This repository was archived by the owner on Jun 14, 2026. It is now read-only.
Fix pr.yml docker_build/e2e skipped-dependency cascade #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build | |
| # `:buildcache` is the shared baseline refreshed on every `push: main`. | |
| # `:buildcache-pr-N` is per-PR and seeds repeat pushes to the same PR. | |
| on: | |
| workflow_call: | |
| workflow_dispatch: | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - 'apps/api/**' | |
| - 'apps/embedding_service/**' | |
| - 'apps/so_tag_sync/**' | |
| - 'apps/web/**' | |
| - 'apps/landing/**' | |
| - 'packages/**' | |
| - 'integrations/**' | |
| - 'Cargo.toml' | |
| - 'Cargo.lock' | |
| - 'package.json' | |
| - 'bun.lock' | |
| - 'bunfig.toml' | |
| - 'turbo.json' | |
| - 'apps/*/Dockerfile' | |
| - 'infra/docker/**' | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| docker_build: | |
| name: Docker Build | |
| concurrency: | |
| group: docker-build-${{ github.event_name }}-${{ matrix.image }}-${{ github.event.pull_request.number || github.ref_name }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| runs-on: ubuntu-24.04-arm | |
| timeout-minutes: 20 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - image: api | |
| dockerfile: apps/api/Dockerfile | |
| - image: embedding_service | |
| dockerfile: apps/embedding_service/Dockerfile | |
| - image: landing | |
| dockerfile: apps/landing/Dockerfile | |
| - image: web | |
| dockerfile: apps/web/Dockerfile | |
| - image: migrations | |
| dockerfile: infra/docker/diesel/Dockerfile | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| # GHCR paths must be lowercase. `WRITE_REGISTRY` gates both `push:` and | |
| # `cache-to`: true for same-repo PRs, `push: main`, and `workflow_dispatch`. | |
| - name: Export lowercase repo path and write gate | |
| shell: bash | |
| env: | |
| IS_SAME_REPO_PR: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository }} | |
| IS_PUSH_OR_DISPATCH: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main') }} | |
| run: | | |
| { | |
| echo "REPO=${GITHUB_REPOSITORY,,}" | |
| if [[ "${IS_SAME_REPO_PR}" == "true" || "${IS_PUSH_OR_DISPATCH}" == "true" ]]; then | |
| echo "WRITE_REGISTRY=true" | |
| else | |
| echo "WRITE_REGISTRY=false" | |
| fi | |
| } >> "$GITHUB_ENV" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract image metadata | |
| id: meta | |
| uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 | |
| with: | |
| images: ghcr.io/${{ env.REPO }}/${{ matrix.image }} | |
| tags: | | |
| type=ref,event=pr | |
| type=ref,event=branch | |
| # Same-repo PRs, push: main, and manual dispatches publish to GHCR. | |
| # Fork PRs build but cannot push (no write access via `GITHUB_TOKEN`). | |
| - name: Build and push | |
| uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 | |
| with: | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| platforms: linux/arm64 | |
| push: ${{ env.WRITE_REGISTRY == 'true' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: | | |
| type=registry,ref=ghcr.io/${{ env.REPO }}/${{ matrix.image }}:buildcache | |
| ${{ github.event_name == 'pull_request' && format('type=registry,ref=ghcr.io/{0}/{1}:buildcache-pr-{2}', env.REPO, matrix.image, github.event.pull_request.number) || '' }} | |
| cache-to: ${{ env.WRITE_REGISTRY == 'true' && (github.event_name == 'pull_request' && format('type=registry,ref=ghcr.io/{0}/{1}:buildcache-pr-{2},mode=max', env.REPO, matrix.image, github.event.pull_request.number) || format('type=registry,ref=ghcr.io/{0}/{1}:buildcache,mode=max', env.REPO, matrix.image)) || '' }} |