|
54 | 54 | - firefox |
55 | 55 | - webkit |
56 | 56 | - all |
| 57 | + image_tag: |
| 58 | + description: 'Docker image tag to test (e.g., pr-123-abc1234, latest)' |
| 59 | + required: false |
| 60 | + type: string |
57 | 61 |
|
58 | 62 | env: |
59 | 63 | NODE_VERSION: '20' |
|
70 | 74 | # Prevent race conditions when PR is updated mid-test |
71 | 75 | # Cancels old test runs when new build completes with different SHA |
72 | 76 | concurrency: |
73 | | - group: e2e-${{ github.workflow }}-${{ github.event.workflow_run.head_branch || github.ref }}-${{ github.event.workflow_run.head_sha || github.sha }} |
| 77 | + group: e2e-${{ github.workflow }}-${{ github.ref }} |
74 | 78 | cancel-in-progress: true |
75 | 79 |
|
76 | 80 | jobs: |
@@ -163,71 +167,12 @@ jobs: |
163 | 167 | echo "sha=${SHORT_SHA}" >> $GITHUB_OUTPUT |
164 | 168 | echo "Determined image tag: $(cat $GITHUB_OUTPUT | grep tag=)" |
165 | 169 |
|
166 | | - # Pull image from registry with retry logic (dual-source strategy) |
167 | | - # Try registry first (fast), fallback to artifact if registry fails |
168 | | - - name: Pull Docker image from registry |
169 | | - id: pull_image |
170 | | - uses: nick-fields/retry@v3 |
| 170 | + # Download Docker image artifact from build job |
| 171 | + - name: Download Docker image |
| 172 | + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 |
171 | 173 | with: |
172 | | - timeout_minutes: 5 |
173 | | - max_attempts: 3 |
174 | | - retry_wait_seconds: 10 |
175 | | - command: | |
176 | | - IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/charon:${{ steps.image.outputs.tag }}" |
177 | | - echo "Pulling image: $IMAGE_NAME" |
178 | | - docker pull "$IMAGE_NAME" |
179 | | - docker tag "$IMAGE_NAME" charon:e2e-test |
180 | | - echo "✅ Successfully pulled from registry" |
181 | | - continue-on-error: true |
182 | | - |
183 | | - # Fallback: Download artifact if registry pull failed |
184 | | - - name: Fallback to artifact download |
185 | | - if: steps.pull_image.outcome == 'failure' |
186 | | - env: |
187 | | - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
188 | | - SHA: ${{ steps.image.outputs.sha }} |
189 | | - run: | |
190 | | - echo "⚠️ Registry pull failed, falling back to artifact..." |
191 | | -
|
192 | | - # Determine artifact name based on source type |
193 | | - if [[ "${{ steps.image.outputs.source_type }}" == "pr" ]]; then |
194 | | - PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number') |
195 | | - ARTIFACT_NAME="pr-image-${PR_NUM}" |
196 | | - else |
197 | | - ARTIFACT_NAME="push-image" |
198 | | - fi |
199 | | -
|
200 | | - echo "Downloading artifact: $ARTIFACT_NAME" |
201 | | - gh run download ${{ github.event.workflow_run.id }} \ |
202 | | - --name "$ARTIFACT_NAME" \ |
203 | | - --dir /tmp/docker-image || { |
204 | | - echo "❌ ERROR: Artifact download failed!" |
205 | | - echo "Available artifacts:" |
206 | | - gh run view ${{ github.event.workflow_run.id }} --json artifacts --jq '.artifacts[].name' |
207 | | - exit 1 |
208 | | - } |
209 | | -
|
210 | | - docker load < /tmp/docker-image/charon-image.tar |
211 | | - docker tag $(docker images --format "{{.Repository}}:{{.Tag}}" | head -1) charon:e2e-test |
212 | | - echo "✅ Successfully loaded from artifact" |
213 | | -
|
214 | | - # Validate image freshness by checking SHA label |
215 | | - - name: Validate image SHA |
216 | | - env: |
217 | | - SHA: ${{ steps.image.outputs.sha }} |
218 | | - run: | |
219 | | - LABEL_SHA=$(docker inspect charon:e2e-test --format '{{index .Config.Labels "org.opencontainers.image.revision"}}' | cut -c1-7 || echo "unknown") |
220 | | - echo "Expected SHA: $SHA" |
221 | | - echo "Image SHA: $LABEL_SHA" |
222 | | -
|
223 | | - if [[ "$LABEL_SHA" != "$SHA" && "$LABEL_SHA" != "unknown" ]]; then |
224 | | - echo "⚠️ WARNING: Image SHA mismatch!" |
225 | | - echo "Image may be stale. Proceeding with caution..." |
226 | | - elif [[ "$LABEL_SHA" == "unknown" ]]; then |
227 | | - echo "ℹ️ INFO: Could not determine image SHA from labels (artifact source)" |
228 | | - else |
229 | | - echo "✅ Image SHA matches expected commit" |
230 | | - fi |
| 174 | + name: docker-image |
| 175 | + path: . |
231 | 176 |
|
232 | 177 | - name: Validate Emergency Token Configuration |
233 | 178 | run: | |
|
0 commit comments