aibrix icon indicating copy to clipboard operation
aibrix copied to clipboard
verified publisher icon vllm-project

[CICD] Release docker images on GHCR

Open gaocegege opened this issue 10 months ago • 1 comments

🚀 Feature Description and Motivation

Since Docker Hub has pull limits, switching to using GitHub Container Registry might be better for releasing our images. It could save us some hassle and keep things running smoothly.

Use Case

N/A

Proposed Solution

No response

gaocegege avatar Feb 24 '25 06:02 gaocegege

Agree. it used to have GHCR build https://github.com/vllm-project/aibrix/blob/fcc08964982c59cb9e3d4a9acb6634c9ab7741f8/.github/workflows/docker-push-images.yml#L39-L46

After we transferred the repo, it doesn't have package write permission. We can resolve this issue either adopting previous orgs or ask vLLM maintainers to grant the permission here.

Jeffwan avatar Feb 24 '25 21:02 Jeffwan

Option 1: We can ask vLLM repo's write:package permission, but the trick thing is it doesn't have namespace to use. for example, the controller-manager image becomes ghcr.io/vllm-project/controller-manager:v0.3.0 instead of ghcr.io/vllm-project/aibrix/controller-manager:v0.3.0. We may need to rewrite the name to ghcr.io/vllm-project/aibrix-controller-manager:v0.3.0

Option 2. Keep using github.com/aibrix as the container registry. We need to create a github token and inject into current aibrix project. Besides that, we need to make sure Allow GitHub Actions to publish and install packages in aibrix org. Current code is the secrets.GITHUB_TOKEN which is a generated token from vllm-project/aibrix repo. Instead, we need to change to secrets.AIBRIX_GITHUB_TOKEN and do not use default one.

https://github.com/vllm-project/aibrix/blob/50804288b6bb2f96794cc5aaa0284f13121f14d5/.github/workflows/docker-push-images.yml#L25-L30

I personally prefer 2nd option which is easy and controllable within aibrix contributors.

Jeffwan avatar May 01 '25 17:05 Jeffwan

Image

Need to change the scope here.

Image

Jeffwan avatar May 02 '25 00:05 Jeffwan

Seems there's no easy way to grant the access. I will create a personal access token just with write:packages permission and use it as AIBRIX_ORG_PACKAGE_UPDATE_GITHUB_TOKEN

scope:

  • write:packages
  • read:packages
  • repo

Jeffwan avatar May 02 '25 00:05 Jeffwan

Image

classic token has been disabled.

The trick thing is

Image ref:

  • https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry#authenticating-to-github-packages
  • https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#personal-access-tokens-classic

Jeffwan avatar May 02 '25 20:05 Jeffwan

then we have to re-enable classic tokens

Image

Image

Jeffwan avatar May 02 '25 20:05 Jeffwan

Image

Update: Image

Jeffwan avatar May 02 '25 21:05 Jeffwan

https://github.com/vllm-project/aibrix/actions/runs/14801263519/job/41567850682 job pass and we can close this story.

Jeffwan avatar May 02 '25 21:05 Jeffwan