fix: use commit SHA instead of latest tag to prevent race condition in promote workflow
Some checks failed
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
Some checks failed
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
The promote workflow previously pulled :latest, which could be stale if the staging build hadn't finished yet. Now it pulls the exact :SHA image that deploy.yml produces, with retry logic (up to 10min) if staging is still building.
This commit is contained in:
DocFast Bot
parent
e787923908
commit
e074562f73
1 changed files with 31 additions and 10 deletions
|
|
@ -11,18 +11,24 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout code at tag
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install kubectl
|
||||
run: |
|
||||
curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
||||
chmod +x kubectl
|
||||
|
||||
- name: Get image from tag
|
||||
- name: Get image info
|
||||
id: image
|
||||
run: |
|
||||
# Tag format: v0.2.1 or v0.2.1-rc1
|
||||
# The staging pipeline already pushed the image with the commit SHA
|
||||
# We retag with the version tag for traceability
|
||||
# Use the commit SHA instead of "latest" to avoid a race condition:
|
||||
# The tag event can fire before the staging build (deploy.yml) finishes
|
||||
# pushing the new "latest" image. By referencing the exact SHA that
|
||||
# deploy.yml tags images with (${{ github.sha }}), we ensure we
|
||||
# promote the correct build — and wait for it if it's still running.
|
||||
echo "tag=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
|
||||
echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Login to Forgejo Registry
|
||||
uses: docker/login-action@v3
|
||||
|
|
@ -31,13 +37,28 @@ jobs:
|
|||
username: openclawd
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Retag image for production
|
||||
- name: Wait for staging image and retag for production
|
||||
run: |
|
||||
# Pull latest staging image and tag with version
|
||||
docker pull --platform linux/arm64 git.cloonar.com/openclawd/docfast:latest
|
||||
docker tag git.cloonar.com/openclawd/docfast:latest \
|
||||
git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }}
|
||||
docker push git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }}
|
||||
SHA_IMAGE="git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.sha }}"
|
||||
PROD_IMAGE="git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }}"
|
||||
|
||||
# Wait for the SHA-tagged image (built by staging) to be available
|
||||
for i in $(seq 1 20); do
|
||||
echo "Attempt $i/20: pulling $SHA_IMAGE ..."
|
||||
if docker pull --platform linux/arm64 "$SHA_IMAGE" 2>/dev/null; then
|
||||
echo "✅ Image found!"
|
||||
break
|
||||
fi
|
||||
if [ "$i" -eq 20 ]; then
|
||||
echo "❌ Image not available after 10 minutes. Aborting."
|
||||
exit 1
|
||||
fi
|
||||
echo "Image not ready yet, waiting 30s..."
|
||||
sleep 30
|
||||
done
|
||||
|
||||
docker tag "$SHA_IMAGE" "$PROD_IMAGE"
|
||||
docker push "$PROD_IMAGE"
|
||||
|
||||
- name: Deploy to Production
|
||||
run: |
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue