Skip to content

fix(CI): ensure we get a SHA for a container, or fail out if we do not [MERGEOK]#37184

Merged
arnej27959 merged 2 commits into
masterfrom
marlon/fix/preview-container
Jun 11, 2026
Merged

fix(CI): ensure we get a SHA for a container, or fail out if we do not [MERGEOK]#37184
arnej27959 merged 2 commits into
masterfrom
marlon/fix/preview-container

Conversation

@esolitos

@esolitos esolitos commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

What

  • Catch the situation where a SHA is NOT returned by crane.

Why

  • Return code is not consistent and the script would progress eitherway. Now we fail out early.

I confirm that this contribution is made under the terms of the license found in the root directory of this repository's source tree and that I have the authority necessary to make this contribution on behalf of its copyright owner.

@esolitos esolitos requested review from arnej27959 and Copilot June 11, 2026 13:04
@esolitos esolitos changed the title fix(CI): ensure we get a SHA for a container, or fail out if we do not fix(CI): ensure we get a SHA for a container, or fail out if we do not [MERGEOK] Jun 11, 2026
Copilot AI reviewed Jun 11, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the Buildkite container publish step by validating that crane digest actually returns an image digest before proceeding to signing/metadata, avoiding silent progression when the digest output is empty.

Changes:

  • Add an explicit post-crane digest guard for the Vespa preview container publish/sign step.
  • Align the system-test container digest guard with the same early-fail behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .buildkite/publish-container.sh Outdated
Comment thread .buildkite/publish-container.sh Outdated
@esolitos
chore: cleaner bash checks
297c664 
The empty-string check uses a non-idiomatic ${IMAGE_SHA256}na trick, which is harder to read/maintain than Bash’s built-in -z test. Using [[ -z ... ]] is clearer.

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@esolitos esolitos added the reviewer can merge Indicates that the reviewer can merge after approval. label Jun 11, 2026
@arnej27959 arnej27959 merged commit 3522b76 into master Jun 11, 2026
5 checks passed
@arnej27959 arnej27959 deleted the marlon/fix/preview-container branch June 11, 2026 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@arnej27959 arnej27959 arnej27959 approved these changes

Assignees

No one assigned

Labels

reviewer can merge Indicates that the reviewer can merge after approval.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@esolitos @arnej27959