mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-15 09:22:55 +00:00
41bb1e42b8
## Problem
For PRs, by default, we check out a phantom merge commit (merge a branch
into the main), but using a real branches head when finding `build-tools`
image tag.
## Summary of changes
- Change `COMMIT_SHA` to use `${{ github.sha }}` instead of `${{
github.event.pull_request.head.sha }}` for PRs
## Checklist before requesting a review
- [x] I have performed a self-review of my code.
- [ ] If it is a core feature, I have added thorough tests.
- [ ] Do we need to implement analytics? if so did you add the relevant
metrics to the dashboard?
- [ ] If this PR requires public announcement, mark it with
/release-notes label and add several sentences in this section.
## Checklist before merging
- [ ] Do not forget to reformat commit message to not include the above
checklist
61 lines
2.0 KiB
YAML
61 lines
2.0 KiB
YAML
name: Check build-tools image
|
|
|
|
on:
|
|
workflow_call:
|
|
outputs:
|
|
image-tag:
|
|
description: "build-tools image tag"
|
|
value: ${{ jobs.check-image.outputs.tag }}
|
|
found:
|
|
description: "Whether the image is found in the registry"
|
|
value: ${{ jobs.check-image.outputs.found }}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash -euo pipefail {0}
|
|
|
|
# No permission for GITHUB_TOKEN by default; the **minimal required** set of permissions should be granted in each job.
|
|
permissions: {}
|
|
|
|
jobs:
|
|
check-image:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
tag: ${{ steps.get-build-tools-tag.outputs.image-tag }}
|
|
found: ${{ steps.check-image.outputs.found }}
|
|
|
|
steps:
|
|
- name: Get build-tools image tag for the current commit
|
|
id: get-build-tools-tag
|
|
env:
|
|
# Usually, for COMMIT_SHA, we use `github.event.pull_request.head.sha || github.sha`, but here, even for PRs,
|
|
# we want to use `github.sha` i.e. point to a phantom merge commit to determine the image tag correctly.
|
|
COMMIT_SHA: ${{ github.sha }}
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
LAST_BUILD_TOOLS_SHA=$(
|
|
gh api \
|
|
-H "Accept: application/vnd.github+json" \
|
|
-H "X-GitHub-Api-Version: 2022-11-28" \
|
|
--method GET \
|
|
--field path=Dockerfile.build-tools \
|
|
--field sha=${COMMIT_SHA} \
|
|
--field per_page=1 \
|
|
--jq ".[0].sha" \
|
|
"/repos/${GITHUB_REPOSITORY}/commits"
|
|
)
|
|
echo "image-tag=${LAST_BUILD_TOOLS_SHA}" | tee -a $GITHUB_OUTPUT
|
|
|
|
- name: Check if such tag found in the registry
|
|
id: check-image
|
|
env:
|
|
IMAGE_TAG: ${{ steps.get-build-tools-tag.outputs.image-tag }}
|
|
run: |
|
|
if docker manifest inspect neondatabase/build-tools:${IMAGE_TAG}; then
|
|
found=true
|
|
else
|
|
found=false
|
|
fi
|
|
|
|
echo "found=${found}" | tee -a $GITHUB_OUTPUT
|