Merge pull request 'feat(ci): add OCI labels + buildx to publish workflow (#554)' (#559) from ci/554-oci-labels-publish-workflow into main
Some checks failed
Block internal-flavored paths / Block forbidden paths (push) Successful in 19s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 14s
CI / Detect changes (push) Successful in 37s
Secret scan / Scan diff for credential-shaped strings (push) Successful in 14s
publish-workspace-server-image / build-and-push (push) Failing after 16s
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 39s
E2E API Smoke Test / detect-changes (push) Successful in 41s
Handlers Postgres Integration / detect-changes (push) Successful in 42s
Runtime PR-Built Compatibility / detect-changes (push) Successful in 41s
CI / Platform (Go) (push) Successful in 11s
CI / Shellcheck (E2E scripts) (push) Successful in 8s
CI / Canvas (Next.js) (push) Successful in 9s
CI / Python Lint & Test (push) Successful in 8s
CI / Canvas Deploy Reminder (push) Has been skipped
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 11s
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 8s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 8s
CI / all-required (push) Successful in 5s
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 10s
ci-required-drift / drift (push) Failing after 1m9s
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Failing after 4m32s
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 12s
Sweep stale AWS Secrets Manager secrets / Sweep AWS Secrets Manager (push) Failing after 21s
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Failing after 5m18s
Some checks failed
Block internal-flavored paths / Block forbidden paths (push) Successful in 19s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 14s
CI / Detect changes (push) Successful in 37s
Secret scan / Scan diff for credential-shaped strings (push) Successful in 14s
publish-workspace-server-image / build-and-push (push) Failing after 16s
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 39s
E2E API Smoke Test / detect-changes (push) Successful in 41s
Handlers Postgres Integration / detect-changes (push) Successful in 42s
Runtime PR-Built Compatibility / detect-changes (push) Successful in 41s
CI / Platform (Go) (push) Successful in 11s
CI / Shellcheck (E2E scripts) (push) Successful in 8s
CI / Canvas (Next.js) (push) Successful in 9s
CI / Python Lint & Test (push) Successful in 8s
CI / Canvas Deploy Reminder (push) Has been skipped
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 11s
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 8s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 8s
CI / all-required (push) Successful in 5s
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 10s
ci-required-drift / drift (push) Failing after 1m9s
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Failing after 4m32s
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 12s
Sweep stale AWS Secrets Manager secrets / Sweep AWS Secrets Manager (push) Failing after 21s
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Failing after 5m18s
This commit is contained in:
commit
815dc7e1eb
@ -115,6 +115,11 @@ jobs:
|
||||
# Build + push platform image (inline ECR auth — mirrors the operator-host
|
||||
# approach; credentials come from GITHUB_SECRET_AWS_ACCESS_KEY_ID /
|
||||
# GITHUB_SECRET_AWS_SECRET_ACCESS_KEY in Gitea Actions).
|
||||
# docker buildx bake / build required for `imagetools inspect` digest
|
||||
# capture in the CP pin-update step (RFC internal#229 §X step 4 PR-1).
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
|
||||
|
||||
- name: Build & push platform image to ECR (staging-<sha> + staging-latest)
|
||||
env:
|
||||
IMAGE_NAME: ${{ env.IMAGE_NAME }}
|
||||
@ -130,17 +135,16 @@ jobs:
|
||||
ECR_REGISTRY="${IMAGE_NAME%%/*}"
|
||||
aws ecr get-login-password --region us-east-2 | \
|
||||
docker login --username AWS --password-stdin "${ECR_REGISTRY}"
|
||||
docker build \
|
||||
docker buildx build \
|
||||
--file ./workspace-server/Dockerfile \
|
||||
--build-arg GIT_SHA="${GIT_SHA}" \
|
||||
--label "org.opencontainers.image.source=https://github.com/${REPO}" \
|
||||
--label "org.opencontainers.image.source=https://git.moleculesai.app/molecule-ai/${REPO}" \
|
||||
--label "org.opencontainers.image.revision=${GIT_SHA}" \
|
||||
--label "org.opencontainers.image.description=Molecule AI platform — pending canary verify" \
|
||||
--label "org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
|
||||
--label "molecule.workflow.run_id=${GITHUB_RUN_ID}" \
|
||||
--tag "${IMAGE_NAME}:${TAG_SHA}" \
|
||||
--tag "${IMAGE_NAME}:${TAG_LATEST}" \
|
||||
.
|
||||
docker push "${IMAGE_NAME}:${TAG_SHA}"
|
||||
docker push "${IMAGE_NAME}:${TAG_LATEST}"
|
||||
--push .
|
||||
|
||||
# Build + push tenant image (Go platform + Next.js canvas in one image).
|
||||
- name: Build & push tenant image to ECR (staging-<sha> + staging-latest)
|
||||
@ -158,15 +162,14 @@ jobs:
|
||||
ECR_REGISTRY="${TENANT_IMAGE_NAME%%/*}"
|
||||
aws ecr get-login-password --region us-east-2 | \
|
||||
docker login --username AWS --password-stdin "${ECR_REGISTRY}"
|
||||
docker build \
|
||||
docker buildx build \
|
||||
--file ./workspace-server/Dockerfile.tenant \
|
||||
--build-arg NEXT_PUBLIC_PLATFORM_URL= \
|
||||
--build-arg GIT_SHA="${GIT_SHA}" \
|
||||
--label "org.opencontainers.image.source=https://github.com/${REPO}" \
|
||||
--label "org.opencontainers.image.source=https://git.moleculesai.app/molecule-ai/${REPO}" \
|
||||
--label "org.opencontainers.image.revision=${GIT_SHA}" \
|
||||
--label "org.opencontainers.image.description=Molecule AI tenant platform + canvas — pending canary verify" \
|
||||
--label "org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
|
||||
--label "molecule.workflow.run_id=${GITHUB_RUN_ID}" \
|
||||
--tag "${TENANT_IMAGE_NAME}:${TAG_SHA}" \
|
||||
--tag "${TENANT_IMAGE_NAME}:${TAG_LATEST}" \
|
||||
.
|
||||
docker push "${TENANT_IMAGE_NAME}:${TAG_SHA}"
|
||||
docker push "${TENANT_IMAGE_NAME}:${TAG_LATEST}"
|
||||
--push .
|
||||
|
||||
Loading…
Reference in New Issue
Block a user