fix: handle !expr YAML tags in MCP workflow loader #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: container-retag | |
| # Runs on pushes that DON'T trigger container-build (docs-only, scripts, etc.). | |
| # Copies the latest branch image manifest to a new tag matching the current | |
| # commit SHA, so get-container-tag.sh always resolves to a valid image. | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - initial-development | |
| paths-ignore: | |
| - "analysis/**" | |
| - "server/**" | |
| - ".github/workflows/container-build.yml" | |
| concurrency: | |
| group: container-retag-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| IMAGE_REPO: ${{ vars.IMAGE_REPO || 'quay.io/arcalot' }} | |
| jobs: | |
| retag: | |
| name: Retag container images for current commit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Find source tag and compute new tag | |
| id: tags | |
| run: | | |
| BRANCH="${{ github.ref_name }}" | |
| NEW_SHA="${GITHUB_SHA:0:7}" | |
| NEW_TAG="${BRANCH}-${NEW_SHA}" | |
| # Find the most recent commit that would have triggered a | |
| # container build (changed server/, analysis/, or the workflow) | |
| SOURCE_SHA=$(git log -1 --format='%h' -- \ | |
| server/ analysis/ .github/workflows/container-build.yml) | |
| if [ -z "${SOURCE_SHA}" ]; then | |
| echo "No prior container build commit found" | |
| echo "skip=true" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| SOURCE_TAG="${BRANCH}-${SOURCE_SHA}" | |
| if [ "${SOURCE_TAG}" = "${NEW_TAG}" ]; then | |
| echo "Tags match, nothing to retag" | |
| echo "skip=true" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| echo "source_tag=${SOURCE_TAG}" >> "$GITHUB_OUTPUT" | |
| echo "new_tag=${NEW_TAG}" >> "$GITHUB_OUTPUT" | |
| echo "skip=false" >> "$GITHUB_OUTPUT" | |
| echo "Retagging ${SOURCE_TAG} -> ${NEW_TAG}" | |
| - name: Install skopeo | |
| if: steps.tags.outputs.skip != 'true' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y --no-install-recommends skopeo | |
| - name: Login to Quay.io | |
| if: steps.tags.outputs.skip != 'true' | |
| env: | |
| QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} | |
| QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} | |
| run: | | |
| if [ -n "${QUAY_USERNAME}" ] && [ -n "${QUAY_PASSWORD}" ]; then | |
| skopeo login -u "$QUAY_USERNAME" --password "$QUAY_PASSWORD" quay.io | |
| else | |
| echo "::warning::QUAY credentials not found, skipping retag" | |
| exit 0 | |
| fi | |
| - name: Retag images | |
| if: steps.tags.outputs.skip != 'true' | |
| env: | |
| SOURCE: ${{ steps.tags.outputs.source_tag }} | |
| NEW: ${{ steps.tags.outputs.new_tag }} | |
| run: | | |
| for IMAGE in arcaflow-mcp-server arcaflow-mcp-analysis; do | |
| echo "Copying ${IMAGE}:${SOURCE} -> ${NEW}" | |
| skopeo copy --all \ | |
| "docker://${IMAGE_REPO}/${IMAGE}:${SOURCE}" \ | |
| "docker://${IMAGE_REPO}/${IMAGE}:${NEW}" || { | |
| echo "::warning::Failed to retag ${IMAGE}. Source tag ${SOURCE} may not exist yet." | |
| exit 1 | |
| } | |
| done |