ci: add cd steps to publish workflow

vladzr · vladzr · commit fcd515cd10bf · 2026-04-23T18:35:59.000+08:00
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -2,7 +2,7 @@ name: Docker Publish
 
 on:
   push:
-    branches: [master, main]
+    branches: [master]
     tags:
       - 'v*'
   workflow_dispatch:
@@ -108,3 +108,66 @@ jobs:
       - name: Inspect
         run: |
           docker buildx imagetools inspect ${IMAGE}:${{ steps.meta.outputs.version }}
+
+  update-manifest:
+    name: Bump graph-node image tag in beam-k8s-infra-apps
+    runs-on: ubuntu-latest
+    needs: merge
+    if: github.ref == 'refs/heads/master'
+    concurrency:
+      group: update-k8s-manifest-graph-node
+      cancel-in-progress: false
+    steps:
+      - name: Checkout beam-k8s-infra-apps
+        uses: actions/checkout@v5
+        with:
+          repository: BuildOnBeam/beam-k8s-infra-apps
+          ref: main
+          token: ${{ secrets.K8S_REPO_PAT }}
+          path: infra
+
+      - name: Install kustomize
+        run: |
+          KUSTOMIZE_VERSION=5.4.3
+          curl -fsSL \
+            "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz" \
+            | sudo tar -xz -C /usr/local/bin
+          kustomize version
+
+      - name: Update image tag
+        id: bump
+        working-directory: infra
+        run: |
+          SHORT_SHA=${GITHUB_SHA::7}
+          TAG="sha-${SHORT_SHA}"
+          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
+          (cd apps/graph-node/base && kustomize edit set image "${IMAGE}=${IMAGE}:${TAG}")
+          if git diff --quiet apps/graph-node/base/kustomization.yaml; then
+            echo "kustomization already at $TAG — nothing to commit."
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+            git diff apps/graph-node/base/kustomization.yaml
+          fi
+
+      - name: Commit and push
+        if: steps.bump.outputs.changed == 'true'
+        working-directory: infra
+        run: |
+          git config user.name  "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add apps/graph-node/base/kustomization.yaml
+          git commit -m "ci(graph-node): update image to ${{ steps.bump.outputs.tag }}"
+          for attempt in 1 2 3; do
+            if git push origin main; then
+              echo "Pushed on attempt $attempt."
+              exit 0
+            fi
+            echo "Push rejected; rebasing on main and retrying..."
+            git pull --rebase origin main || {
+              echo "::error::Rebase hit a conflict on apps/graph-node/base/kustomization.yaml — manual resolution needed. Image ${IMAGE}:${{ steps.bump.outputs.tag }} is already on Docker Hub."
+              exit 1
+            }
+          done
+          echo "::error::Failed to push after 3 attempts. Image ${IMAGE}:${{ steps.bump.outputs.tag }} is on Docker Hub; bump the manifest manually."
+          exit 1
