apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-05-21 18:55:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

chore: update GitHub Actions workflows and Dockerfile to use latest action versions and improve build targets

Browse source
This commit is contained in:
Anish Sarkar 2026-05-11 03:52:22 +05:30
parent 5344fa47e6
commit f091182b94
2 changed files with 20 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

27
.github/workflows/docker-build.yml vendored
View file

@ -31,7 +31,7 @@ jobs:
new_tag: ${{ steps.tag_version.outputs.next_version }} new_tag: ${{ steps.tag_version.outputs.next_version }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ github.event.inputs.branch }} ref: ${{ github.event.inputs.branch }}
@ -108,16 +108,18 @@ jobs:
name: surfsense-backend name: surfsense-backend
context: ./surfsense_backend context: ./surfsense_backend
file: ./surfsense_backend/Dockerfile file: ./surfsense_backend/Dockerfile
target: production
- image: web - image: web
name: surfsense-web name: surfsense-web
context: ./surfsense_web context: ./surfsense_web
file: ./surfsense_web/Dockerfile file: ./surfsense_web/Dockerfile
target: runner
env: env:
REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }} REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v6
- name: Set lowercase image name - name: Set lowercase image name
id: image id: image
@ -125,19 +127,19 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v6
with: with:
images: ${{ steps.image.outputs.name }} images: ${{ steps.image.outputs.name }}
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 uses: docker/login-action@v4
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v4
- name: Free up disk space - name: Free up disk space
run: | run: |
@ -149,10 +151,11 @@ jobs:
- name: Build and push by digest ${{ matrix.name }} (${{ matrix.suffix }}) - name: Build and push by digest ${{ matrix.name }} (${{ matrix.suffix }})
id: build id: build
uses: docker/build-push-action@v6 uses: docker/build-push-action@v7
with: with:
context: ${{ matrix.context }} context: ${{ matrix.context }}
file: ${{ matrix.file }} file: ${{ matrix.file }}
target: ${{ matrix.target }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
tags: ${{ steps.image.outputs.name }} tags: ${{ steps.image.outputs.name }}
outputs: type=image,push-by-digest=true,name-canonical=true,push=true outputs: type=image,push-by-digest=true,name-canonical=true,push=true
@ -174,7 +177,7 @@ jobs:
touch "/tmp/digests/${digest#sha256:}" touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest - name: Upload digest
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v7
with: with:
name: digests-${{ matrix.image }}-${{ matrix.suffix }} name: digests-${{ matrix.image }}-${{ matrix.suffix }}
path: /tmp/digests/* path: /tmp/digests/*
@ -205,22 +208,22 @@ jobs:
run: echo "name=${REGISTRY_IMAGE,,}" >> $GITHUB_OUTPUT run: echo "name=${REGISTRY_IMAGE,,}" >> $GITHUB_OUTPUT
- name: Download amd64 digest - name: Download amd64 digest
uses: actions/download-artifact@v4 uses: actions/download-artifact@v8
with: with:
name: digests-${{ matrix.image }}-amd64 name: digests-${{ matrix.image }}-amd64
path: /tmp/digests path: /tmp/digests
- name: Download arm64 digest - name: Download arm64 digest
uses: actions/download-artifact@v4 uses: actions/download-artifact@v8
with: with:
name: digests-${{ matrix.image }}-arm64 name: digests-${{ matrix.image }}-arm64
path: /tmp/digests path: /tmp/digests
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v4
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 uses: docker/login-action@v4
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
@ -239,7 +242,7 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v6
with: with:
images: ${{ steps.image.outputs.name }} images: ${{ steps.image.outputs.name }}
tags: | tags: |

19
surfsense_backend/Dockerfile
View file

@ -1,16 +1,9 @@
# ============================================================================= # =============================================================================
# SurfSense Backend — Multi-stage Dockerfile # SurfSense Backend — Multi-stage Dockerfile
# ============================================================================= # =============================================================================
# Stages: # Graph: base → deps → models → {e2e, production}
# base — system deps + Pandoc 3.x # e2e — tests/ via additional_contexts (docker-compose.e2e.yml)
# deps — Python deps frozen from uv.lock (no dev deps) # production — published ghcr.io image (docker-build.yml pins target)
# models — pre-baked offline assets (EasyOCR, Docling, Playwright)
# e2e — adds tests/ via additional_contexts, swaps entrypoint
# production — production runtime (LAST stage = default `docker build` target)
#
# IMPORTANT: `production` MUST remain the last stage. .github/workflows/docker-build.yml
# builds without `target:` and BuildKit defaults to the last stage. Reordering will
# silently break ghcr.io/modsetter/surfsense-backend.
# ============================================================================= # =============================================================================
# ─── Stage 1: base (system deps, Pandoc, certificates) ────────────────────── # ─── Stage 1: base (system deps, Pandoc, certificates) ──────────────────────
@ -143,10 +136,8 @@ EXPOSE 8000-8001
CMD ["/app/scripts/docker/entrypoint.e2e.sh"] CMD ["/app/scripts/docker/entrypoint.e2e.sh"]
# ─── Stage 5: production (LAST stage — default `docker build` target) ─────── # ─── Stage 5: production (published ghcr.io image) ──────────────────────────
# Behavior is byte-identical to the previous single-stage Dockerfile. # CI pins `target: production`; also the default for `docker build` / dev compose.
# .github/workflows/docker-build.yml builds without `target:` and BuildKit
# defaults to the last stage, so this MUST stay last.
FROM models AS production FROM models AS production
# Copy source code (tests/ excluded by .dockerignore — production never ships tests). # Copy source code (tests/ excluded by .dockerignore — production never ships tests).