[v3-2-test] CI: Build CI image after Dockerfiles are updated in breeze ci upgrade (#64777) (#64781)

github-actions[bot] · potiuk · web-flow · commit fd1962fa027c · 2026-04-06T18:42:29.000+02:00
(cherry picked from commit b875c40) Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
diff --git a/dev/breeze/src/airflow_breeze/commands/ci_commands.py b/dev/breeze/src/airflow_breeze/commands/ci_commands.py
@@ -778,17 +778,9 @@ def upgrade(
             "Commands may fail if they require authentication.[/]"
         )
 
-    # Build the CI image for Python 3.10 first so that subsequent steps (e.g. uv lock
-    # updates inside the image) use an up-to-date environment.
-    console_print("[info]Building CI image for Python 3.10 …[/]")
-    run_command(
-        ["breeze", "ci-image", "build", "--python", "3.10"],
-        check=False,
-        env=command_env,
-    )
-
-    # Define all upgrade commands to run (all run with check=False to continue on errors)
-    upgrade_commands: list[tuple[str, str]] = [
+    # Define upgrade commands to run before building the CI image (all run with check=False
+    # to continue on errors). These may update Dockerfiles and other build inputs.
+    pre_image_commands: list[tuple[str, str]] = [
         ("autoupdate", "prek autoupdate --cooldown-days 4 --freeze"),
         (
             "update-chart-dependencies",
@@ -798,20 +790,42 @@ def upgrade(
             "upgrade-important-versions",
             "prek --all-files --show-diff-on-failure --color always --verbose --stage manual upgrade-important-versions",
         ),
+    ]
+
+    # Define upgrade commands to run after building the CI image (they run inside the image
+    # and need an up-to-date environment).
+    post_image_commands: list[tuple[str, str]] = [
         (
             "update-uv-lock",
             "prek --all-files --show-diff-on-failure --color always --verbose update-uv-lock --stage manual",
         ),
     ]
+
     step_enabled = {
         "autoupdate": autoupdate,
         "update-chart-dependencies": update_chart_dependencies,
         "upgrade-important-versions": upgrade_important_versions,
         "update-uv-lock": update_uv_lock,
     }
 
-    # Execute enabled upgrade commands with the environment containing GitHub token
-    for step_name, command in upgrade_commands:
+    # Execute pre-image upgrade commands (may update Dockerfiles)
+    for step_name, command in pre_image_commands:
+        if step_enabled[step_name]:
+            run_command(command.split(), check=False, env=command_env)
+        else:
+            console_print(f"[info]Skipping {step_name} (disabled).[/]")
+
+    # Build the CI image for Python 3.10 after Dockerfiles have been updated so that
+    # subsequent steps (e.g. uv lock updates inside the image) use an up-to-date environment.
+    console_print("[info]Building CI image for Python 3.10 …[/]")
+    run_command(
+        ["breeze", "ci-image", "build", "--python", "3.10"],
+        check=False,
+        env=command_env,
+    )
+
+    # Execute post-image upgrade commands (run inside the freshly built image)
+    for step_name, command in post_image_commands:
         if step_enabled[step_name]:
             run_command(command.split(), check=False, env=command_env)
         else:
