TrueCloudLab/frostfs-s3-gw
18
3
Fork 20
Code Issues 29 Pull requests 7 Projects Releases 23 Packages 1 Activity Actions

[#587] Build OCI images for release tags #588

Merged
alexvanin merged 1 commit from potyarkin/frostfs-s3-gw:feature/ci-build-oci-image into master 2024-12-25 12:29:32 +00:00
Conversation 1 Commits 1 Files changed 1 +27
1 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
.forgejo/workflows/oci-image.yml Normal file
View file

@ -0,0 +1,27 @@
on:
pull_request:
push:
workflow_dispatch:
alexvanin commented 2024-12-24 08:15:36 +00:00
Review
Copy link

Am I right that this job is going to be triggered on every push / pr merge, however it will build image only when commit contains release tag according to condition?

startsWith(github.ref, 'refs/tags/v')
Am I right that this job is going to be triggered on every push / pr merge, however it will build image only when commit contains release tag according to condition? ``` startsWith(github.ref, 'refs/tags/v') ```
potyarkin commented 2024-12-25 07:43:52 +00:00
Review
Copy link

No, the job will build the image (make image) for each push/PR but will publish the image (make image-push) only for release tags. This is somewhat wasteful: we will build a lot of images we don't need, and I welcome suggestions on how to reduce that waste.

Disabling image builds for everything except release tags can (and probably will) backfire: we may push a release tag and find out that our image build pipeline is broken only after the fact. A clean manual workaround would not be possible: modified build recipes would make our repo tree diverge from the tagged version, and pushing such image under the release tag would not be fair.

The workflow suggested in this PR would exercise image build pipeline often and we would notice its failure long before pushing a new release. The only step not covered would be image-push: in case of job failure a manual push would not dirty the worktree and would not introduce any misinformation to the published artifact.

No, the job will build the image (`make image`) for each push/PR but will publish the image (`make image-push`) only for release tags. This is somewhat wasteful: we will build a lot of images we don't need, and I welcome suggestions on how to reduce that waste. Disabling image builds for everything except release tags can (and probably will) backfire: we may push a release tag and find out that our image build pipeline is broken only after the fact. A clean manual workaround would not be possible: modified build recipes would make our repo tree diverge from the tagged version, and pushing such image under the release tag would not be fair. The workflow suggested in this PR would exercise image build pipeline often and we would notice its failure long before pushing a new release. The only step not covered would be `image-push`: in case of job failure a manual push would not dirty the worktree and would not introduce any misinformation to the published artifact.
👍 1
jobs:
image:
name: OCI image
runs-on: docker
container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
steps:
- name: Clone git repo
uses: actions/checkout@v3
- name: Build OCI image
run: make image
- name: Push image to OCI registry
run: |
echo "$REGISTRY_PASSWORD" \
| docker login --username truecloudlab --password-stdin git.frostfs.info
make image-push
if: >-
startsWith(github.ref, 'refs/tags/v') &&
(github.event_name == 'workflow_dispatch' || github.event_name == 'push')
env:
REGISTRY_PASSWORD: ${{secrets.FORGEJO_OCI_REGISTRY_PUSH_TOKEN}}