Skip to content

Run docker workflow on Astera builder#251

Open
xraymemory wants to merge 2 commits into
mainfrom
chore/astera-docker-runners
Open

Run docker workflow on Astera builder#251
xraymemory wants to merge 2 commits into
mainfrom
chore/astera-docker-runners

Conversation

@xraymemory
Copy link
Copy Markdown
Contributor

@xraymemory xraymemory commented May 29, 2026
edited by coderabbitai Bot
Loading

Summary

  • run Docker publish jobs on the Astera builder runner so Harbor access stays behind the VPN
  • use a pinned skopeo container instead of apt-installing skopeo on the runner
  • remove GitHub-hosted runner disk cleanup steps from self-hosted jobs

Validation

  • mirrored checkpoint image locally and verified Docker Hub digest matches sha256:ff1dd2b42c3afd593e034cf81df1bf1862c27ae491f46cc10e105629f1102781
  • git diff --check
  • parsed .github/workflows/docker.yml with Ruby YAML loader
  • tested the pinned skopeo inspect command locally

Summary by CodeRabbit

  • Chores
    • Optimized Docker image building workflow with infrastructure improvements to enhance build efficiency and reliability.

Copilot AI review requested due to automatic review settings May 29, 2026 18:54
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 29, 2026
edited
Loading

Review Change Stack

📝 Walkthrough

Walkthrough

The Docker workflow migrates from ubuntu-latest to Astera runners and containerizes skopeo operations. A pinned SKOPEO_IMAGE replaces direct skopeo installation, and all skopeo invocations (copy and inspect) now run inside the container via docker run. The sync_checkpoints job is reconfigured, while public and astera jobs adopt the new runner and remove disk-space cleanup.

Changes

Docker Workflow Astera Migration

Layer / File(s) Summary
Containerized skopeo setup and sync_checkpoints job
.github/workflows/docker.yml		 SKOPEO_IMAGE environment variable is added to pin a container digest for skopeo operations. The sync_checkpoints job switches to astera-sh-builder runner while retaining permissions and output wiring.
Skopeo copy and inspect containerization
.github/workflows/docker.yml		 Direct skopeo copy and skopeo inspect invocations are replaced with docker run wrappers that execute skopeo inside the pinned SKOPEO_IMAGE, passing Harbor/Docker Hub credentials via environment variables.
Public and astera job runner migration
.github/workflows/docker.yml		 Both public and astera jobs switch to astera-sh-builder runner and remove the "Free disk space" step before checkout, while retaining dependencies, outputs, and subsequent build/push steps.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested reviewers

  • marcuscollins

Poem

🐰 A docker dance on Astera's swift floor,
Where skopeo spins in containers galore,
No disk-space cleanup, just streams that flow free,
Runners aligned, and the workflow's set free! 📦✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Run docker workflow on Astera builder' clearly and concisely summarizes the main change: migrating Docker workflow jobs to run on the Astera builder runner.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/astera-docker-runners

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Docker publishing GitHub Actions workflow to run on the Astera self-hosted builder (keeping Harbor access behind the VPN) and to execute skopeo via a pinned container image instead of installing it on the runner.

Changes:

  • Switch Docker publish jobs from ubuntu-latest to the astera-sh-builder self-hosted runner.
  • Replace runner apt-get install skopeo usage with docker run quay.io/skopeo/stable@sha256:… for skopeo copy and skopeo inspect.
  • Remove GitHub-hosted runner disk cleanup steps from the self-hosted jobs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@xraymemory xraymemory changed the title chore(ci): run docker workflow on Astera builder Run docker workflow on Astera builder May 29, 2026
coderabbitai[bot]
coderabbitai Bot reviewed Jun 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/docker.yml (1)

118-122: Confirm disk hygiene on the self-hosted Astera runner.

Dropping the GitHub-hosted "Free disk space" step is correct for self-hosted runners (the GitHub-hosted cleanup tricks don't apply). But these jobs build large CUDA-based images and write registry buildcache repeatedly; without periodic pruning the persistent runner's disk can fill over time and start failing builds. Consider a scheduled docker system prune/buildx cache GC on the runner host, or a guarded cleanup step here. The same applies to the astera job (Lines 188-192).

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docker.yml around lines 118 - 122, The workflow currently
omits any disk-pruning for self-hosted runners after large CUDA image builds;
add a guarded cleanup to avoid disk exhaustion by either scheduling host-side
maintenance (e.g., cron job running docker system prune --all --volumes and
buildx cache garbage-collect) or inserting a conditional cleanup step in the
workflow jobs that run heavy builds (refer to the Checkout step and the astera
job) that checks runner type and then runs docker system prune and/or buildx
cache gc with safe flags and confirmation (or a size/age guard) to avoid
removing needed artifacts; ensure the step runs after the build/cache-push
phases and is idempotent and non-destructive for GitHub-hosted runners by gating
on runner labels.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/docker.yml:
- Around line 118-122: The workflow currently omits any disk-pruning for
self-hosted runners after large CUDA image builds; add a guarded cleanup to
avoid disk exhaustion by either scheduling host-side maintenance (e.g., cron job
running docker system prune --all --volumes and buildx cache garbage-collect) or
inserting a conditional cleanup step in the workflow jobs that run heavy builds
(refer to the Checkout step and the astera job) that checks runner type and then
runs docker system prune and/or buildx cache gc with safe flags and confirmation
(or a size/age guard) to avoid removing needed artifacts; ensure the step runs
after the build/cache-push phases and is idempotent and non-destructive for
GitHub-hosted runners by gating on runner labels.
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6fef4d47-cea2-41d5-baea-31a99972c178

📥 Commits

Reviewing files that changed from the base of the PR and between f25844f and 48d0517.

📒 Files selected for processing (1)
  • .github/workflows/docker.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@manzuoni-astera manzuoni-astera manzuoni-astera approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xraymemory @manzuoni-astera