Skip to content

feat(ci): rework to schedule daily runs after a cron#13126

Merged
talos-bot merged 1 commit into
siderolabs:mainfrom
frezbo:feat/ci-refactor
Apr 17, 2026
Merged

feat(ci): rework to schedule daily runs after a cron#13126
talos-bot merged 1 commit into
siderolabs:mainfrom
frezbo:feat/ci-refactor

Conversation

@frezbo
Copy link
Copy Markdown
Member

@frezbo frezbo commented Apr 15, 2026

This prevents us from building and pushing artifacts and replacing then for each run.

@github-project-automation github-project-automation Bot moved this to To Do in Planning Apr 15, 2026
@frezbo frezbo force-pushed the feat/ci-refactor branch 2 times, most recently from c8b1cbd to 75a4e57 Compare April 15, 2026 15:39
@frezbo frezbo force-pushed the feat/ci-refactor branch 2 times, most recently from b93a4d0 to 3c35078 Compare April 15, 2026 15:54
@frezbo frezbo marked this pull request as ready for review April 15, 2026 16:01
@talos-bot talos-bot moved this from To Do to In Review in Planning Apr 15, 2026
@frezbo frezbo force-pushed the feat/ci-refactor branch 2 times, most recently from 4f72ef6 to 3720fb1 Compare April 15, 2026 16:06
@smira smira requested a review from Copilot April 16, 2026 12:54
smira
smira approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@smira smira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤞

@github-project-automation github-project-automation Bot moved this from In Review to Approved in Planning Apr 16, 2026
Copilot AI reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Reworks the CI scheduling model so a single scheduled workflow (artifacts-cron) builds/pushes shared artifacts once per day, and the various integration workflows run afterward via workflow_run using those artifacts—reducing repeated builds and registry churn.

Changes:

  • Added an artifacts job (cron-only) that builds/pushes artifacts and uploads them as a GitHub Actions artifact.
  • Converted many integration workflows from independent schedule triggers to workflow_run triggers off artifacts-cron, updating artifact download to use the upstream run ID.
  • Added new AWS ARM64 integration coverage and updated Slack notification workflows to follow the new workflow names.

Reviewed changes

Copilot reviewed 52 out of 52 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
.kres.yaml Introduces artifacts cron job and switches integration jobs to onWorkflowRun from artifacts-cron; adds AWS ARM64 integration variants.
.github/workflows/artifacts-cron.yaml Scheduled workflow that generates and uploads talos-artifacts for downstream workflows.
.github/workflows/dispatch.yaml Regenerated workflow-dispatch entrypoint (header updated).
.github/workflows/grype-scan-cron.yaml Regenerated (header updated).
.github/workflows/slack-notify.yaml Updates workflow_run subscription list to new *-triggered workflow names and artifacts-cron.
.github/workflows/slack-notify-ci-failure.yaml Updates workflow_run subscription list to new *-triggered workflow names and artifacts-cron.
.github/workflows/integration-trusted-boot-triggered.yaml New workflow_run-triggered trusted-boot integration consuming talos-artifacts.
.github/workflows/integration-trusted-boot-enforcing-triggered.yaml Converts enforcing trusted-boot integration from cron to workflow_run.
.github/workflows/integration-trusted-boot-cron.yaml Removes old cron-based trusted-boot workflow.
.github/workflows/integration-qemu-triggered.yaml Converts qemu integration from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-qemu-enforcing-triggered.yaml Converts qemu enforcing integration from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-qemu-encrypted-vip-triggered.yaml Converts encrypted VIP integration from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-qemu-race-triggered.yaml Converts qemu race workflow from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-qemu-csi-rook-ceph-triggered.yaml Converts CSI rook/ceph integration from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-qemu-csi-openebs-triggered.yaml Converts CSI openebs integration from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-qemu-csi-longhorn-triggered.yaml Converts CSI longhorn integration from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-embedded-triggered.yaml Converts embedded integration from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-conformance-triggered.yaml New workflow_run-triggered conformance integration consuming talos-artifacts.
.github/workflows/integration-conformance-enforcing-triggered.yaml Converts conformance enforcing from cron to workflow_run and updates artifacts/log naming.
.github/workflows/integration-conformance-enforcing-cron.yaml Removes old cron-based conformance enforcing workflow.
.github/workflows/integration-provision-0-triggered.yaml New workflow_run-triggered provision track 0 integration consuming talos-artifacts.
.github/workflows/integration-provision-1-triggered.yaml Converts provision track 1 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-provision-2-triggered.yaml Converts provision track 2 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-provision-3-triggered.yaml Converts provision track 3 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-misc-0-triggered.yaml Converts misc track 0 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-misc-1-triggered.yaml Converts misc track 1 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-misc-1-enforcing-triggered.yaml Converts misc enforcing track 1 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-misc-2-triggered.yaml Converts misc track 2 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-misc-3-triggered.yaml Converts misc track 3 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-misc-3-enforcing-triggered.yaml Converts misc enforcing track 3 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-misc-4-triggered.yaml Converts misc track 4 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-misc-4-enforcing-triggered.yaml Converts misc enforcing track 4 from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-images-triggered.yaml New workflow_run-triggered images integration consuming talos-artifacts.
.github/workflows/integration-cloud-images-triggered.yaml Converts cloud-images workflow from cron to workflow_run and adds explicit secret masking + cloud-images step.
.github/workflows/integration-image-cache-triggered.yaml Converts image-cache workflow from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-image-factory-triggered.yaml Converts image-factory workflow from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-extensions-triggered.yaml Converts extensions workflow from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-cilium-triggered.yaml Converts cilium workflow from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-reproducibility-test-triggered.yaml Converts reproducibility test workflow from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-airgapped-triggered.yaml Converts airgapped workflow from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-gcp-triggered.yaml Converts gcp workflow from cron to workflow_run and downloads artifacts from upstream run.
.github/workflows/integration-aws-triggered.yaml New workflow_run-triggered AWS workflow that builds AWS images and runs TF-backed e2e.
.github/workflows/integration-aws-arm64-triggered.yaml Converts/introduces AWS ARM64 workflow_run-triggered variant with TARGET_ARCH=arm64.
.github/workflows/integration-aws-nvidia-oss-lts-triggered.yaml Converts nvidia oss lts workflow from cron to workflow_run and reorders to build extensions then AWS image.
.github/workflows/integration-aws-nvidia-oss-lts-arm64-triggered.yaml Converts nvidia oss lts arm64 workflow from cron to workflow_run and reorders to build extensions then AWS image.
.github/workflows/integration-aws-nvidia-oss-production-triggered.yaml Converts nvidia oss production workflow from cron to workflow_run and reorders to build extensions then AWS image.
.github/workflows/integration-aws-nvidia-oss-production-arm64-triggered.yaml Converts nvidia oss production arm64 workflow from cron to workflow_run and reorders to build extensions then AWS image.
.github/workflows/integration-aws-nvidia-nonfree-lts-triggered.yaml Converts nvidia nonfree lts workflow from cron to workflow_run and reorders to build extensions then AWS image.
.github/workflows/integration-aws-nvidia-nonfree-lts-arm64-triggered.yaml Converts nvidia nonfree lts arm64 workflow from cron to workflow_run and reorders to build extensions then AWS image.
.github/workflows/integration-aws-nvidia-nonfree-production-triggered.yaml Converts nvidia nonfree production workflow from cron to workflow_run and reorders to build extensions then AWS image.
.github/workflows/integration-aws-nvidia-nonfree-production-arm64-triggered.yaml Converts nvidia nonfree production arm64 workflow from cron to workflow_run and reorders to build extensions then AWS image.
Comments suppressed due to low confidence (4)

.github/workflows/artifacts-cron.yaml:3

  • The generated header includes kres ...-dirty, which indicates the workflows were generated from a working tree with uncommitted changes. That makes it hard to reproduce the exact generator output later. Regenerate from a clean tree (or adjust the generation process to avoid committing -dirty artifacts).
    .kres.yaml:723
  • integration-trusted-boot-enforcing is now triggered via onWorkflowRun, but secureboot-iso is still gated by only-on-schedule. In the generated workflow this maps to if: github.event_name == 'schedule', which will never be true for a workflow_run event, so the enforcing secureboot ISO won’t be produced. Remove the schedule-only condition (since artifacts-cron is already schedule-only) or update the condition logic to key off the upstream run (e.g., github.event.workflow_run.event).
    .kres.yaml:811
  • integration-provision-1 is now onWorkflowRun-triggered, but installer-enforcing is still only-on-schedule. That condition becomes permanently false under workflow_run, so the enforcing installer image won’t be built/pushed as part of this job. Either make this step unconditional (since upstream is schedule-only) or change the condition to reflect the upstream workflow’s event.
    .kres.yaml:1007
  • integration-misc-0 is now triggered via onWorkflowRun, but image-metal-uki is still marked only-on-schedule, which will never evaluate true for a workflow_run-triggered workflow. If this build is still required for e2e-uki-4k, make it unconditional or move it into artifacts-cron; otherwise remove the step to avoid dead config.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .kres.yaml
@frezbo frezbo force-pushed the feat/ci-refactor branch from 3720fb1 to 6c01d22 Compare April 16, 2026 18:01
@frezbo frezbo force-pushed the feat/ci-refactor branch 4 times, most recently from 9991bfe to 01ab78a Compare April 17, 2026 09:05
@frezbo
feat(ci): rework to schedule daily runs after a cron
5e3f301 
This prevents us from building and pushing artifacts and replacing then for each run.

Signed-off-by: Noel Georgi <git@frezbo.dev>
@frezbo frezbo force-pushed the feat/ci-refactor branch from 01ab78a to 5e3f301 Compare April 17, 2026 18:13
@frezbo
Copy link
Copy Markdown
Member Author

frezbo commented Apr 17, 2026

/m

@talos-bot talos-bot merged commit 5e3f301 into siderolabs:main Apr 17, 2026
64 checks passed
@github-project-automation github-project-automation Bot moved this from Approved to Done in Planning Apr 17, 2026
@frezbo frezbo deleted the feat/ci-refactor branch April 17, 2026 19:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@smira smira smira approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Planning
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@frezbo @smira @talos-bot