diff --git a/.gitea/workflows/cicd.yml b/.gitea/workflows/cicd.yml index 4352ba0..6de2bd6 100644 --- a/.gitea/workflows/cicd.yml +++ b/.gitea/workflows/cicd.yml @@ -47,6 +47,11 @@ jobs: run: | echo "=== Checking if CICD Base Image Needs Rebuilding ===" + # Always compute hash first so downstream steps have a valid tag. + BASE_HASH=$(sha256sum Dockerfile.cicd-base | cut -d' ' -f1 | head -c16) + echo "Base Dockerfile hash: ${BASE_HASH}" + echo "base_hash=${BASE_HASH}" >> $GITHUB_OUTPUT + # Login to registry to check for existing image if echo "${PACKAGE_ACCESS_TOKEN}" | docker login dogar.darkhelm.org -u "${REGISTRY_USER}" --password-stdin; then echo "✓ Successfully logged into registry" @@ -56,11 +61,6 @@ jobs: exit 0 fi - # Calculate hash of base Dockerfile for cache key - BASE_HASH=$(sha256sum Dockerfile.cicd-base | cut -d' ' -f1 | head -c16) - echo "Base Dockerfile hash: ${BASE_HASH}" - echo "base_hash=${BASE_HASH}" >> $GITHUB_OUTPUT - # Try to pull existing base image with this hash (with timeout handling) echo "Attempting to pull base image with hash: ${BASE_HASH}" PULL_SUCCESS=false @@ -103,6 +103,14 @@ jobs: BASE_HASH: ${{ steps.check-base.outputs.base_hash }} run: | echo "=== Building CICD Base Image ===" + + # Defensive fallback if output propagation failed for any reason. + BASE_HASH="${BASE_HASH:-$(sha256sum Dockerfile.cicd-base | cut -d' ' -f1 | head -c16)}" + if [ -z "${BASE_HASH}" ]; then + echo "❌ BASE_HASH is empty; refusing to tag/push invalid image references" + exit 1 + fi + echo "Base hash: ${BASE_HASH}" # Enable Docker BuildKit