[DO NOT MERGE] chore: update GitHub Actions workflows for UBI 9 and UBI 10 images#252
[DO NOT MERGE] chore: update GitHub Actions workflows for UBI 9 and UBI 10 images#252
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: dkwon17 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
📝 WalkthroughWalkthroughSimplifies multi-architecture image publishing across GitHub workflows by replacing manual Changes
Sequence Diagram(s)sequenceDiagram
participant GH as GitHub Actions
participant BX as docker buildx imagetools
participant REG as Container Registry
GH->>BX: run `imagetools create -t registry/...:tag` with per-arch image refs
BX->>REG: read per-arch image manifests (amd64/arm64/ppc64le)
BX->>REG: create and push multi-arch image index `:tag`
GH->>BX: run `imagetools inspect registry/...:tag`
BX->>GH: return multi-arch index metadata (manifest list / digests)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ubi10-build.yaml:
- Around line 152-153: The workflow defines a job output named uniq_tag
(outputs.uniq_tag from step setTagName) but callers incorrectly reference
jobs.publish-udi.outputs.setTagName.uniq_tag; update any callers to reference
the job output by name instead — e.g., use jobs.publish-udi.outputs.uniq_tag
(remove the step id in the reference) so the reusable workflow consumers receive
the uniq_tag value; ensure the job that exposes the output uses
outputs.uniq_tag: ${{ steps.setTagName.outputs.uniq_tag }} (symbol references:
outputs, uniq_tag, steps.setTagName, jobs.publish-udi).
In @.github/workflows/ubi9-build.yaml:
- Around line 166-170: The publish-udi job does not declare any outputs, so the
workflow-level consumer cannot read jobs.publish-udi.outputs.uniq_tag; add an
outputs block to the publish-udi job that maps uniq_tag to the setTagName step
output (e.g., outputs: uniq_tag: ${{ steps.setTagName.outputs.uniq_tag }}),
ensure the step that generates the tag has id: setTagName and emits the output
(via the step's output mechanism), and keep the output name uniq_tag to match
the workflow consumer.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: b8ac2d46-c0a9-4ed6-9766-48a1096f6535
📒 Files selected for processing (4)
.github/workflows/pr-check-ubi10.yaml.github/workflows/pr-check.yaml.github/workflows/ubi10-build.yaml.github/workflows/ubi9-build.yaml
| docker buildx imagetools create \ | ||
| -t ${{ env.REGISTRY }}/universal-developer-image:${tag} \ | ||
| ${{ env.REGISTRY }}/universal-developer-image:amd64-${{env.short_sha}} \ | ||
| --os linux --arch amd64 | ||
|
|
||
| docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:${tag} \ | ||
| ${{ env.REGISTRY }}/universal-developer-image:arm64-${{env.short_sha}} \ | ||
| --os linux --arch arm64 | ||
|
|
||
| docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:${tag} \ | ||
| ${{ env.REGISTRY }}/universal-developer-image:ppc64le-${{env.short_sha}} \ | ||
| --os linux --arch ppc64le | ||
|
|
||
| docker manifest push ${{ env.REGISTRY }}/universal-developer-image:${tag} | ||
| ${{ env.REGISTRY }}/universal-developer-image:arm64-${{env.short_sha}} \ | ||
| ${{ env.REGISTRY }}/universal-developer-image:ppc64le-${{env.short_sha}} |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
nl -ba .github/workflows/ubi9-build.yaml | sed -n '14,18p;147,176p'Repository: devfile/developer-images
Length of output: 108
🏁 Script executed:
cat -n .github/workflows/ubi9-build.yaml | sed -n '14,20p;140,180p'Repository: devfile/developer-images
Length of output: 2065
🏁 Script executed:
cat -n .github/workflows/ubi9-build.yaml | sed -n '147,190p'Repository: devfile/developer-images
Length of output: 1471
Expose uniq_tag from the publish-udi job.
Line 17 declares a workflow output that reads jobs.publish-udi.outputs.uniq_tag, but the publish-udi job (line 147) never defines outputs:, so reusable-workflow callers won't receive the value written by the setTagName step.
Suggested fix
publish-udi:
name: Publish udi
runs-on: ubuntu-22.04
needs: build-udi
+ outputs:
+ uniq_tag: ${{ steps.setTagName.outputs.uniq_tag }}
steps:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/ubi9-build.yaml around lines 166 - 170, The publish-udi
job does not declare any outputs, so the workflow-level consumer cannot read
jobs.publish-udi.outputs.uniq_tag; add an outputs block to the publish-udi job
that maps uniq_tag to the setTagName step output (e.g., outputs: uniq_tag: ${{
steps.setTagName.outputs.uniq_tag }}), ensure the step that generates the tag
has id: setTagName and emits the output (via the step's output mechanism), and
keep the output name uniq_tag to match the workflow consumer.
|
Pull Request images published ✨ Base: quay.io/devfile/base-developer-image:pr-252 |
Signed-off-by: Prabhu K <Prabhu.K@ibm.com> Signed-off-by: Prabhu K <Prabhu.K@ibm.com>
Signed-off-by: Prabhu K <Prabhu.K@ibm.com>
…bm.com> Signed-off-by: Prabhu K <Prabhu.K@ibm.com>
dkwon17
force-pushed
the
fix/docker-buildx-publish
branch
from
ed30b94 to
9dc300e
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (2)
.github/workflows/ubi9-build.yaml (1)
147-175:⚠️ Potential issue | 🟠 MajorMissing
outputs:declaration onpublish-udijob.The workflow declares an output at line 17 (
jobs.publish-udi.outputs.uniq_tag), but thepublish-udijob does not have anoutputs:block to expose theuniq_tagvalue from thesetTagNamestep. Without this, reusable-workflow callers won't receive the output.Suggested fix
publish-udi: name: Publish udi runs-on: ubuntu-22.04 needs: build-udi + outputs: + uniq_tag: ${{ steps.setTagName.outputs.uniq_tag }} steps:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ubi9-build.yaml around lines 147 - 175, Add an outputs block to the publish-udi job exposing the uniq_tag produced by the step with id setTagName: under the job named publish-udi add outputs: uniq_tag: ${{ steps.setTagName.outputs.uniq_tag }} so callers of the reusable workflow can access the value emitted by the setTagName step..github/workflows/ubi10-build.yaml (1)
15-18:⚠️ Potential issue | 🟠 MajorFix the workflow_call output reference.
Line 18 incorrectly references the step ID in the output path. Job-level outputs should be referenced by the output name defined in the job's
outputs:block, not by step ID. The current syntaxjobs.publish-udi.outputs.setTagName.uniq_tagwill not resolve correctly.Suggested fix
outputs: uniq_tag: description: "The unique tag for the universal developer image" - value: ${{ jobs.publish-udi.outputs.setTagName.uniq_tag }} + value: ${{ jobs.publish-udi.outputs.uniq_tag }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ubi10-build.yaml around lines 15 - 18, The workflow output reference is using the step ID instead of the job output name; update the outputs value to reference the job-level output name by replacing jobs.publish-udi.outputs.setTagName.uniq_tag with jobs.publish-udi.outputs.uniq_tag so it points to the output declared in the publish-udi job's outputs block (job name: publish-udi, output: uniq_tag).
🧹 Nitpick comments (1)
.github/workflows/pr-check.yaml (1)
192-196: LGTM!Correctly uses
docker buildx imagetools createfor multi-arch manifest publishing.Optional: Consider adding
docker buildx imagetools inspectafter creation for verification, as done inpr-check-ubi10.yaml(lines 176-177 and 202-203). This provides explicit confirmation that the multi-arch manifest was created successfully.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/pr-check.yaml around lines 192 - 196, Add a verification step immediately after the existing docker buildx imagetools create invocation to run docker buildx imagetools inspect against the same image tag (${{ env.REGISTRY }}/universal-developer-image:pr-${{github.event.number}}) to confirm the multi-arch manifest was created; mirror the pattern used in pr-check-ubi10.yaml (inspect after create) and ensure the inspect command runs in the same job context so its success/failure is visible in CI logs.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/ubi10-build.yaml:
- Around line 15-18: The workflow output reference is using the step ID instead
of the job output name; update the outputs value to reference the job-level
output name by replacing jobs.publish-udi.outputs.setTagName.uniq_tag with
jobs.publish-udi.outputs.uniq_tag so it points to the output declared in the
publish-udi job's outputs block (job name: publish-udi, output: uniq_tag).
In @.github/workflows/ubi9-build.yaml:
- Around line 147-175: Add an outputs block to the publish-udi job exposing the
uniq_tag produced by the step with id setTagName: under the job named
publish-udi add outputs: uniq_tag: ${{ steps.setTagName.outputs.uniq_tag }} so
callers of the reusable workflow can access the value emitted by the setTagName
step.
---
Nitpick comments:
In @.github/workflows/pr-check.yaml:
- Around line 192-196: Add a verification step immediately after the existing
docker buildx imagetools create invocation to run docker buildx imagetools
inspect against the same image tag (${{ env.REGISTRY
}}/universal-developer-image:pr-${{github.event.number}}) to confirm the
multi-arch manifest was created; mirror the pattern used in pr-check-ubi10.yaml
(inspect after create) and ensure the inspect command runs in the same job
context so its success/failure is visible in CI logs.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: bc06905c-5e3e-4bbd-97ec-36e4effc3725
📒 Files selected for processing (5)
.github/workflows/pr-check-ubi10.yaml.github/workflows/pr-check.yaml.github/workflows/ubi10-build.yaml.github/workflows/ubi9-build.yamluniversal/ubi10/Dockerfile
dkwon17
changed the title
|
Pull Request images published ✨ Base: quay.io/devfile/base-developer-image:pr-252 |
2 participants
This PR is created in order to run the gh workflows. The original PR is: #250
Summary by CodeRabbit