singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

ci: fall back to docker build (Nix-image OOMKills runner pod)
Some checks failed
sf self-deploy / build, test, and publish server image (push) Failing after 8m8s
Details
sf self-deploy / deploy test and probe (push) Has been skipped
Details
sf self-deploy / promote prod (push) Has been skipped
Details

Browse source 
`nix build .#sf-server-image` fans out into thousands of small npm
derivations whose concurrent working set OOMKills the runner pod at
6Gi and 16Gi. The plain `docker build` path runs the Dockerfile
multi-stage build inside a single container (bounded resource use)
and works on the existing runner via the mounted host docker socket.

Keeping the Nix derivation in flake.nix for future use when we have
a beefier builder; just not on the critical deploy path right now.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mikael Hugo 2026-05-18 04:20:14 +02:00
parent a1da453654
commit ddec9fd019
1 changed files with 17 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
.forgejo/workflows/self-deploy.yml
View file

@ -96,16 +96,25 @@ jobs:
"${SF_REGISTRY:-registry.infra.centralcloud.com}" \
--username "$SF_REGISTRY_USER" --password-stdin
- name: Build server image with Nix
# The pure-Nix sf-server-image build (`nix build .#sf-server-image`)
# OOMKills the runner pod even at 16Gi+ — node2nix fans out into
# thousands of small per-package derivations whose concurrent
# working set exceeds reasonable limits. Falling back to plain
# `docker build` via the host docker daemon (mounted via
# /var/run/docker.sock from vega). The Dockerfile multi-stage build
# runs npm ci + next build inside a single container, which is
# bounded and works on the existing 6Gi runner.
- name: Build server image
run: |
set -euo pipefail
image_stream="$(nix build --no-link --print-out-paths .#sf-server-image)"
loaded_image="$("$image_stream" | docker load | awk -F': ' '/Loaded image:/ { print $2 }')"
if [ -z "$loaded_image" ]; then
echo "docker load did not report a loaded image" >&2
exit 1
fi
docker tag "$loaded_image" "${{ steps.image.outputs.image }}"
docker build \
-f docker/Dockerfile.sf-server \
--build-arg "SF_GIT_SHA=${GITHUB_SHA:-$(git rev-parse HEAD)}" \
--build-arg "SF_GIT_REF=${GITHUB_REF_NAME:-$(git rev-parse --abbrev-ref HEAD)}" \
--build-arg "SF_RELEASE_IMAGE=${{ steps.image.outputs.image }}" \
--build-arg "SF_IMAGE_REPOSITORY=${SF_IMAGE_REPOSITORY:-${SF_REGISTRY:-registry.infra.centralcloud.com}/singularity/sf-server}" \
-t "${{ steps.image.outputs.image }}" \
.
- name: Push server image
if: env.SF_PUSH_IMAGE != '0'