From d37afda3fc79b0bb2704b8a457fe9a1db983fa9c Mon Sep 17 00:00:00 2001 From: copilotcoder Date: Thu, 28 May 2026 07:17:44 -0400 Subject: [PATCH] Another CICD push, hopefully the handoff is better. Signed-off-by: copilotcoder --- .gitea/workflows/cicd-base.yml | 23 ++++++---- .gitea/workflows/cicd.yml | 76 ++++++++++------------------------ 2 files changed, 37 insertions(+), 62 deletions(-) diff --git a/.gitea/workflows/cicd-base.yml b/.gitea/workflows/cicd-base.yml index f02b1e4..fb05cf3 100644 --- a/.gitea/workflows/cicd-base.yml +++ b/.gitea/workflows/cicd-base.yml @@ -231,13 +231,22 @@ jobs: exit 0 fi - if timeout 30 docker manifest inspect "${BASE_REF_HASH}" >/dev/null 2>&1; then - echo "✓ Immutable base image already exists: ${BASE_REF_HASH}" - echo "needs_build=false" >> $GITHUB_OUTPUT - else - echo "ℹ Immutable base image missing: ${BASE_REF_HASH}" - echo "needs_build=true" >> $GITHUB_OUTPUT - fi + for i in 1 2 3; do + echo "Existing base check ${i}/3 for ${BASE_REF_HASH}..." + if timeout 30 docker manifest inspect "${BASE_REF_HASH}" >/dev/null 2>&1 && \ + timeout 60 docker pull "${BASE_REF_HASH}" >/dev/null 2>&1; then + echo "✓ Immutable base image already exists and is pullable: ${BASE_REF_HASH}" + echo "needs_build=false" >> $GITHUB_OUTPUT + exit 0 + fi + + if [ "${i}" -lt 3 ]; then + sleep 20 + fi + done + + echo "ℹ Immutable base image missing or not yet pullable: ${BASE_REF_HASH}" + echo "needs_build=true" >> $GITHUB_OUTPUT - *write_registry_push_helpers diff --git a/.gitea/workflows/cicd.yml b/.gitea/workflows/cicd.yml index 9baf69e..cde1c53 100644 --- a/.gitea/workflows/cicd.yml +++ b/.gitea/workflows/cicd.yml @@ -6,9 +6,6 @@ on: pull_request: branches: [ main, develop ] workflow_dispatch: - workflow_run: - workflows: [ "CICD Base Image" ] - types: [ completed ] concurrency: group: cicd-${{ github.workflow }}-${{ github.ref }} @@ -37,9 +34,8 @@ jobs: id: detect env: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} - GITHUB_SHA: ${{ github.event.workflow_run.head_sha || github.sha }} + GITHUB_SHA: ${{ github.sha }} EVENT_NAME: ${{ github.event_name }} - WORKFLOW_RUN_CONCLUSION: ${{ github.event.workflow_run.conclusion }} BEFORE_SHA: ${{ github.event.before }} PR_BASE_SHA: ${{ github.event.pull_request.base.sha }} run: | @@ -47,19 +43,6 @@ jobs: umask 077 trap 'rm -f ~/.ssh/id_rsa' EXIT - if [ "${EVENT_NAME}" = "workflow_run" ]; then - if [ "${WORKFLOW_RUN_CONCLUSION}" = "success" ]; then - echo "run_ci=true" >> "$GITHUB_OUTPUT" - echo "run_backend=true" >> "$GITHUB_OUTPUT" - echo "run_frontend=true" >> "$GITHUB_OUTPUT" - else - echo "run_ci=false" >> "$GITHUB_OUTPUT" - echo "run_backend=false" >> "$GITHUB_OUTPUT" - echo "run_frontend=false" >> "$GITHUB_OUTPUT" - fi - exit 0 - fi - if [ "${EVENT_NAME}" = "workflow_dispatch" ]; then echo "run_ci=true" >> "$GITHUB_OUTPUT" echo "run_backend=true" >> "$GITHUB_OUTPUT" @@ -114,14 +97,6 @@ jobs: exit 0 fi - if printf '%s\n' "${NON_DOC_FILES}" | grep -Eq '^(Dockerfile\.cicd-base|\.dockerignore|scripts/compute-cicd-base-hash\.sh|\.gitea/workflows/cicd-base\.yml)$'; then - echo "⏭ Base inputs changed; waiting for successful CICD Base Image workflow completion before running main CI." - echo "run_ci=false" >> "$GITHUB_OUTPUT" - echo "run_backend=false" >> "$GITHUB_OUTPUT" - echo "run_frontend=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - only_backend=true only_frontend=true @@ -285,7 +260,7 @@ jobs: - name: Minimal checkout for base hash inputs env: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} - GITHUB_SHA: ${{ github.event.workflow_run.head_sha || github.sha }} + GITHUB_SHA: ${{ github.sha }} run: | umask 077 trap 'rm -f ~/.ssh/id_rsa' EXIT @@ -355,7 +330,7 @@ jobs: - name: Minimal checkout for Dockerfile env: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} - GITHUB_SHA: ${{ github.event.workflow_run.head_sha || github.sha }} + GITHUB_SHA: ${{ github.sha }} run: | umask 077 trap 'rm -f ~/.ssh/id_rsa' EXIT @@ -402,8 +377,7 @@ jobs: env: PACKAGE_ACCESS_TOKEN: ${{ secrets.PACKAGE_ACCESS_TOKEN }} SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} - GITHUB_SHA: ${{ github.event.workflow_run.head_sha || github.sha }} - EVENT_NAME: ${{ github.event_name }} + GITHUB_SHA: ${{ github.sha }} REGISTRY_USER: ${{ secrets.REGISTRY_USER || github.actor }} BASE_IMAGE: ${{ needs.prepare-base-ref.outputs.base_image }} BASE_HASH: ${{ needs.prepare-base-ref.outputs.base_hash }} @@ -437,34 +411,26 @@ jobs: return 1 } - if [ "${EVENT_NAME}" = "workflow_run" ]; then - echo "workflow_run trigger detected; verifying published base image once" - if ! verify_base_image; then - echo "❌ Base image was not available or did not match the expected hash after successful base workflow completion." + max_attempts=220 + sleep_seconds=30 + + for i in $(seq 1 "${max_attempts}"); do + echo "Base availability check ${i}/${max_attempts}..." + + if verify_base_image; then + break + fi + + if [ "${i}" -eq "${max_attempts}" ]; then + echo "❌ Required immutable base image is not available: ${BASE_IMAGE}" + echo "Timed out after $((max_attempts * sleep_seconds))s waiting for base image publish." + echo "Ensure CICD Base Image workflow is still running or has completed successfully, then rerun main CI." exit 1 fi - else - max_attempts=220 - sleep_seconds=30 - for i in $(seq 1 "${max_attempts}"); do - echo "Base availability check ${i}/${max_attempts}..." - - if verify_base_image; then - break - fi - - if [ "${i}" -eq "${max_attempts}" ]; then - echo "❌ Required immutable base image is not available: ${BASE_IMAGE}" - echo "Timed out after $((max_attempts * sleep_seconds))s waiting for base image publish." - echo "Ensure CICD Base Image workflow is still running or has completed successfully, then rerun main CI." - exit 1 - fi - - echo "⚠ Base image not available yet; waiting ${sleep_seconds}s for publish workflow" - sleep "${sleep_seconds}" - done - fi + echo "⚠ Base image not available yet; waiting ${sleep_seconds}s for publish workflow" + sleep "${sleep_seconds}" + done # Create temporary SSH key file for BuildKit secrets echo "${SSH_PRIVATE_KEY}" > /tmp/ssh_key