claude-ceo-assistant (Claude Opus 4.7 on Hongming's MacBook)
3e491c673b
All checks were successful
CI / Adapter unit tests (push) Successful in 20s
CI / Adapter unit tests (pull_request) Successful in 21s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 6s
CI / validate (push) Successful in 11m50s
CI / validate (pull_request) Successful in 11m38s
Background: post-2026-05-06 SCM is Gitea, not GitHub. Gitea 1.22.6 has
no repository_dispatch / workflow_dispatch trigger API (empirically
verified across 6 candidate paths in molecule-core#20 issuecomment-913).
The molecule-core/publish-runtime.yml cascade therefore cannot fire
templates via curl-dispatch — pivots to push-mode instead.
This PR is the consumer side of that pivot:
- `.runtime-version` file at repo root — single line, plain version
string. Currently 0.1.129 (latest published as of 2026-05-07).
publish-runtime overwrites this on each cascade.
- publish-image.yml gains a `resolve-version` job that reads the file
and forwards the value to the reusable build workflow as the
third-priority source in the resolution chain:
1. client_payload.runtime_version (forward-compat with future
GitHub-style dispatch if Gitea ever adds it)
2. inputs.runtime_version (manual workflow_dispatch override)
3. .runtime-version file (push-mode cascade — the new path)
4. '' (Dockerfile requirements.txt default)
No behavioural change for PRs / manual dispatches; only fills in the
on-push case where previously the version was empty.
Sequencing context: this PR (and 8 sibling PRs to the other template
repos) MUST land before molecule-core#20 v2 is merged — otherwise the
first cascade push would trigger an on-push rebuild that pins the OLD
requirements.txt floor instead of the freshly-published version.
Refs molecule-core#14, molecule-core#20, molecule-core/issues/20.
79 lines
3.4 KiB
YAML
79 lines
3.4 KiB
YAML
name: publish-image
|
|
|
|
# Builds this workspace template's Dockerfile and pushes it to GHCR as
|
|
# `ghcr.io/molecule-ai/workspace-template-<runtime>:latest` + `:sha-<7>`.
|
|
# The heavy lifting lives in the reusable workflow in molecule-ci —
|
|
# change it there if the publish pattern needs to evolve.
|
|
|
|
on:
|
|
# Re-publish when a new molecule-ai-workspace-runtime is released to
|
|
# PyPI. Sent by molecule-core's publish-runtime.yml `cascade` job via
|
|
# repository_dispatch with event-type "runtime-published".
|
|
# client_payload.runtime_version carries the new version string.
|
|
repository_dispatch:
|
|
types: [runtime-published]
|
|
push:
|
|
branches: [main]
|
|
# NOTE: do NOT add `pull_request:` here. The reusable
|
|
# publish-template-image workflow has no PR-skip guard, so a PR
|
|
# trigger pushes per-PR :latest clobbers and sha-<7> tags for
|
|
# unmerged code to GHCR. PRs already get a Dockerfile build smoke
|
|
# test from the validate-workspace-template workflow (no push) —
|
|
# that's the right place for PR-time verification.
|
|
workflow_dispatch:
|
|
inputs:
|
|
runtime_version:
|
|
description: "Optional explicit runtime version to bake in (forwarded as RUNTIME_VERSION build-arg)"
|
|
required: false
|
|
type: string
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
jobs:
|
|
# The `.runtime-version` file is the push-mode cascade signal post-
|
|
# 2026-05-06: when molecule-core/publish-runtime.yml ships a new
|
|
# version to PyPI, it does NOT call repository_dispatch (Gitea 1.22.6
|
|
# has no such endpoint — empirically verified molecule-core#20).
|
|
# Instead it git-pushes an updated `.runtime-version` to each template,
|
|
# which trips this workflow's `on: push: branches: [main]` trigger.
|
|
# This job reads that file and forwards the version to the reusable
|
|
# build workflow so the Dockerfile pip-installs the exact published
|
|
# version, not whatever requirements.txt currently bounds.
|
|
resolve-version:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 2
|
|
outputs:
|
|
version: ${{ steps.read.outputs.version }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- id: read
|
|
run: |
|
|
if [ -f .runtime-version ]; then
|
|
v="$(head -n1 .runtime-version | tr -d '[:space:]')"
|
|
echo "version=$v" >> "$GITHUB_OUTPUT"
|
|
echo "resolved runtime version: $v"
|
|
else
|
|
echo "no .runtime-version file present — falling through to Dockerfile default"
|
|
fi
|
|
|
|
publish:
|
|
needs: resolve-version
|
|
uses: molecule-ai/molecule-ci/.github/workflows/publish-template-image.yml@main
|
|
secrets: inherit
|
|
with:
|
|
# Resolution chain (highest priority first):
|
|
# 1. client_payload.runtime_version — legacy GitHub
|
|
# repository_dispatch path (will return if Gitea ever adds
|
|
# the dispatch API; left in place for forward-compat).
|
|
# 2. inputs.runtime_version — manual workflow_dispatch run from
|
|
# the Actions UI for ad-hoc rebuilds against a specific
|
|
# version.
|
|
# 3. needs.resolve-version.outputs.version — the
|
|
# `.runtime-version` file in this repo, written by
|
|
# molecule-core/publish-runtime.yml's push-mode cascade.
|
|
# 4. '' — fall through to the Dockerfile default
|
|
# (requirements.txt pin).
|
|
runtime_version: ${{ github.event.client_payload.runtime_version || inputs.runtime_version || needs.resolve-version.outputs.version || '' }}
|