michael/merlyn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b96988aae9
merlyn/.github/workflows/dev-build.yaml
Timothy Carambat 92752a2a15
Improve MCP functionality (#4709) 
* Improve MCP functionality

* apply ANSI strip path

* attempt ARM build

* improve dockerfile IO build time and migrate to ARM build

* fix comment

* add ability to disable MCP cooldown feature

* update devbuild name

* move chromium arm build patch to CDN
2025-12-05 11:01:20 -08:00

124 lines
4.7 KiB
YAML
Raw Blame History

name: AnythingLLM Development Docker image (arm64)
concurrency:
group: build-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: ['mcp-improvements'] # put your current branch to create a build. Core team only.
paths-ignore:
- '**.md'
- 'cloud-deployments/*'
- 'images/**/*'
- '.vscode/**/*'
- '**/.env.example'
- '.github/ISSUE_TEMPLATE/**/*'
- '.devcontainer/**/*'
- 'embed/**/*' # Embed should be published to frontend (yarn build:publish) if any changes are introduced
- 'browser-extension/**/*' # Chrome extension is submodule
- 'server/utils/agents/aibitat/example/**/*' # Do not push new image for local dev testing of new aibitat images.
- 'extras/**/*' # Extra is just for news and other local content.
jobs:
push_dev_build_to_dockerhub:
name: Push development build image to Docker Hub
runs-on: ubuntu-22.04-arm
permissions:
packages: write
contents: read
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Check if DockerHub build needed
shell: bash
run: |
# Check if the secret for USERNAME is set (don't even check for the password)
if [[ -z "${{ secrets.DOCKER_USERNAME }}" ]]; then
echo "DockerHub build not needed"
echo "enabled=false" >> $GITHUB_OUTPUT
else
echo "DockerHub build needed"
echo "enabled=true" >> $GITHUB_OUTPUT
fi
id: dockerhub
# Uncomment this + add linux/arm64 to platforms if you want to build for arm64 as well
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: v0.22.0
- name: Log in to Docker Hub
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
# Only login to the Docker Hub if the repo is mintplex/anythingllm, to allow for forks to build on GHCR
if: steps.dockerhub.outputs.enabled == 'true'
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: |
${{ steps.dockerhub.outputs.enabled == 'true' && 'mintplexlabs/anythingllm' || '' }}
tags: |
type=raw,value=dev
- name: Build and push multi-platform Docker image
uses: docker/build-push-action@v6
with:
context: .
file: ./docker/Dockerfile
push: true
sbom: true
provenance: mode=max
# platforms: linux/amd64
platforms: linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# For Docker scout there are some intermediary reported CVEs which exists outside
# of execution content or are unreachable by an attacker but exist in image.
# We create VEX files for these so they don't show in scout summary.
# - name: Collect known and verified CVE exceptions
# id: cve-list
# run: |
# # Collect CVEs from filenames in vex folder
# CVE_NAMES=""
# for file in ./docker/vex/*.vex.json; do
# [ -e "$file" ] || continue
# filename=$(basename "$file")
# stripped_filename=${filename%.vex.json}
# CVE_NAMES+=" $stripped_filename"
# done
# echo "CVE_EXCEPTIONS=$CVE_NAMES" >> $GITHUB_OUTPUT
# shell: bash
# About VEX attestations https://docs.docker.com/scout/explore/exceptions/
# Justifications https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md#status-justifications
# Fixed to use v1.15.1 of scout-cli as v1.16.0 install script is broken
# https://github.com/docker/scout-cli
# - name: Add VEX attestations
# env:
# CVE_EXCEPTIONS: ${{ steps.cve-list.outputs.CVE_EXCEPTIONS }}
# run: |
# echo $CVE_EXCEPTIONS
# curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
# for cve in $CVE_EXCEPTIONS; do
# for tag in "${{ join(fromJSON(steps.meta.outputs.json).tags, ' ') }}"; do
# echo "Attaching VEX exception $cve to $tag"
# docker scout attestation add \
# --file "./docker/vex/$cve.vex.json" \
# --predicate-type https://openvex.dev/ns/v0.2.0 \
# $tag
# done
# done
# shell: bash
Reference in New Issue View Git Blame Copy Permalink