fix(ci): publish versioned Docker tags via auto-tag dispatch#1154
Open
wpfleger96 wants to merge 1 commit into
Open
fix(ci): publish versioned Docker tags via auto-tag dispatch#1154wpfleger96 wants to merge 1 commit into
wpfleger96 wants to merge 1 commit into
Conversation
Auto-tagged releases never published versioned container images. The release tag is pushed with the default GITHUB_TOKEN, and GitHub's recursion guard suppresses all on:push triggers for GITHUB_TOKEN-pushed refs, so docker.yml's on:push:tags trigger never fired. Only :main and :latest existed; every ghcr.io/block/buzz:vX.Y.Z returned 404. Mirror the rescue release.yml already uses: auto-tag now dispatches docker.yml with version+ref. On dispatch github.ref is main, so the tag ref is plumbed through explicitly — checkout pins to inputs.ref and the type=semver tags take inputs.version via metadata-action value=. An empty value= is a no-op on the native push-tag path (procSemver falls back to the git ref), so human-pushed tags and inputless canary dispatches are unchanged. Co-authored-by: Will Pfleger <pfleger.will@gmail.com> Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Auto-tagged releases never published versioned container images.
auto-tag-on-release-pr-merge.ymlpushes the release tag with the defaultGITHUB_TOKEN, and GitHub's recursion guard suppresses everyon: pushtrigger (includingpush: tags) for refs pushed withGITHUB_TOKEN. Sodocker.yml'son: push: tags: ["v[0-9]*"]never fired for a release. The result:ghcr.io/block/buzzonly ever had:mainand:latest, and everyghcr.io/block/buzz:vX.Y.Zreturnedmanifest unknown(404).release.ymlhas the identical deadon: push: tagstrigger but is rescued by an explicitgh workflow run release.ymldispatch at the end of the auto-tag job.docker.ymlwas added later and was never wired into that rescue. This change mirrors the same approach — no PAT or GitHub App token is introduced.Changes
auto-tag-on-release-pr-merge.ymlgh workflow run docker.yml -f version=... -f ref=v...step using the sameGITHUB_TOKEN. (gh workflow runwithGITHUB_TOKENcan dispatch other workflows — that is howrelease.ymlis already kicked.)docker.ymlworkflow_dispatch.inputs.versionandinputs.ref(both optional,refdefaults tomain), so inputless manual canary dispatch still works exactly as before.inputs.refonworkflow_dispatch(github.refismainon a dispatch, not the tag). Empty string preserves default checkout for push/PR events.value=${{ inputs.version }}to eachtype=semverline in bothmetasteps (build and merge jobs).type=semverderives the version from the git ref, which ismainon a dispatch and would render nothing — the explicitvalue=supplies the version instead.Why an empty
value=is safe on the existing pathsmetadata-action's
procSemvertreats an absent and an emptyvalueidentically (default is''). Whenvalueis empty it falls back tothis.context.refstripped ofrefs/tags/. So:pushevent,inputs.versionempty):value=""→ falls back to the tag ref → full semver family renders, unchanged.version+refset): checkout pins the tag commit; semver tags takeinputs.version.ref=main):value=""and ref is not a tag → semver tags render nothing, exactly as today (:main+:sha-<7>only).actionlintpasses clean on both workflows.Post-merge backfill (manual, one-off)
This fix only affects future releases. To publish the already-tagged
v0.3.26(and any other versions you want) into GHCR, after merge run once against the tag ref:Do not attempt the backfill from this branch pre-merge —
docker.ymlmust accept the inputs first.