Updates the hash-secrets logic (#73)

roshkhatri · web-flow · commit 67d289a96cf0 · 2025-11-25T13:29:50.000-08:00
Signed-off-by: Roshan Khatri &lt;rvkhatri@amazon.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,25 +6,22 @@ on:
     branches:
       - mainline
     paths:
-      - '**/Dockerfile'
+      - "**/Dockerfile"
   workflow_dispatch:
 
 env:
   IS_PULL: ${{ github.event_name == 'pull_request' }}
-  HAS_SECRETS: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' && secrets.DOCKERHUB_ACCOUNT != '' && secrets.DOCKERHUB_REPOSITORY != '' }}
 
 defaults:
   run:
-    shell: 'bash -Eeuo pipefail -x {0}'
+    shell: "bash -Eeuo pipefail -x {0}"
 
 jobs:
-
   generate-jobs:
     name: Generate Jobs
     runs-on: ubuntu-latest
     outputs:
       strategy: ${{ steps.generate-jobs.outputs.strategy }}
-      has-secrets: ${{ steps.generate-jobs.outputs.has-secrets }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -49,11 +46,12 @@ jobs:
           fi
 
           echo "strategy=$(jq -c . <<<"$strategy")" >> "$GITHUB_OUTPUT"
-          echo "has-secrets=${{ env.HAS_SECRETS }}" >> "$GITHUB_OUTPUT"
           jq . <<<"$strategy" # debugging aid to visually inspect the generated matrix
   # Job to build and push Docker images individually for each architecture/platform
   build_and_push:
     needs: [generate-jobs]
+    env:
+      HAS_SECRETS: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' && secrets.DOCKERHUB_ACCOUNT != '' && secrets.DOCKERHUB_REPOSITORY != '' }}
     strategy:
       fail-fast: false # continue other jobs even if one job fails
       matrix:
@@ -133,7 +131,7 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           pull: true
-      
+
       - name: Prepare Environment
         run: ${{ matrix.version.runs.prepare }}
 
@@ -149,37 +147,37 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.8'
+          python-version: "3.8"
 
-      # Core + Module Integration Tests 
+      # Core + Module Integration Tests
       - name: All Core + Module Tests
         run: |
           matrix_version="${{ matrix.version.name }}"
           bundle_version=$(echo "$matrix_version" | cut -d'.' -f1-2)
-          
+
           ./.test/tests/valkey-integration-tests/run.sh "${{ env.DOCKER_REPO_NAME }}" "$bundle_version"
-          
+
       # Export digest to a file to reference it later in merging manifests
       - name: Export digest
         id: export-digest
         run: |
           mkdir -p ${{ runner.temp }}/digests
           digest="${{ steps.build.outputs.digest }}"
           touch "${{ runner.temp }}/digests/${digest#sha256:}"
-          
+
           version="${{ matrix.version.name }}"
           major_minor=$(echo "$version" | cut -d'.' -f1-2)
-          
+
           directory="${{ matrix.version.meta.entries[0].directory }}"
           if [[ "$directory" == *"alpine"* ]]; then
             distro="alpine"
           else
             distro="debian"
           fi
-          
+
           echo "linux_distro=$distro" >> "$GITHUB_OUTPUT"
           echo "version_major_minor=$major_minor" >> "$GITHUB_OUTPUT"
-    
+
       - name: Upload digest for version-distro combination
         uses: actions/upload-artifact@v4
         with:
@@ -192,6 +190,10 @@ jobs:
   merge-manifest:
     runs-on: ubuntu-latest
     needs: [generate-jobs, build_and_push]
+    env:
+      HAS_SECRETS: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' && secrets.DOCKERHUB_ACCOUNT != '' && secrets.DOCKERHUB_REPOSITORY != '' }}
+    outputs:
+      has-secrets: ${{ steps.output-has-secrets.outputs.has-secrets }}
     steps:
       - name: Set DOCKER_REPO_NAME dynamically
         run: |
@@ -201,6 +203,10 @@ jobs:
             echo "DOCKER_REPO_NAME=${{ secrets.DOCKERHUB_ACCOUNT }}/valkey-bundle" >> $GITHUB_ENV
           fi
 
+      - name: Output if User has set secrets
+        id: output-has-secrets
+        run: echo "has-secrets=${{ env.HAS_SECRETS }}" >> "$GITHUB_OUTPUT"
+
       - name: Download All Digests
         uses: actions/download-artifact@v4
         with:
@@ -286,11 +292,11 @@ jobs:
           done
 
   update-dockerhub-description:
-    if: github.event_name == 'push' && github.ref == 'refs/heads/mainline' && needs.generate-jobs.outputs.has-secrets == 'true'
+    if: github.event_name == 'push' && github.ref == 'refs/heads/mainline' && needs.merge-manifest.outputs.has-secrets == 'true'
     needs: [merge-manifest, generate-jobs]
     name: Update DockerHub Description
     uses: ./.github/workflows/update-dockerhub-docs.yml
     secrets:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-      DOCKERHUB_REPOSITORY: ${{ secrets.DOCKERHUB_REPOSITORY }}
+      DOCKERHUB_REPOSITORY: ${{ secrets.DOCKERHUB_REPOSITORY }}
diff --git a/.github/workflows/update-dockerhub-docs.yml b/.github/workflows/update-dockerhub-docs.yml
@@ -11,6 +11,9 @@ on:
       DOCKERHUB_REPOSITORY:
         required: true
 
+env:
+  HAS_SECRETS: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' && secrets.DOCKERHUB_REPOSITORY != '' }}
+
 jobs:
   update-dockerhub:
     name: Update Dockerhub description
@@ -20,6 +23,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Docker Hub Description
+        if: ${{ env.HAS_SECRETS }}
         uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
