ci: adapt build for Gitea registry, drop ghcr.io dependency

- Login to git.wylab.me instead of ghcr.io - Use Gitea-hosted llama.cpp-rocm base image instead of ghcr.io - Rewrite fetch_llama_tag to use anonymous OCI registry API - Add LS_UPSTREAM for release binary fetches on forks - Add REGISTRY and BASE_TAG overrides for self-hosted builds - Only build rocm platform Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 19:39:57 +02:00
parent a9d840ffd7
commit 980a4e6baa
2 changed files with 66 additions and 107 deletions
@@ -1,12 +1,6 @@
 name: Build Containers

 on:
-  # time has no specific meaning, trying to time it after
-  # the llama.cpp daily packages are published
-  # https://github.com/ggml-org/llama.cpp/blob/master/.github/workflows/docker.yml
-  schedule:
-    - cron: "37 5 * * *"
-
  # Allows manual triggering of the workflow
  workflow_dispatch:

@@ -17,57 +11,24 @@ on:
      - 'docker/build-container.sh'
      - 'docker/*.Containerfile'

-# grant permissions on GITHUB_TOKEN to publish packages
-# ref: https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#publishing-a-package-using-an-action
-permissions:
-  contents: read
-  packages: write
-  id-token: write
-
 jobs:
  build-and-push:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        platform: [intel, cuda, cuda13, vulkan, cpu, musa, rocm]
+        platform: [rocm]
      fail-fast: false
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

-      - name: Free up disk space
-        if: matrix.platform == 'rocm'
+      - name: Log in to Gitea Container Registry
        run: |
-          echo "Before cleanup:"
-          df -h
-          sudo rm -rf /usr/share/dotnet
-          sudo rm -rf /usr/local/lib/android
-          sudo rm -rf /opt/ghc
-          sudo rm -rf /opt/hostedtoolcache/CodeQL
-          sudo docker system prune -af
-          echo "After cleanup:"
-          df -h
-
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          echo "${{ secrets.GITEA_TOKEN || github.token }}" | docker login git.wylab.me -u ${{ github.actor }} --password-stdin

      - name: Run build-container
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: ./docker/build-container.sh ${{ matrix.platform }} ${{ github.event_name != 'push' }}
-
-  # note make sure mostlygeek/llama-swap has admin rights to the llama-swap package
-  # see: https://github.com/actions/delete-package-versions/issues/74
-  delete-untagged-containers:
-    needs: build-and-push
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/delete-package-versions@v5
-        with:
-          package-name: 'llama-swap'
-          package-type: 'container'
-          delete-only-untagged-versions: 'true'
+          REGISTRY: git.wylab.me
+          BASE_LLAMACPP_IMAGE: git.wylab.me/wylab/llama.cpp-rocm
+          BASE_TAG: server-rocm
+        run: ./docker/build-container.sh ${{ matrix.platform }} true
@@ -35,100 +35,98 @@ if [[ ! " ${ALLOWED_ARCHS[@]} " =~ " ${ARCH} " ]]; then
  exit 1
 fi

-# Check if GITHUB_TOKEN is set and not empty
-if [[ -z "${GITHUB_TOKEN:-}" ]]; then
-  log_info "Error: GITHUB_TOKEN is not set or is empty."
-  exit 1
-fi
-
 # Set llama.cpp base image, customizable using the BASE_LLAMACPP_IMAGE environment
 # variable, this permits testing with forked llama.cpp repositories
-BASE_IMAGE=${BASE_LLAMACPP_IMAGE:-ghcr.io/ggml-org/llama.cpp}
+BASE_IMAGE=${BASE_LLAMACPP_IMAGE:-git.wylab.me/wylab/llama.cpp-rocm}
 SD_IMAGE=${BASE_SDCPP_IMAGE:-ghcr.io/leejet/stable-diffusion.cpp}

 # Set llama-swap repository, automatically uses GITHUB_REPOSITORY variable
 # to enable easy container builds on forked repos
 LS_REPO=${GITHUB_REPOSITORY:-mostlygeek/llama-swap}

+# Upstream repo for fetching release binaries (always mostlygeek, even on forks)
+LS_UPSTREAM=${LS_UPSTREAM:-mostlygeek/llama-swap}
+
 # the most recent llama-swap tag
 # have to strip out the 'v' due to .tar.gz file naming
-LS_VER=$(curl -s https://api.github.com/repos/${LS_REPO}/releases/latest | jq -r .tag_name | sed 's/v//')
+LS_VER=$(curl -s https://api.github.com/repos/${LS_UPSTREAM}/releases/latest | jq -r .tag_name | sed 's/v//')

 # Fetches the most recent llama.cpp tag matching the given prefix
-# Handles pagination to search beyond the first 100 results
+# Uses the OCI registry API (anonymous, no GITHUB_TOKEN needed)
 # $1 - tag_prefix (e.g., "server" or "server-vulkan")
 # Returns: the version number extracted from the tag
 fetch_llama_tag() {
    local tag_prefix=$1
-    local page=1
-    local per_page=100

+    # Get anonymous bearer token for ghcr.io
+    local token=$(curl -s "https://ghcr.io/token?scope=repository:ggml-org/llama.cpp:pull" | jq -r .token)
+    if [ -z "$token" ] || [ "$token" = "null" ]; then
+        log_info "Failed to get ghcr.io anonymous token"
+        return 1
+    fi
+
+    # Paginate through OCI tag list
+    local all_tags=""
+    local last=""
    while true; do
-        log_debug "Fetching page $page for tag prefix: $tag_prefix"
+        local url="https://ghcr.io/v2/ggml-org/llama.cpp/tags/list?n=1000"
+        if [ -n "$last" ]; then url="${url}&last=${last}"; fi

-        local response=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" \
-            "https://api.github.com/users/ggml-org/packages/container/llama.cpp/versions?per_page=${per_page}&page=${page}")
+        local batch=$(curl -s -H "Authorization: Bearer $token" "$url" | jq -r '.tags[]' 2>/dev/null)
+        if [ -z "$batch" ]; then break; fi

-        # Check for API errors
-        if echo "$response" | jq -e '.message' > /dev/null 2>&1; then
-            local error_msg=$(echo "$response" | jq -r '.message')
-            log_info "GitHub API error: $error_msg"
-            return 1
-        fi
-
-        # Check if response is empty array (no more pages)
-        if [ "$(echo "$response" | jq 'length')" -eq 0 ]; then
-            log_debug "No more pages (empty response)"
-            return 1
-        fi
-
-        # Extract matching tag from this page
-        local found_tag=$(echo "$response" | jq -r \
-            ".[] | select(.metadata.container.tags[]? | startswith(\"$tag_prefix\")) | .metadata.container.tags[] | select(startswith(\"$tag_prefix\"))" \
-            | sort -r | head -n1)
-
-        if [ -n "$found_tag" ]; then
-            log_debug "Found tag: $found_tag on page $page"
-            echo "$found_tag" | awk -F '-' '{print $NF}'
-            return 0
-        fi
-
-        page=$((page + 1))
-
-        # Safety limit to prevent infinite loops
-        if [ $page -gt 50 ]; then
-            log_info "Reached pagination safety limit (50 pages)"
-            return 1
-        fi
+        all_tags="${all_tags}${batch}"$'\n'
+        last=$(echo "$batch" | tail -1)
+        local count=$(echo "$batch" | wc -l)
+        if [ "$count" -lt 1000 ]; then break; fi
    done
+
+    # Find the latest tag matching the prefix
+    local found_tag=$(echo "$all_tags" | grep "^${tag_prefix}-" | sort -V | tail -1)
+    if [ -n "$found_tag" ]; then
+        log_debug "Found tag: $found_tag"
+        echo "$found_tag" | awk -F '-' '{print $NF}'
+        return 0
+    fi
+
+    log_info "No tag found matching prefix: $tag_prefix"
+    return 1
 }

-if [ "$ARCH" == "cpu" ]; then
-    LCPP_TAG=$(fetch_llama_tag "server")
-    BASE_TAG=server-${LCPP_TAG}
+# BASE_TAG can be overridden to skip tag discovery (e.g. BASE_TAG=server-rocm)
+if [[ -z "${BASE_TAG:-}" ]]; then
+    if [ "$ARCH" == "cpu" ]; then
+        LCPP_TAG=$(fetch_llama_tag "server")
+        BASE_TAG=server-${LCPP_TAG}
+    else
+        LCPP_TAG=$(fetch_llama_tag "server-${ARCH}")
+        BASE_TAG=server-${ARCH}-${LCPP_TAG}
+    fi
+
+    # Abort if LCPP_TAG is empty.
+    if [[ -z "$LCPP_TAG" ]]; then
+        log_info "Abort: Could not find llama-server container for arch: $ARCH"
+        exit 1
+    fi
+    log_info "LCPP_TAG: $LCPP_TAG"
 else
-    LCPP_TAG=$(fetch_llama_tag "server-${ARCH}")
-    BASE_TAG=server-${ARCH}-${LCPP_TAG}
+    LCPP_TAG=${BASE_TAG##*-}
+    log_info "Using override BASE_TAG: $BASE_TAG (LCPP_TAG: $LCPP_TAG)"
 fi

 SD_TAG=master-${ARCH}

-# Abort if LCPP_TAG is empty.
-if [[ -z "$LCPP_TAG" ]]; then
-    log_info "Abort: Could not find llama-server container for arch: $ARCH"
-    exit 1
-else
-    log_info "LCPP_TAG: $LCPP_TAG"
-fi
-
 if [[ ! -z "$DEBUG_ABORT_BUILD" ]]; then
    log_info "Abort: DEBUG_ABORT_BUILD set"
    exit 0
 fi

+# Registry defaults to ghcr.io, can be overridden via REGISTRY env var
+REGISTRY=${REGISTRY:-ghcr.io}
+
 for CONTAINER_TYPE in non-root root; do
-  CONTAINER_TAG="ghcr.io/${LS_REPO}:v${LS_VER}-${ARCH}-${LCPP_TAG}"
-  CONTAINER_LATEST="ghcr.io/${LS_REPO}:${ARCH}"
+  CONTAINER_TAG="${REGISTRY}/${LS_REPO}:v${LS_VER}-${ARCH}-${LCPP_TAG}"
+  CONTAINER_LATEST="${REGISTRY}/${LS_REPO}:${ARCH}"
  USER_UID=0
  USER_GID=0
  USER_HOME=/root
@@ -143,7 +141,7 @@ for CONTAINER_TYPE in non-root root; do

  log_info "Building $CONTAINER_TYPE $CONTAINER_TAG $LS_VER"
  docker build --provenance=false -f llama-swap.Containerfile --build-arg BASE_TAG=${BASE_TAG} --build-arg LS_VER=${LS_VER} --build-arg UID=${USER_UID} \
-    --build-arg LS_REPO=${LS_REPO} --build-arg GID=${USER_GID} --build-arg USER_HOME=${USER_HOME} -t ${CONTAINER_TAG} -t ${CONTAINER_LATEST} \
+    --build-arg LS_REPO=${LS_UPSTREAM} --build-arg GID=${USER_GID} --build-arg USER_HOME=${USER_HOME} -t ${CONTAINER_TAG} -t ${CONTAINER_LATEST} \
    --build-arg BASE_IMAGE=${BASE_IMAGE} .

  # For architectures with stable-diffusion.cpp support, layer sd-server on top