Add workflow_dispatch to the pipelines to set Docker image tag (suffix)#50
Add workflow_dispatch to the pipelines to set Docker image tag (suffix)#50
Conversation
| workflow_dispatch: | ||
| inputs: | ||
| tag: | ||
| description: "Tag suffix to give the Docker images (e.g. v1.2.3)." |
There was a problem hiding this comment.
How to verify we're not pushing the same tag again (completely defeating reproducible builds)?
There was a problem hiding this comment.
Good point. I'll add an extra step that performs the check in a bit.
There was a problem hiding this comment.
What if we make use of git tags for this purpose ?
Although they are not guaranteed to never change, it is something that is rarely done and typically for a very good reason.
There was a problem hiding this comment.
I think we've come back full circle then based on our offline conversation. I don't mind using Git tags as Docker tags, as that would simplify the pipelines (can use on: push: tags), so either way works for me.
In the meantime, I added a step that checks if the image exists via docker manifest inspect.
| tags: | | ||
| type=raw,value=${{ matrix.os.compiler_name }}-${{ matrix.os.compiler_version }} | ||
| type=raw,value=${{ matrix.os.compiler_name }}-${{ matrix.os.compiler_version }}-${{ env.CONTAINER_TAG }} | ||
| type=sha,prefix=${{ matrix.os.compiler_name }}-${{ matrix.os.compiler_version }}-sha- |
There was a problem hiding this comment.
@Bronek I did not add the tag here, but am not sufficiently familiar with this action. Should the tag be added here too?
There was a problem hiding this comment.
no, type=sha has its own behaviour https://github.com/docker/metadata-action/blob/master/README.md#typesha . Only type=raw is meant for arbitrary tag names. https://github.com/docker/metadata-action/blob/master/README.md#typeraw
|
After offline discussion, we'll use the images as-is, as they already have the shortened Git commit hash, e.g. |
3 participants
To ensure reproducible builds and no surprises, we should be able to set the Docker image tags for the images we build and push.
This PR adds the
workflow_dispatchto each of the four CI pipelines with a "tag" as input value. The workflow will then use that value as the Docker image tag suffix (for the distro images, which currently get the compiler name and version as tag) or as the image tag itself (for the tools image, which currently gets "latest" as tag).Thus, before this change, e.g.:
debian-bookworm:gcc-15tools-rippled:latestAfter this change, e.g.
debian-bookworm:gcc-15-latest(when merging a PR) anddebian-bookworm:gcc-15-v1.2.3(when using workflow dispatch)tools-rippled:latest(when merging a PR) andtools-rippled:v1.2.3(when using workflow dispatch)