Merge pull request #70 from LockedThread/feat/speedup-cicd

Feat/speedup cicd

Author: LockedThread

.github/workflows/build-and-validate.yaml

@@ -4,6 +4,10 @@ on:
   pull_request:
     branches: [main, development]
 
+env:
+  REGISTRY: ghcr.io
+  PYTHON_BASE_IMAGE_NAME: ${{ github.repository }}/python-base
+
 jobs:
   build-and-validate:
     strategy:
@@ -12,20 +16,41 @@ jobs:
         include:
           - platform: linux/amd64
             runner: ubuntu-latest
+            arch: amd64
           - platform: linux/arm64
             runner: ubuntu-24.04-arm
+            arch: arm64
     runs-on: ${{ matrix.runner }}
     permissions:
       contents: read
+      packages: read
     steps:
       - name: Checkout
         uses: actions/checkout@v6
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get Python version from Dockerfile
+        id: python
+        run: |
+          VERSION=$(grep -oP 'ARG PYTHON_VERSION=\K[0-9.]+' Dockerfile.python-base)
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+
       - name: Build image (${{ matrix.platform }})
-        run: docker build --platform ${{ matrix.platform }} -t gtsam_docker:latest .
+        run: |
+          LOWER_IMAGE_NAME=$(echo "${{ env.PYTHON_BASE_IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]')
+          docker build \
+            --platform ${{ matrix.platform }} \
+            --build-arg PYTHON_BASE_IMAGE=${{ env.REGISTRY }}/${LOWER_IMAGE_NAME}:${{ steps.python.outputs.version }}-trixie-${{ matrix.arch }} \
+            -t gtsam_docker:latest .
 
       - name: Validate image (PlanarSLAM example)
         run: |

.github/workflows/build-python-base.yaml

@@ -0,0 +1,117 @@
+name: Build Python Base Image
+
+on:
+  workflow_dispatch:
+    inputs:
+      python_version:
+        description: "Python version to build"
+        required: true
+        default: "3.11.2"
+  push:
+    paths:
+      - "Dockerfile.python-base"
+    branches:
+      - main
+      - development
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}/python-base
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        platform: ["linux/amd64", "linux/arm64"]
+    runs-on: ${{ matrix.platform == 'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set Python version
+        id: python
+        run: |
+          # Use input if provided, otherwise extract from Dockerfile.python-base
+          if [ -n "${{ inputs.python_version }}" ]; then
+            echo "version=${{ inputs.python_version }}" >> $GITHUB_OUTPUT
+          else
+            VERSION=$(grep -oP 'ARG PYTHON_VERSION=\K[0-9.]+' Dockerfile.python-base)
+            echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ steps.python.outputs.version }}-trixie-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
+
+      - name: Build and push Python base image for ${{ matrix.platform }}
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile.python-base
+          push: true
+          provenance: false
+          platforms: ${{ matrix.platform }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            PYTHON_VERSION=${{ steps.python.outputs.version }}
+
+  manifest:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set Python version
+        id: python
+        run: |
+          if [ -n "${{ inputs.python_version }}" ]; then
+            echo "version=${{ inputs.python_version }}" >> $GITHUB_OUTPUT
+          else
+            VERSION=$(grep -oP 'ARG PYTHON_VERSION=\K[0-9.]+' Dockerfile.python-base)
+            echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create multi-arch manifest
+        run: |
+          LOWER_IMAGE_NAME=$(echo "${IMAGE_NAME}" | tr '[:upper:]' '[:lower:]')
+          PYTHON_VERSION="${{ steps.python.outputs.version }}"
+          
+          docker manifest create $REGISTRY/${LOWER_IMAGE_NAME}:${PYTHON_VERSION}-trixie \
+            $REGISTRY/${LOWER_IMAGE_NAME}:${PYTHON_VERSION}-trixie-amd64 \
+            $REGISTRY/${LOWER_IMAGE_NAME}:${PYTHON_VERSION}-trixie-arm64
+          docker manifest push $REGISTRY/${LOWER_IMAGE_NAME}:${PYTHON_VERSION}-trixie
+          
+          # Also tag as latest
+          docker manifest create $REGISTRY/${LOWER_IMAGE_NAME}:latest \
+            $REGISTRY/${LOWER_IMAGE_NAME}:${PYTHON_VERSION}-trixie-amd64 \
+            $REGISTRY/${LOWER_IMAGE_NAME}:${PYTHON_VERSION}-trixie-arm64
+          docker manifest push $REGISTRY/${LOWER_IMAGE_NAME}:latest

.github/workflows/release.yaml

@@ -16,12 +16,17 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
+  PYTHON_BASE_IMAGE_NAME: ${{ github.repository }}/python-base
 
 jobs:
   build:
     strategy:
       matrix:
-        platform: [ "linux/amd64", "linux/arm64" ]
+        include:
+          - platform: linux/amd64
+            arch: amd64
+          - platform: linux/arm64
+            arch: arm64
     # Use GitHub-hosted runner for amd64; arm64 uses partner runner (ensure ubuntu-24.04-arm is enabled for the repo/org)
     runs-on: ${{ matrix.platform == 'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
     permissions:
@@ -42,15 +47,23 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Get Python version and base image
+        id: python
+        run: |
+          VERSION=$(grep -oP 'ARG PYTHON_VERSION=\K[0-9.]+' Dockerfile.python-base)
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          LOWER_BASE_IMAGE=$(echo "${{ env.PYTHON_BASE_IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]')
+          echo "base_image=${LOWER_BASE_IMAGE}" >> $GITHUB_OUTPUT
+
       # Use docker/metadata-action to generate tags with an architecture suffix
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=raw,value=latest-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
-            type=raw,value=${{ inputs.version }}-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
+            type=raw,value=latest-${{ matrix.arch }}
+            type=raw,value=${{ inputs.version }}-${{ matrix.arch }}
 
       - name: Build and push Docker image for ${{ matrix.platform }}
         uses: docker/build-push-action@v6
@@ -61,6 +74,8 @@ jobs:
           platforms: ${{ matrix.platform }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            PYTHON_BASE_IMAGE=${{ env.REGISTRY }}/${{ steps.python.outputs.base_image }}:${{ steps.python.outputs.version }}-trixie-${{ matrix.arch }}
 
   validate:
     needs: build

Dockerfile

@@ -1,26 +1,16 @@
 # Default build produces the "runtime" stage (slim). Use --target gtsam for a dev image with build tools and shell.
-FROM debian:trixie-20260112 AS dependencies
-ARG PYTHON_VERSION=3.11.2
+# Pre-built Python base image (build once with Dockerfile.python-base, push to registry)
+# To build locally without registry: docker build -f Dockerfile.python-base -t python-optimized:3.11.2-trixie .
+ARG PYTHON_BASE_IMAGE=python-optimized:3.11.2-trixie
+FROM ${PYTHON_BASE_IMAGE} AS dependencies
 
 # Disable GUI prompts
 ENV DEBIAN_FRONTEND=noninteractive
 
-# Install required build dependencies (single update for better layer caching)
+# Install GTSAM build dependencies (Python already installed in base image)
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    ca-certificates \
-    build-essential \
-    wget \
-    libssl-dev \
-    libbz2-dev \
-    libreadline-dev \
-    libsqlite3-dev \
-    libffi-dev \
-    zlib1g-dev \
-    libncursesw5-dev \
-    tk-dev \
-    libgdbm-dev \
-    liblzma-dev \
     apt-utils \
+    build-essential \
     libboost-all-dev \
     cmake \
     libtbb-dev \
@@ -36,22 +26,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 # Set working directory
 WORKDIR /usr/src
 
-# Install Python with --enable-shared
-RUN wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz && \
-    tar xvf Python-${PYTHON_VERSION}.tgz && \
-    cd Python-${PYTHON_VERSION} && \
-    ./configure --enable-optimizations --with-lto --enable-shared && \
-    make -j$(nproc) && \
-    make install && \
-    cd .. && \
-    rm -rf Python-${PYTHON_VERSION} Python-${PYTHON_VERSION}.tgz && \
-    ldconfig
-
-# Ensure /usr/local/bin is in the PATH
-ENV PATH="/usr/local/bin:${PATH}"
-
-RUN python3 -m pip install --no-cache-dir --upgrade pip
-
 # Use git to clone gtsam and specific GTSAM version 
 FROM alpine/git:2.52.0 AS gtsam-clone
 

Dockerfile.python-base

@@ -0,0 +1,42 @@
+# Pre-built optimized Python base image for GTSAM builds.
+# Build and push once per Python version:
+#   docker build -f Dockerfile.python-base -t ghcr.io/yourorg/python-optimized:3.11.2-trixie .
+#   docker push ghcr.io/yourorg/python-optimized:3.11.2-trixie
+FROM debian:trixie-20260112
+ARG PYTHON_VERSION=3.11.2
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install Python build dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    build-essential \
+    wget \
+    libssl-dev \
+    libbz2-dev \
+    libreadline-dev \
+    libsqlite3-dev \
+    libffi-dev \
+    zlib1g-dev \
+    libncursesw5-dev \
+    tk-dev \
+    libgdbm-dev \
+    liblzma-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /usr/src
+
+# Build Python with PGO and LTO optimizations (takes ~15 min but only done once)
+RUN wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz && \
+    tar xvf Python-${PYTHON_VERSION}.tgz && \
+    cd Python-${PYTHON_VERSION} && \
+    ./configure --enable-optimizations --with-lto --enable-shared && \
+    make -j$(nproc) && \
+    make install && \
+    cd .. && \
+    rm -rf Python-${PYTHON_VERSION} Python-${PYTHON_VERSION}.tgz && \
+    ldconfig
+
+ENV PATH="/usr/local/bin:${PATH}"
+
+RUN python3 -m pip install --no-cache-dir --upgrade pip