mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-25 00:51:20 +00:00
18140199c3
Add QEMU cross-compilation and multi-arch manifest support so Apple Silicon (M1/M2/M3) and other ARM-based systems get native images. - Add docker/setup-qemu-action for arm64 emulation on amd64 runners - Smoke test stays amd64-only (load:true can't export multi-arch) - Both push steps (main + release) now build linux/amd64,linux/arm64 - Bump timeout 30->60min for QEMU cross-compilation overhead - Add permissions: contents: read (least-privilege hardening) Salvaged from PR #3998 by Mibayy. Also addresses #5005 and #3913. Co-authored-by: Mibayy <Mibayy@users.noreply.github.com>
91 lines
2.7 KiB
YAML
91 lines
2.7 KiB
YAML
name: Docker Build and Publish
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
release:
|
|
types: [published]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: docker-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
build-and-push:
|
|
# Only run on the upstream repository, not on forks
|
|
if: github.repository == 'NousResearch/hermes-agent'
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
# Build amd64 only so we can `load` the image for smoke testing.
|
|
# `load: true` cannot export a multi-arch manifest to the local daemon.
|
|
# The multi-arch build follows on push to main / release.
|
|
- name: Build image (amd64, smoke test)
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: Dockerfile
|
|
load: true
|
|
platforms: linux/amd64
|
|
tags: nousresearch/hermes-agent:test
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
- name: Test image starts
|
|
run: |
|
|
docker run --rm \
|
|
-v /tmp/hermes-test:/opt/data \
|
|
--entrypoint /opt/hermes/docker/entrypoint.sh \
|
|
nousresearch/hermes-agent:test --help
|
|
|
|
- name: Log in to Docker Hub
|
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'release'
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Push multi-arch image (main branch)
|
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: Dockerfile
|
|
push: true
|
|
platforms: linux/amd64,linux/arm64
|
|
tags: |
|
|
nousresearch/hermes-agent:latest
|
|
nousresearch/hermes-agent:${{ github.sha }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
- name: Push multi-arch image (release)
|
|
if: github.event_name == 'release'
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: Dockerfile
|
|
push: true
|
|
platforms: linux/amd64,linux/arm64
|
|
tags: |
|
|
nousresearch/hermes-agent:latest
|
|
nousresearch/hermes-agent:${{ github.event.release.tag_name }}
|
|
nousresearch/hermes-agent:${{ github.sha }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|