docker/unified: publish rootless image variant (#630)
This commit is contained in:
@@ -68,6 +68,13 @@ jobs:
|
|||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
backend: ${{ fromJSON(needs.setup.outputs.matrix) }}
|
backend: ${{ fromJSON(needs.setup.outputs.matrix) }}
|
||||||
|
variant:
|
||||||
|
- name: root
|
||||||
|
uid: "0"
|
||||||
|
suffix: ""
|
||||||
|
- name: rootless
|
||||||
|
uid: "10001"
|
||||||
|
suffix: "-rootless"
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
@@ -99,14 +106,15 @@ jobs:
|
|||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Build unified Docker image (${{ matrix.backend }})
|
- name: Build unified Docker image (${{ matrix.backend }}, ${{ matrix.variant.name }})
|
||||||
env:
|
env:
|
||||||
LLAMA_REF: ${{ inputs.llama_cpp_ref || 'master' }}
|
LLAMA_REF: ${{ inputs.llama_cpp_ref || 'master' }}
|
||||||
WHISPER_REF: ${{ inputs.whisper_ref || 'master' }}
|
WHISPER_REF: ${{ inputs.whisper_ref || 'master' }}
|
||||||
SD_REF: ${{ inputs.sd_ref || 'master' }}
|
SD_REF: ${{ inputs.sd_ref || 'master' }}
|
||||||
IK_LLAMA_REF: ${{ inputs.ik_llama_ref || 'main' }}
|
IK_LLAMA_REF: ${{ inputs.ik_llama_ref || 'main' }}
|
||||||
LS_VERSION: ${{ inputs.llama_swap_version || 'main' }}
|
LS_VERSION: ${{ inputs.llama_swap_version || 'main' }}
|
||||||
DOCKER_IMAGE_TAG: ghcr.io/mostlygeek/llama-swap:unified-${{ matrix.backend }}
|
RUN_UID: ${{ matrix.variant.uid }}
|
||||||
|
DOCKER_IMAGE_TAG: ghcr.io/mostlygeek/llama-swap:unified-${{ matrix.backend }}${{ matrix.variant.suffix }}
|
||||||
# When running under act, use the local builder that has warm ccache.
|
# When running under act, use the local builder that has warm ccache.
|
||||||
# On GitHub Actions, BUILDX_BUILDER is unset so docker uses the builder
|
# On GitHub Actions, BUILDX_BUILDER is unset so docker uses the builder
|
||||||
# created by setup-buildx-action above.
|
# created by setup-buildx-action above.
|
||||||
@@ -118,7 +126,8 @@ jobs:
|
|||||||
- name: Push to GitHub Container Registry
|
- name: Push to GitHub Container Registry
|
||||||
if: ${{ !env.ACT }}
|
if: ${{ !env.ACT }}
|
||||||
run: |
|
run: |
|
||||||
docker push ghcr.io/mostlygeek/llama-swap:unified-${{ matrix.backend }}
|
TAG="ghcr.io/mostlygeek/llama-swap:unified-${{ matrix.backend }}${{ matrix.variant.suffix }}"
|
||||||
|
docker push "${TAG}"
|
||||||
DATE_TAG=$(date -u +%Y-%m-%d)
|
DATE_TAG=$(date -u +%Y-%m-%d)
|
||||||
docker tag ghcr.io/mostlygeek/llama-swap:unified-${{ matrix.backend }} ghcr.io/mostlygeek/llama-swap:unified-${{ matrix.backend }}-${DATE_TAG}
|
docker tag "${TAG}" "${TAG}-${DATE_TAG}"
|
||||||
docker push ghcr.io/mostlygeek/llama-swap:unified-${{ matrix.backend }}-${DATE_TAG}
|
docker push "${TAG}-${DATE_TAG}"
|
||||||
|
|||||||
@@ -145,15 +145,20 @@ ARG LLAMA_COMMIT_HASH=unknown
|
|||||||
ARG WHISPER_COMMIT_HASH=unknown
|
ARG WHISPER_COMMIT_HASH=unknown
|
||||||
ARG SD_COMMIT_HASH=unknown
|
ARG SD_COMMIT_HASH=unknown
|
||||||
ARG IK_LLAMA_COMMIT_HASH=unknown
|
ARG IK_LLAMA_COMMIT_HASH=unknown
|
||||||
|
ARG RUN_UID=0
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||||
python3-numpy python3-sentencepiece \
|
python3-numpy python3-sentencepiece \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Create llama-swap user and config directory
|
# Create non-root user when RUN_UID != 0
|
||||||
RUN useradd --system --create-home --shell /sbin/nologin llama-swap && \
|
RUN if [ "$RUN_UID" != "0" ]; then \
|
||||||
|
groupadd --system --gid $RUN_UID llama-swap && \
|
||||||
|
useradd --system --uid $RUN_UID --gid $RUN_UID \
|
||||||
|
--home /app --shell /sbin/nologin llama-swap; \
|
||||||
|
fi && \
|
||||||
mkdir -p /etc/llama-swap/config && \
|
mkdir -p /etc/llama-swap/config && \
|
||||||
chown -R llama-swap:llama-swap /etc/llama-swap
|
chown -R ${RUN_UID}:${RUN_UID} /etc/llama-swap
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
@@ -191,7 +196,8 @@ RUN echo "llama.cpp: ${LLAMA_COMMIT_HASH}" > /versions.txt && \
|
|||||||
echo "backend: ${BACKEND}" >> /versions.txt && \
|
echo "backend: ${BACKEND}" >> /versions.txt && \
|
||||||
echo "build_timestamp: $(date -u +%Y-%m-%dT%H:%M:%SZ)" >> /versions.txt
|
echo "build_timestamp: $(date -u +%Y-%m-%dT%H:%M:%SZ)" >> /versions.txt
|
||||||
|
|
||||||
|
RUN mkdir -p /models && chown ${RUN_UID}:${RUN_UID} /models
|
||||||
WORKDIR /models
|
WORKDIR /models
|
||||||
USER llama-swap
|
USER ${RUN_UID}
|
||||||
ENTRYPOINT ["llama-swap"]
|
ENTRYPOINT ["llama-swap"]
|
||||||
CMD ["-config", "/etc/llama-swap/config/config.yaml", "-listen", "0.0.0.0:8080"]
|
CMD ["-config", "/etc/llama-swap/config/config.yaml", "-listen", "0.0.0.0:8080"]
|
||||||
|
|||||||
@@ -201,6 +201,7 @@ BUILD_ARGS=(
|
|||||||
--build-arg "SD_COMMIT_HASH=${SD_HASH}"
|
--build-arg "SD_COMMIT_HASH=${SD_HASH}"
|
||||||
--build-arg "IK_LLAMA_COMMIT_HASH=${IK_LLAMA_HASH}"
|
--build-arg "IK_LLAMA_COMMIT_HASH=${IK_LLAMA_HASH}"
|
||||||
--build-arg "LS_VERSION=${LS_HASH}"
|
--build-arg "LS_VERSION=${LS_HASH}"
|
||||||
|
--build-arg "RUN_UID=${RUN_UID:-0}"
|
||||||
-t "${DOCKER_IMAGE_TAG}"
|
-t "${DOCKER_IMAGE_TAG}"
|
||||||
-f "${SCRIPT_DIR}/Dockerfile"
|
-f "${SCRIPT_DIR}/Dockerfile"
|
||||||
)
|
)
|
||||||
|
|||||||
Reference in New Issue
Block a user