fix: use commit SHA instead of latest tag to prevent race condition in promote workflow
Some checks failed
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
Some checks failed
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
The promote workflow previously pulled :latest, which could be stale if the staging build hadn't finished yet. Now it pulls the exact :SHA image that deploy.yml produces, with retry logic (up to 10min) if staging is still building.
This commit is contained in:
DocFast Bot
parent
e787923908
commit
e074562f73
1 changed files with 31 additions and 10 deletions
|
|
@ -11,18 +11,24 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: Checkout code at tag
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Install kubectl
|
- name: Install kubectl
|
||||||
run: |
|
run: |
|
||||||
curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
||||||
chmod +x kubectl
|
chmod +x kubectl
|
||||||
|
|
||||||
- name: Get image from tag
|
- name: Get image info
|
||||||
id: image
|
id: image
|
||||||
run: |
|
run: |
|
||||||
# Tag format: v0.2.1 or v0.2.1-rc1
|
# Use the commit SHA instead of "latest" to avoid a race condition:
|
||||||
# The staging pipeline already pushed the image with the commit SHA
|
# The tag event can fire before the staging build (deploy.yml) finishes
|
||||||
# We retag with the version tag for traceability
|
# pushing the new "latest" image. By referencing the exact SHA that
|
||||||
|
# deploy.yml tags images with (${{ github.sha }}), we ensure we
|
||||||
|
# promote the correct build — and wait for it if it's still running.
|
||||||
echo "tag=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
|
echo "tag=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
|
||||||
|
|
||||||
- name: Login to Forgejo Registry
|
- name: Login to Forgejo Registry
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@v3
|
||||||
|
|
@ -31,13 +37,28 @@ jobs:
|
||||||
username: openclawd
|
username: openclawd
|
||||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
- name: Retag image for production
|
- name: Wait for staging image and retag for production
|
||||||
run: |
|
run: |
|
||||||
# Pull latest staging image and tag with version
|
SHA_IMAGE="git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.sha }}"
|
||||||
docker pull --platform linux/arm64 git.cloonar.com/openclawd/docfast:latest
|
PROD_IMAGE="git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }}"
|
||||||
docker tag git.cloonar.com/openclawd/docfast:latest \
|
|
||||||
git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }}
|
# Wait for the SHA-tagged image (built by staging) to be available
|
||||||
docker push git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }}
|
for i in $(seq 1 20); do
|
||||||
|
echo "Attempt $i/20: pulling $SHA_IMAGE ..."
|
||||||
|
if docker pull --platform linux/arm64 "$SHA_IMAGE" 2>/dev/null; then
|
||||||
|
echo "✅ Image found!"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
if [ "$i" -eq 20 ]; then
|
||||||
|
echo "❌ Image not available after 10 minutes. Aborting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "Image not ready yet, waiting 30s..."
|
||||||
|
sleep 30
|
||||||
|
done
|
||||||
|
|
||||||
|
docker tag "$SHA_IMAGE" "$PROD_IMAGE"
|
||||||
|
docker push "$PROD_IMAGE"
|
||||||
|
|
||||||
- name: Deploy to Production
|
- name: Deploy to Production
|
||||||
run: |
|
run: |
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue