name: Validate # Lightweight validation on pushes to main. Builds single-arch (amd64), # runs the smoke test, and checks image size — without pushing anything # to Docker Hub. Tag pushes are handled by docker-publish-split.yml which # does the full multi-arch split-base build-and-push. on: push: branches: - main paths-ignore: - 'CHANGELOG.md' - 'README.md' - 'DOCKER_HUB.md' - 'deploy/**' - '.gitleaks.toml' pull_request: branches: - main jobs: docs-check: # Fails if DOCKER_HUB.md is out of sync with what generate-dockerhub-md.py # would produce from README.md. Keeps the two docs from drifting. runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Check DOCKER_HUB.md is in sync with README.md run: | python3 scripts/generate-dockerhub-md.py --check validate-base: runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Force IPv4 for Docker Hub run: | echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf # The runner's overlay disk starts ~70% full. `load: true` peak disk # is tarball + unpacked image + buildx cache, which tips it over # once the image crosses ~3 GB. Strip catthehacker-resident # toolchains we never use and any stale docker state up front. - name: Reclaim runner disk run: | set -x df -h / || true rm -rf \ /opt/hostedtoolcache \ /opt/microsoft \ /opt/az \ /opt/ghc \ /usr/local/.ghcup \ /usr/share/dotnet \ /usr/share/swift \ /usr/local/lib/android \ /usr/local/share/powershell \ /usr/local/share/chromium \ /usr/local/share/boost \ /usr/lib/jvm 2>/dev/null || true apt-get clean || true rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* || true docker system df || true docker system prune -af --volumes || true docker builder prune -af || true df -h / || true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 with: driver-opts: network=host - name: Build base image (amd64, load to local daemon) uses: docker/build-push-action@v7 with: context: . platforms: linux/amd64 push: false load: true tags: opencode-devbox:ci-base - name: Smoke test run: | bash scripts/smoke-test.sh opencode-devbox:ci-base --variant base validate-omos: runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Force IPv4 for Docker Hub run: | echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf - name: Reclaim runner disk run: | set -x df -h / || true rm -rf \ /opt/hostedtoolcache \ /opt/microsoft \ /opt/az \ /opt/ghc \ /usr/local/.ghcup \ /usr/share/dotnet \ /usr/share/swift \ /usr/local/lib/android \ /usr/local/share/powershell \ /usr/local/share/chromium \ /usr/local/share/boost \ /usr/lib/jvm 2>/dev/null || true apt-get clean || true rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* || true docker system df || true docker system prune -af --volumes || true docker builder prune -af || true df -h / || true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 with: driver-opts: network=host - name: Build omos image (amd64, load to local daemon) uses: docker/build-push-action@v7 with: context: . platforms: linux/amd64 push: false load: true build-args: | INSTALL_OMOS=true tags: opencode-devbox:ci-omos - name: Smoke test run: | bash scripts/smoke-test.sh opencode-devbox:ci-omos --variant omos validate-with-pi: runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Force IPv4 for Docker Hub run: | echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf - name: Reclaim runner disk run: | set -x df -h / || true rm -rf \ /opt/hostedtoolcache \ /opt/microsoft \ /opt/az \ /opt/ghc \ /usr/local/.ghcup \ /usr/share/dotnet \ /usr/share/swift \ /usr/local/lib/android \ /usr/local/share/powershell \ /usr/local/share/chromium \ /usr/local/share/boost \ /usr/lib/jvm 2>/dev/null || true apt-get clean || true rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* || true docker system df || true docker system prune -af --volumes || true docker builder prune -af || true df -h / || true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 with: driver-opts: network=host - name: Build with-pi image (amd64, load to local daemon) uses: docker/build-push-action@v7 with: context: . platforms: linux/amd64 push: false load: true build-args: | INSTALL_PI=true tags: opencode-devbox:ci-with-pi - name: Smoke test run: | bash scripts/smoke-test.sh opencode-devbox:ci-with-pi --variant with-pi validate-omos-with-pi: runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Force IPv4 for Docker Hub run: | echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf - name: Reclaim runner disk run: | set -x df -h / || true rm -rf \ /opt/hostedtoolcache \ /opt/microsoft \ /opt/az \ /opt/ghc \ /usr/local/.ghcup \ /usr/share/dotnet \ /usr/share/swift \ /usr/local/lib/android \ /usr/local/share/powershell \ /usr/local/share/chromium \ /usr/local/share/boost \ /usr/lib/jvm 2>/dev/null || true apt-get clean || true rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* || true docker system df || true docker system prune -af --volumes || true docker builder prune -af || true df -h / || true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 with: driver-opts: network=host - name: Build omos+with-pi image (amd64, load to local daemon) uses: docker/build-push-action@v7 with: context: . platforms: linux/amd64 push: false load: true build-args: | INSTALL_OMOS=true INSTALL_PI=true tags: opencode-devbox:ci-omos-with-pi - name: Smoke test run: | bash scripts/smoke-test.sh opencode-devbox:ci-omos-with-pi --variant omos-with-pi