mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-16 09:52:54 +00:00
1d5e476c96
## Problem Currently, after updating `Dockerfile.build-tools` in a PR, it requires a manual action to make it `pinned`, i.e., the default for everyone. It also makes all opened PRs use such images (even created in the PR and without such changes). This PR overhauls the way we build and use `build-tools` image (and uses the image from Docker Hub). ## Summary of changes - The `neondatabase/build-tools` image gets tagged with the latest commit sha for the `Dockerfile.build-tools` file - Each PR calculates the tag for `neondatabase/build-tools`, tries to pull it, and rebuilds the image with such tag if it doesn't exist. - Use `neondatabase/build-tools` as a default image - When running on `main` branch — create a `pinned` tag and push it to ECR - Use `concurrency` to ensure we don't build `build-tools` image for the same commit in parallel from different PRs
59 lines
1.8 KiB
YAML
59 lines
1.8 KiB
YAML
name: Check build-tools image
|
|
|
|
on:
|
|
workflow_call:
|
|
outputs:
|
|
image-tag:
|
|
description: "build-tools image tag"
|
|
value: ${{ jobs.check-image.outputs.tag }}
|
|
found:
|
|
description: "Whether the image is found in the registry"
|
|
value: ${{ jobs.check-image.outputs.found }}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash -euo pipefail {0}
|
|
|
|
# No permission for GITHUB_TOKEN by default; the **minimal required** set of permissions should be granted in each job.
|
|
permissions: {}
|
|
|
|
jobs:
|
|
check-image:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
tag: ${{ steps.get-build-tools-tag.outputs.image-tag }}
|
|
found: ${{ steps.check-image.outputs.found }}
|
|
|
|
steps:
|
|
- name: Get build-tools image tag for the current commit
|
|
id: get-build-tools-tag
|
|
env:
|
|
COMMIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
LAST_BUILD_TOOLS_SHA=$(
|
|
gh api \
|
|
-H "Accept: application/vnd.github+json" \
|
|
-H "X-GitHub-Api-Version: 2022-11-28" \
|
|
--method GET \
|
|
--field path=Dockerfile.build-tools \
|
|
--field sha=${COMMIT_SHA} \
|
|
--field per_page=1 \
|
|
--jq ".[0].sha" \
|
|
"/repos/${GITHUB_REPOSITORY}/commits"
|
|
)
|
|
echo "image-tag=${LAST_BUILD_TOOLS_SHA}" | tee -a $GITHUB_OUTPUT
|
|
|
|
- name: Check if such tag found in the registry
|
|
id: check-image
|
|
env:
|
|
IMAGE_TAG: ${{ steps.get-build-tools-tag.outputs.image-tag }}
|
|
run: |
|
|
if docker manifest inspect neondatabase/build-tools:${IMAGE_TAG}; then
|
|
found=true
|
|
else
|
|
found=false
|
|
fi
|
|
|
|
echo "found=${found}" | tee -a $GITHUB_OUTPUT
|