From 8538d95ce59a022eda6a280b4619bd0fd875caf6 Mon Sep 17 00:00:00 2001 From: clsferguson <48876201+clsferguson@users.noreply.github.com> Date: Tue, 9 Sep 2025 22:27:46 -0600 Subject: [PATCH] Refactor CI workflow for GitHub-hosted runners Updated workflow to use GitHub-hosted runners and added cleanup steps for Docker images. --- .github/workflows/sync-build-release.yml | 165 ++++++++++++++++++----- 1 file changed, 134 insertions(+), 31 deletions(-) diff --git a/.github/workflows/sync-build-release.yml b/.github/workflows/sync-build-release.yml index 78665c8cb..50d437c22 100644 --- a/.github/workflows/sync-build-release.yml +++ b/.github/workflows/sync-build-release.yml @@ -3,15 +3,18 @@ on: schedule: - cron: '0 0 * * *' workflow_dispatch: + permissions: contents: write packages: write + env: IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/comfyui-docker jobs: check-upstream: - runs-on: [self-hosted, linux, x64, homelab] + name: Check Upstream Release + runs-on: ubuntu-latest outputs: new_version: ${{ steps.check_version.outputs.new_version }} steps: @@ -44,10 +47,12 @@ jobs: set -euxo pipefail rm -rf "${GITHUB_WORKSPACE:?}/"* "${GITHUB_WORKSPACE:?}/."[!.]* 2>/dev/null || true - sync-and-build: - runs-on: [self-hosted, linux, x64, homelab] + build-gh: + name: Build on GitHub Runner (primary) needs: check-upstream if: needs.check-upstream.outputs.new_version != 'none' + runs-on: ubuntu-latest + continue-on-error: true steps: - uses: actions/checkout@v4 with: @@ -81,7 +86,6 @@ jobs: with: cleanup: true - # Prepare a boolean we can safely branch on (secrets in if: can be tricky) - name: Check CR_PAT secret id: crpat shell: bash @@ -108,7 +112,15 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.CR_PAT }} - - name: Build and Push Docker Image + - name: Free disk space (best effort) + continue-on-error: true + run: | + sudo docker system prune -af || true + sudo rm -rf /usr/local/lib/android || true + sudo rm -rf /opt/ghc || true + sudo rm -rf /opt/hostedtoolcache/CodeQL || true + + - name: Build and Push (GH runner) uses: docker/build-push-action@v6 with: context: . @@ -118,41 +130,80 @@ jobs: ${{ env.IMAGE_NAME }}:${{ needs.check-upstream.outputs.new_version }} ${{ env.IMAGE_NAME }}:latest - - name: Create GitHub Release - uses: softprops/action-gh-release@v2 + build-self: + name: Build on Self-Hosted (fallback) + needs: [check-upstream, build-gh] + if: needs.check-upstream.outputs.new_version != 'none' && needs.build-gh.result != 'success' + runs-on: [self-hosted, linux, x64, homelab] + steps: + - uses: actions/checkout@v4 with: - token: ${{ secrets.GITHUB_TOKEN }} - tag_name: ${{ needs.check-upstream.outputs.new_version }} - name: Release ${{ needs.check-upstream.outputs.new_version }} - body: | - New version synced from upstream ComfyUI. - Docker image: docker pull ${{ env.IMAGE_NAME }}:${{ needs.check-upstream.outputs.new_version }} - draft: false - prerelease: false + fetch-depth: 0 + fetch-tags: true - # Choose a token that can delete package versions (CR_PAT preferred; falls back to GITHUB_TOKEN) - - name: Select package cleanup token - id: pkg_token + - name: Set Git Config + run: | + git config --global user.name "GitHub Actions" + git config --global user.email "actions@github.com" + + - name: Sync with Upstream (idempotent) + run: | + set -euo pipefail + URL=https://github.com/comfyanonymous/ComfyUI.git + if git remote get-url upstream >/dev/null 2>&1; then + git remote set-url upstream "$URL" + else + git remote add upstream "$URL" + fi + git fetch upstream + git checkout master + git merge --no-commit --no-ff upstream/master --allow-unrelated-histories || true + git checkout --ours README.md + git add README.md + git commit -m "Merge upstream/master, keep local README.md" || true + git push origin master + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + cleanup: true + + - name: Check CR_PAT secret + id: crpat shell: bash run: | - if [ "${{ steps.crpat.outputs.present }}" = "true" ]; then - echo "token=${{ secrets.CR_PAT }}" >> "$GITHUB_OUTPUT" + if [ -n "${{ secrets.CR_PAT }}" ]; then + echo "present=true" >> "$GITHUB_OUTPUT" else - echo "token=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_OUTPUT" + echo "present=false" >> "$GITHUB_OUTPUT" fi - # SAFER GHCR cleanup for multi-arch: delete truly untagged only, skip children of tagged images - - name: Prune untagged GHCR versions (multi-arch safe) - uses: dataaxiom/ghcr-cleanup-action@v1 + - name: Login to GHCR with GITHUB_TOKEN + if: ${{ steps.crpat.outputs.present == 'false' }} + uses: docker/login-action@v3 with: - token: ${{ steps.pkg_token.outputs.token }} - owner: ${{ github.repository_owner }} - repository: ${{ github.event.repository.name }} - package: comfyui-docker - delete-untagged: true - dry-run: false + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to GHCR with CR_PAT + if: ${{ steps.crpat.outputs.present == 'true' }} + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.CR_PAT }} + + - name: Build and Push (self-hosted) + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + push: true + tags: | + ${{ env.IMAGE_NAME }}:${{ needs.check-upstream.outputs.new_version }} + ${{ env.IMAGE_NAME }}:latest - # Extra cleanup: remove leftover BuildKit image pulled by docker-container driver - name: Remove BuildKit image (moby/buildkit) if: ${{ always() }} shell: bash @@ -167,3 +218,55 @@ jobs: docker buildx prune -af || true docker image prune -af --filter "until=168h" || true rm -rf "${GITHUB_WORKSPACE:?}/"* "${GITHUB_WORKSPACE:?}/."[!.]* 2>/dev/null || true + + publish: + name: Publish Release and Cleanup + needs: [check-upstream, build-gh, build-self] + if: | + needs.check-upstream.outputs.new_version != 'none' && + (needs.build-gh.result == 'success' || needs.build-self.result == 'success') + runs-on: ubuntu-latest + steps: + - name: Create GitHub Release + uses: softprops/action-gh-release@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + tag_name: ${{ needs.check-upstream.outputs.new_version }} + name: Release ${{ needs.check-upstream.outputs.new_version }} + body: | + New version synced from upstream ComfyUI. + Docker image: docker pull ${{ env.IMAGE_NAME }}:${{ needs.check-upstream.outputs.new_version }} + draft: false + prerelease: false + + - name: Select package cleanup token + id: pkg_token + shell: bash + run: | + if [ -n "${{ secrets.CR_PAT }}" ]; then + echo "token=${{ secrets.CR_PAT }}" >> "$GITHUB_OUTPUT" + else + echo "token=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_OUTPUT" + fi + + - name: Prune untagged GHCR versions (multi-arch safe) + uses: dataaxiom/ghcr-cleanup-action@v1 + with: + token: ${{ steps.pkg_token.outputs.token }} + owner: ${{ github.repository_owner }} + repository: ${{ github.event.repository.name }} + package: comfyui-docker + delete-untagged: true + dry-run: false + + finalize: + name: Finalize Outcome + needs: [check-upstream, build-gh, build-self, publish] + if: needs.check-upstream.outputs.new_version != 'none' + runs-on: ubuntu-latest + steps: + - name: Fail if no build path succeeded + if: ${{ !(needs.build-gh.result == 'success' || needs.build-self.result == 'success') }} + run: | + echo "Both GitHub-hosted and self-hosted builds failed." + exit 1