Skip to content

Simplify Docker tag publishing workflow #1333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lovasoa merged 1 commit into from
Jun 14, 2026
+32 −34
Merged

Simplify Docker tag publishing workflow #1333

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 32 additions & 34 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,31 +231,22 @@ jobs:
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm/v7
- linux/arm64
variant:
- minimal
- duckdb
exclude:
# DuckDB ODBC is not available for armv7
include:
- platform: linux/arm/v7
variant: duckdb
# This build is shared with the Hurl example jobs.
- platform: linux/amd64
variant: minimal
tag_suffix: -linux-arm-v7
- platform: linux/arm64
variant: minimal
tag_suffix: -linux-arm64
- platform: linux/amd64
variant: duckdb
tag_suffix: -linux-amd64-duckdb
- platform: linux/arm64
variant: duckdb
tag_suffix: -linux-arm64-duckdb
steps:
- name: Checkout
uses: actions/checkout@v6
- id: suffix
name: Cache name suffix
run: |
suffix="-$(tr '/' '-' <<< "${{ matrix.platform }}")"
if [[ "${{ matrix.variant }}" != "minimal" ]]; then
suffix="${suffix}-${{ matrix.variant }}"
fi
echo "suffix=${suffix}" >> "$GITHUB_OUTPUT"
- id: cache-scope
name: Docker cache scope
run: |
Expand All @@ -266,15 +257,15 @@ jobs:

recipe_hash="${{ hashFiles('Dockerfile', '.cargo/**', 'Cargo.toml', 'Cargo.lock', 'build.rs', 'scripts/**', 'sqlpage/**') }}"
{
echo "current=sqlpage-${ref_scope}${{ steps.suffix.outputs.suffix }}-${recipe_hash}"
echo "main=sqlpage-main${{ steps.suffix.outputs.suffix }}-${recipe_hash}"
echo "current=sqlpage-${ref_scope}${{ matrix.tag_suffix }}-${recipe_hash}"
echo "main=sqlpage-main${{ matrix.tag_suffix }}-${recipe_hash}"
} >> "$GITHUB_OUTPUT"
- name: Docker meta
id: meta
uses: docker/metadata-action@v6
with:
images: ${{ env.REGISTRY_IMAGE }}
flavor: suffix=${{ steps.suffix.outputs.suffix }}
flavor: suffix=${{ matrix.tag_suffix }}
labels: |
org.opencontainers.image.created=1970-01-01T00:00:00Z
- name: Set up QEMU
Expand Down Expand Up @@ -303,7 +294,7 @@ jobs:
cache-from: |
type=gha,scope=${{ steps.cache-scope.outputs.current }}
type=gha,scope=${{ steps.cache-scope.outputs.main }}
type=registry,ref=${{ env.REGISTRY_IMAGE }}:main${{ steps.suffix.outputs.suffix }}
type=registry,ref=${{ env.REGISTRY_IMAGE }}:main${{ matrix.tag_suffix }}
cache-to: type=gha,scope=${{ steps.cache-scope.outputs.current }},mode=max
- name: Export digest
if: github.event_name != 'pull_request'
Expand All @@ -315,7 +306,7 @@ jobs:
uses: actions/upload-artifact@v7
if: github.event_name != 'pull_request'
with:
name: digests-${{ matrix.variant }}${{ steps.suffix.outputs.suffix }}
name: digests-${{ matrix.variant }}${{ matrix.tag_suffix }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
Expand Down Expand Up @@ -520,22 +511,29 @@ jobs:
path: /tmp/digests
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v6
with:
images: ${{ env.REGISTRY_IMAGE }}
flavor: suffix=${{ matrix.variant != 'minimal' && format('-{0}', matrix.variant) || '' }},onlatest=true
- name: Login to Docker Hub
uses: docker/login-action@v4
with:
username: ${{ env.REGISTRY_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Create manifest list and push
working-directory: /tmp/digests
env:
TAG_SUFFIX: ${{ matrix.variant != 'minimal' && format('-{0}', matrix.variant) || '' }}
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
tags=(-t "${REGISTRY_IMAGE}:${GITHUB_REF_NAME}${TAG_SUFFIX}")

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 14, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Sanitize the ref before using it as a Docker tag

When a valid release tag matching the workflow's v* filter contains Docker-invalid characters, such as the valid SemVer tag v1.2.3+build.1, this constructs an invalid image reference and docker buildx imagetools create fails, preventing the version and latest manifests from being published. The removed docker/metadata-action automatically replaced invalid tag-character sequences with - as documented in its tag sanitization behavior, so preserve equivalent sanitization before constructing these tags.

Useful? React with 👍 / 👎.

if [[ "$GITHUB_REF_TYPE" == "tag" ]]; then
tags+=(-t "${REGISTRY_IMAGE}:latest${TAG_SUFFIX}")
fi
shopt -s nullglob
sources=()
for digest in *; do
sources+=("${REGISTRY_IMAGE}@sha256:${digest}")
done
((${#sources[@]} > 0))
docker buildx imagetools create "${tags[@]}" "${sources[@]}"
- name: Inspect image
env:
TAG_SUFFIX: ${{ matrix.variant != 'minimal' && format('-{0}', matrix.variant) || '' }}
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
docker buildx imagetools inspect "${REGISTRY_IMAGE}:${GITHUB_REF_NAME}${TAG_SUFFIX}"
Loading