diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 2b8811eaa..5fcc3a042 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -121,7 +121,7 @@ jobs: with: context: . file: Dockerfile.unified - target: builder + target: local_builder platforms: ${{ matrix.platform.os }} push: true tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/builder:${{ needs.matrix.outputs.tag }}-${{ matrix.platform.arch }} @@ -168,9 +168,6 @@ jobs: build-args: | BUILDER_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/builder:${{ needs.matrix.outputs.tag }}-${{ matrix.platform.arch }} outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true - cache-from: | - type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/builder:${{ needs.matrix.outputs.tag }}-${{ matrix.platform.arch }} - type=gha,scope=builder-${{ matrix.platform.arch }} - name: Export digest run: | diff --git a/.github/workflows/build-operator.yml b/.github/workflows/build-operator.yml index b95926c09..832482785 100644 --- a/.github/workflows/build-operator.yml +++ b/.github/workflows/build-operator.yml @@ -107,7 +107,7 @@ jobs: with: context: . file: Dockerfile.unified - target: builder + target: local_builder platforms: ${{ matrix.platform.os }} # Always push builder — it's an internal image needed by build-agents. # dry_run only gates the final agent image push + manifest creation. @@ -154,10 +154,7 @@ jobs: BUILDER_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/builder:${{ needs.resolve-tag.outputs.chart_version }}-${{ matrix.platform.arch }} outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=${{ inputs.dry_run != true }} no-cache: ${{ inputs.no_cache == true }} - cache-from: | - type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/builder:${{ needs.resolve-tag.outputs.chart_version }}-${{ matrix.platform.arch }} - ${{ inputs.no_cache != true && format('type=gha,scope=unified-builder-{0}', matrix.platform.arch) || '' }} - ${{ inputs.no_cache != true && format('type=gha,scope=unified-agent-{0}-{1}', matrix.agent, matrix.platform.arch) || '' }} + cache-from: ${{ inputs.no_cache != true && format('type=gha,scope=unified-agent-{0}-{1}', matrix.agent, matrix.platform.arch) || '' }} cache-to: ${{ inputs.no_cache != true && format('type=gha,scope=unified-agent-{0}-{1},mode=max', matrix.agent, matrix.platform.arch) || '' }} - name: Export digest diff --git a/.github/workflows/docker-smoke-test-unified.yml b/.github/workflows/docker-smoke-test-unified.yml index 8bd3c0975..87924a23f 100644 --- a/.github/workflows/docker-smoke-test-unified.yml +++ b/.github/workflows/docker-smoke-test-unified.yml @@ -30,7 +30,7 @@ jobs: with: context: . file: Dockerfile.unified - target: builder + target: local_builder load: true tags: openab-builder:local cache-to: type=gha,scope=unified-smoke-builder,mode=max diff --git a/Dockerfile.unified b/Dockerfile.unified index 4c6102cd0..588057761 100644 --- a/Dockerfile.unified +++ b/Dockerfile.unified @@ -1,14 +1,23 @@ # Dockerfile.unified — Single multi-target Dockerfile for all OpenAB agent variants. # Usage: docker build --target -t ghcr.io/openabdev/openab:- . # -# The shared builder compiles the openab binary once (unified mode, superset). -# Each agent target is a thin runtime layer that installs only the agent CLI. +# Architecture: +# local_builder — compiles the openab binary (only runs locally or in build-core CI job) +# builder — alias that resolves to local_builder (default) or a prebuilt registry +# image (when BUILDER_IMAGE is overridden in CI). BuildKit prunes +# local_builder when it's not needed. +# — thin runtime layer that installs only the agent CLI + copies binary +# from builder stage. + +# Global ARG — must be declared before first FROM for use in FROM instructions +ARG BUILDER_IMAGE=local_builder # ============================================================================= -# Stage: builder — compile openab binary (unified mode) +# Stage: local_builder — compile openab binary (unified mode) +# Only executed during build-core or local dev. When BUILDER_IMAGE is overridden +# (CI build-agents), BuildKit prunes this stage entirely via dependency analysis. # ============================================================================= -ARG BUILDER_IMAGE=rust:1-bookworm -FROM ${BUILDER_IMAGE} AS builder +FROM rust:1-bookworm AS local_builder WORKDIR /build COPY Cargo.toml Cargo.lock ./ COPY crates/openab-core/Cargo.toml crates/openab-core/Cargo.toml @@ -30,6 +39,14 @@ RUN cd openab-agent && printf '\n[workspace]\n' >> Cargo.toml && cargo build --r COPY agy-acp/ agy-acp/ RUN cd agy-acp && printf '\n[workspace]\n' >> Cargo.toml && cargo build --release +# ============================================================================= +# Stage: builder — resolves to either local_builder or prebuilt registry image +# ============================================================================= +FROM ${BUILDER_IMAGE} AS builder +RUN test -x /build/target/release/openab \ + && test -x /build/openab-agent/target/release/openab-agent \ + && test -x /build/agy-acp/target/release/agy-acp + # ============================================================================= # Stage: base-debian — shared runtime base for debian-based agents # =============================================================================