From 32d06b2fc1323d39cc236a362ee233b6e1ad5f58 Mon Sep 17 00:00:00 2001 From: nguu0123 Date: Sun, 10 Aug 2025 12:20:22 +0300 Subject: [PATCH 1/7] Add publish image gha --- .github/workflows/build-and-publish-image.yml | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 .github/workflows/build-and-publish-image.yml diff --git a/.github/workflows/build-and-publish-image.yml b/.github/workflows/build-and-publish-image.yml new file mode 100644 index 00000000..01698897 --- /dev/null +++ b/.github/workflows/build-and-publish-image.yml @@ -0,0 +1,85 @@ +name: Build and Publish Docker Image + +on: + push: + branches: + - main + tags: + - 'v*' + pull_request: + branches: + - main + workflow_dispatch: + inputs: + publish: + description: 'Publish to GHCR (only works on main branch)' + type: boolean + default: false + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + + - name: Set up Node.js + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version-file: '.nvmrc' + cache: 'npm' + + - name: Install dependencies + run: npm ci + + - name: Build packages + run: npm run build:packages + + - name: Prepare package artifacts + run: npm run prepare:package + + - name: Set up QEMU + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515a931808326393b # v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@6524bf65af31da8452434dd49aa1939b02787313 # v3 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha,prefix=sha-,format=short + + - name: Log in to the Container registry + if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) + uses: docker/login-action@7ca345011cfb79dc351929d8d35c81db0542375e # v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: ${{ github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') || github.event.inputs.publish == 'true') }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + CLI_VERSION_ARG=${{ github.sha }} \ No newline at end of file From 0f58b3fd3218546ffd0509c2fc7e7eb5ae081135 Mon Sep 17 00:00:00 2001 From: nguu0123 Date: Sun, 10 Aug 2025 12:24:18 +0300 Subject: [PATCH 2/7] fix qemu gha version --- .github/workflows/build-and-publish-image.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-publish-image.yml b/.github/workflows/build-and-publish-image.yml index 01698897..3f4bbc6d 100644 --- a/.github/workflows/build-and-publish-image.yml +++ b/.github/workflows/build-and-publish-image.yml @@ -47,10 +47,10 @@ jobs: run: npm run prepare:package - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515a931808326393b # v3 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8452434dd49aa1939b02787313 # v3 + uses: docker/setup-buildx-action@v3 - name: Extract metadata (tags, labels) for Docker id: meta @@ -82,4 +82,4 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | - CLI_VERSION_ARG=${{ github.sha }} \ No newline at end of file + CLI_VERSION_ARG=${{ github.sha }} From e221b077e52d29fbbdc6375cd9c507cfa83e0f87 Mon Sep 17 00:00:00 2001 From: nguu0123 Date: Sun, 10 Aug 2025 12:26:51 +0300 Subject: [PATCH 3/7] Fix gha version --- .github/workflows/build-and-publish-image.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-publish-image.yml b/.github/workflows/build-and-publish-image.yml index 3f4bbc6d..b5c6d7fb 100644 --- a/.github/workflows/build-and-publish-image.yml +++ b/.github/workflows/build-and-publish-image.yml @@ -54,7 +54,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 + uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -66,7 +66,7 @@ jobs: - name: Log in to the Container registry if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) - uses: docker/login-action@7ca345011cfb79dc351929d8d35c81db0542375e # v3 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -74,7 +74,7 @@ jobs: - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@v6 with: context: . platforms: linux/amd64,linux/arm64 From 5c949136432e91a90d2b565116d73fe498fcc262 Mon Sep 17 00:00:00 2001 From: nguu0123 Date: Sun, 10 Aug 2025 13:00:31 +0300 Subject: [PATCH 4/7] Refactor Dockerfile with multi-stage build for smaller image size --- Dockerfile | 55 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index a17dc7f3..378880c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,31 @@ +# Build stage +FROM docker.io/library/node:20-slim AS builder + +# Install build dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + python3 \ + make \ + g++ \ + git \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Set up npm global package folder +RUN mkdir -p /usr/local/share/npm-global +ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global +ENV PATH=$PATH:/usr/local/share/npm-global/bin + +# Copy source code +COPY . /home/node/app +WORKDIR /home/node/app + +# Install dependencies and build packages +RUN npm ci \ + && npm run build --workspaces \ + && npm pack -w @qwen-code/qwen-code --pack-destination ./packages/cli/dist \ + && npm pack -w @qwen-code/qwen-code-core --pack-destination ./packages/core/dist + +# Runtime stage FROM docker.io/library/node:20-slim ARG SANDBOX_NAME="qwen-code-sandbox" @@ -5,11 +33,9 @@ ARG CLI_VERSION_ARG ENV SANDBOX="$SANDBOX_NAME" ENV CLI_VERSION=$CLI_VERSION_ARG -# install minimal set of packages, then clean up +# Install runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ python3 \ - make \ - g++ \ man-db \ curl \ dnsutils \ @@ -29,22 +55,19 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# set up npm global package folder under /usr/local/share -# give it to non-root user node, already set up in base image -RUN mkdir -p /usr/local/share/npm-global \ - && chown -R node:node /usr/local/share/npm-global +# Set up npm global package folder +RUN mkdir -p /usr/local/share/npm-global ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global ENV PATH=$PATH:/usr/local/share/npm-global/bin -# switch to non-root user node -USER node +# Copy built packages from builder stage +COPY --from=builder /home/node/app/packages/cli/dist/*.tgz /tmp/ +COPY --from=builder /home/node/app/packages/core/dist/*.tgz /tmp/ -# install qwen-code and clean up -COPY packages/cli/dist/qwen-code-*.tgz /usr/local/share/npm-global/qwen-code.tgz -COPY packages/core/dist/qwen-code-qwen-code-core-*.tgz /usr/local/share/npm-global/qwen-code-core.tgz -RUN npm install -g /usr/local/share/npm-global/qwen-code.tgz /usr/local/share/npm-global/qwen-code-core.tgz \ +# Install built packages globally +RUN npm install -g /tmp/*.tgz \ && npm cache clean --force \ - && rm -f /usr/local/share/npm-global/qwen-{code,code-core}.tgz + && rm -rf /tmp/*.tgz -# default entrypoint when none specified -CMD ["qwen"] \ No newline at end of file +# Default entrypoint when none specified +CMD ["qwen"] From 1a581ed191fc58d0c558f940d5f365bd8cb10b69 Mon Sep 17 00:00:00 2001 From: nguu0123 Date: Sun, 10 Aug 2025 13:17:34 +0300 Subject: [PATCH 5/7] Limit docker image workflow to tags and manual triggers --- .github/workflows/build-and-publish-image.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/build-and-publish-image.yml b/.github/workflows/build-and-publish-image.yml index b5c6d7fb..e4241edd 100644 --- a/.github/workflows/build-and-publish-image.yml +++ b/.github/workflows/build-and-publish-image.yml @@ -2,13 +2,8 @@ name: Build and Publish Docker Image on: push: - branches: - - main tags: - 'v*' - pull_request: - branches: - - main workflow_dispatch: inputs: publish: From bfcb3e7f1de8524396e5404c2df7029ea3310253 Mon Sep 17 00:00:00 2001 From: nguu0123 Date: Sun, 10 Aug 2025 13:23:49 +0300 Subject: [PATCH 6/7] Remove redundant Node.js setup and build steps from Docker workflow --- .github/workflows/build-and-publish-image.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/.github/workflows/build-and-publish-image.yml b/.github/workflows/build-and-publish-image.yml index e4241edd..66e971c9 100644 --- a/.github/workflows/build-and-publish-image.yml +++ b/.github/workflows/build-and-publish-image.yml @@ -26,21 +26,6 @@ jobs: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version-file: '.nvmrc' - cache: 'npm' - - - name: Install dependencies - run: npm ci - - - name: Build packages - run: npm run build:packages - - - name: Prepare package artifacts - run: npm run prepare:package - - name: Set up QEMU uses: docker/setup-qemu-action@v3 From a37423bf7fb4ce380995a56c0b2b16ecc87bc665 Mon Sep 17 00:00:00 2001 From: nguu0123 Date: Sun, 10 Aug 2025 13:40:24 +0300 Subject: [PATCH 7/7] Update name of the workflow --- .github/workflows/build-and-publish-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-publish-image.yml b/.github/workflows/build-and-publish-image.yml index 66e971c9..e1869b83 100644 --- a/.github/workflows/build-and-publish-image.yml +++ b/.github/workflows/build-and-publish-image.yml @@ -16,7 +16,7 @@ env: IMAGE_NAME: ${{ github.repository }} jobs: - build-and-push: + build-and-push-to-ghcr: runs-on: ubuntu-latest permissions: contents: read