bef0813139
Some checks failed
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s
CI / Shell unit tests (pull_request) Successful in 20s
CI / Shell unit tests (push) Successful in 23s
CI / validate (pull_request) Failing after 7m0s
CI / validate (push) Failing after 6m53s
Background: post-2026-05-06 SCM is Gitea, not GitHub. Gitea 1.22.6 has no repository_dispatch / workflow_dispatch trigger API (empirically verified across 6 candidate paths in molecule-core#20 issuecomment-913). The molecule-core/publish-runtime.yml cascade therefore cannot fire templates via curl-dispatch — pivots to push-mode instead. This PR is the consumer side of that pivot: - .runtime-version file at repo root — single line, plain version string. Currently 0.1.129 (latest published as of 2026-05-07). publish-runtime overwrites this on each cascade. - publish-image.yml gains a resolve-version job that reads the file and forwards the value to the reusable build workflow as the third-priority source in the resolution chain. Sequencing context: this PR (and 8 sibling PRs to the other template repos) MUST land before molecule-core#20 v2 is merged. Refs molecule-core#14, molecule-core#20.
64 lines
2.5 KiB
YAML
64 lines
2.5 KiB
YAML
name: publish-image
|
|
|
|
# Builds this workspace template's Dockerfile and pushes it to GHCR as
|
|
# `ghcr.io/molecule-ai/workspace-template-<runtime>:latest` + `:sha-<7>`.
|
|
# The heavy lifting lives in the reusable workflow in molecule-ci —
|
|
# change it there if the publish pattern needs to evolve.
|
|
|
|
on:
|
|
# Re-publish when a new molecule-ai-workspace-runtime is released to
|
|
# PyPI. Sent by molecule-core's publish-runtime.yml `cascade` job via
|
|
# repository_dispatch with event-type "runtime-published".
|
|
# client_payload.runtime_version carries the new version string.
|
|
repository_dispatch:
|
|
types: [runtime-published]
|
|
push:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
inputs:
|
|
runtime_version:
|
|
description: "Optional explicit runtime version to bake in (forwarded as RUNTIME_VERSION build-arg)"
|
|
required: false
|
|
type: string
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
jobs:
|
|
# The `.runtime-version` file is the push-mode cascade signal post-
|
|
# 2026-05-06: when molecule-core/publish-runtime.yml ships a new
|
|
# version to PyPI, it does NOT call repository_dispatch (Gitea 1.22.6
|
|
# has no such endpoint — empirically verified molecule-core#20).
|
|
# Instead it git-pushes an updated `.runtime-version` to each template,
|
|
# which trips this workflow's `on: push: branches: [main]` trigger.
|
|
# This job reads that file and forwards the version to the reusable
|
|
# build workflow.
|
|
resolve-version:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 2
|
|
outputs:
|
|
version: ${{ steps.read.outputs.version }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- id: read
|
|
run: |
|
|
if [ -f .runtime-version ]; then
|
|
v="$(head -n1 .runtime-version | tr -d '[:space:]')"
|
|
echo "version=$v" >> "$GITHUB_OUTPUT"
|
|
echo "resolved runtime version: $v"
|
|
else
|
|
echo "no .runtime-version file present — falling through to Dockerfile default"
|
|
fi
|
|
|
|
publish:
|
|
needs: resolve-version
|
|
uses: molecule-ai/molecule-ci/.github/workflows/publish-template-image.yml@main
|
|
secrets: inherit
|
|
with:
|
|
# Cascade fires with client_payload.runtime_version = the exact
|
|
# version PyPI just published. Forwarded as a docker --build-arg
|
|
# so the cache key changes per-version and pip install resolves
|
|
# freshly. Empty on push/PR — falls back to requirements.txt pin.
|
|
runtime_version: ${{ github.event.client_payload.runtime_version || inputs.runtime_version || needs.resolve-version.outputs.version || '' }}
|