variables :
537- DIST : signed_ubuntu22.04
538- BASE_TARGET : jammy
539- PRECOMPILED : " true"
540- needs :
541- - release:ngc-precompiled-ubuntu22.04
495+ ENV : " stage"
496+ NSPECT_CLIENT_ID : " ${NSPECT_STAGING_CLIENT_ID}"
497+ NSPECT_CLIENT_SECRET : " ${NSPECT_STAGING_CLIENT_SECRET}"
498+
499+ # Update the nspect production environment with the new release
500+ update-nspect :
501+ extends :
502+ - .update-nspect
542503 rules :
543- - !reference [.precompiled-rules, rules]
504+ - if : $CI_COMMIT_TAG
505+ variables :
506+ OSRB_BUG_ID : " ${OSRB_BUG_ID}"
507+ ENV : " prod"
508+ NSPECT_CLIENT_ID : " ${NSPECT_PROD_CLIENT_ID}"
509+ NSPECT_CLIENT_SECRET : " ${NSPECT_PROD_CLIENT_SECRET}"
510+
511+ .publish-images :
512+ stage : ngc-publish
513+ image :
514+ name : " ${CNT_NGC_PUBLISH_IMAGE}"
515+ pull_policy : always
516+ variables :
517+ GITLAB_ACCESS_TOKEN : " ${CNT_GITLAB_TOKEN}"
518+ script :
519+ - cnt-ngc-publish render --project-name "gpu-driver-container" --versions-file "build-info/${CI_PIPELINE_ID}-full.txt" --output gpu-driver-container.yaml
520+ - cnt-ngc-publish merge-request --files "gpu-driver-container.yaml"
521+
522+ # Raise an MR to publish the image to NGC
523+ ngc-image-publish :
524+ extends :
525+ - .publish-images
526+ rules :
527+ - if : $CI_COMMIT_TAG
528+ needs :
529+ - job : update-nspect
530+ - job : generate-build-info
531+ artifacts : true
532+ variables :
533+ NGC_PUBLISHING_PROJECT_PATH : " ${NGC_PUBLISHING_PROD_PROJECT_PATH}"
544534
545- sign:ngc-ubuntu-rhel-rhcos :
546- extends :
547- - .sign:ngc
548- parallel :
549- matrix :
550- - SIGN_JOB_NAME : ["ubuntu"]
551- VERSION : ["24.04"]
552- DRIVER_VERSION : ["570.195.03", "580.95.05"]
553- - SIGN_JOB_NAME : ["ubuntu"]
554- VERSION : ["22.04"]
555- DRIVER_VERSION : ["535.274.02", "570.195.03", "580.95.05"]
556- - SIGN_JOB_NAME : ["rhel"]
557- VERSION : ["8.8", "8.10", "9.4", "9.5", "9.6"]
558- DRIVER_VERSION : ["535.274.02", "570.195.03", "580.95.05"]
559- - SIGN_JOB_NAME : ["rhcos"]
560- VERSION : ["4.14", "4.15", "4.16", "4.17", "4.18"]
561- DRIVER_VERSION : ["535.274.02", "570.195.03", "580.95.05"]
535+ # Create a dummy MR that exercises the publishing logic
536+ mock-image-publish :
537+ extends :
538+ - .publish-images
539+ except :
540+ - tags
541+ needs :
542+ - job : update-nspect-staging
543+ - job : generate-build-info
544+ artifacts : true
545+ variables :
546+ NGC_PUBLISHING_PROJECT_PATH : " ${NGC_PUBLISHING_TEST_PROJECT_PATH}"
0 commit comments