Skip to content

Commit e4e8a78

Browse files
committed
ci: fix issues with job naming when sequences are involved
1 parent 4c4130c commit e4e8a78

4 files changed

Lines changed: 46 additions & 42 deletions

File tree

.github/workflows/continuous-integration.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ permissions: {}
1414

1515
jobs:
1616
build-push-test:
17-
name: 🛠️ Build → Push → Test (🍨 ${{ matrix.flavor }})
17+
name: Build → Push → Test (🍨 ${{ matrix.flavor }})
1818
strategy:
1919
matrix:
2020
flavor: [cpp, rust]

.github/workflows/wc-build-push.yml

Lines changed: 25 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -34,11 +34,13 @@ on:
3434
type: string
3535
outputs:
3636
fully-qualified-image-name:
37-
value: ${{ jobs.sanitize-image-name.outputs.fully-qualified-image-name }}
37+
value: ${{ jobs.sanitize-inputs.outputs.fully-qualified-image-name }}
3838
image-basename:
39-
value: ${{ jobs.sanitize-image-name.outputs.image-basename }}
39+
value: ${{ jobs.sanitize-inputs.outputs.image-basename }}
4040
digest:
4141
value: ${{ jobs.merge-image.outputs.digest }}
42+
runner-arch:
43+
value: ${{ jobs.sanitize-inputs.outputs.runner-arch }}
4244
secrets:
4345
DOCKER_REGISTRY_USERNAME:
4446
required: true
@@ -48,21 +50,21 @@ on:
4850
permissions: {}
4951

5052
jobs:
51-
sanitize-image-name:
53+
sanitize-inputs:
5254
name: 🧼
53-
uses: ./.github/workflows/wc-sanitize-image-name.yml
55+
uses: ./.github/workflows/wc-sanitize-inputs.yml
5456
with:
5557
image-name: ${{ inputs.image-name }}
5658
registry: ${{ inputs.registry }}
5759
runner-labels: ${{ inputs.runner-labels }}
5860

5961
build-push:
60-
name: ${{ matrix.runner }}
62+
name: Build (${{ needs.sanitize-inputs.outputs.runner-arch }})
6163
strategy:
6264
matrix:
6365
runner: ${{ (startsWith(inputs.build-test-runner-labels, '[') && endsWith(inputs.build-test-runner-labels, ']')) && fromJson(inputs.build-test-runner-labels) || inputs.build-test-runner-labels }}
6466
runs-on: ${{ matrix.runner }}
65-
needs: sanitize-image-name
67+
needs: sanitize-inputs
6668
permissions:
6769
contents: read
6870
packages: write
@@ -87,7 +89,7 @@ jobs:
8789
DOCKER_METADATA_SET_OUTPUT_ENV: false
8890
id: metadata
8991
with:
90-
images: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}
92+
images: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}
9193
- name: Generate image label for devcontainer.metadata
9294
run: |
9395
set -Eeuo pipefail
@@ -105,16 +107,14 @@ jobs:
105107
id: devcontainer-metadata
106108
- run: echo "git-commit-epoch=$(git log -1 --pretty=%ct)" >> "$GITHUB_OUTPUT"
107109
id: devcontainer-epoch
108-
- run: echo "arch=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
109-
id: devcontainer-arch
110110
- uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
111111
id: build-and-push
112112
env:
113113
SOURCE_DATE_EPOCH: ${{ steps.devcontainer-epoch.outputs.git-commit-epoch }}
114114
with:
115115
file: ${{ inputs.dockerfile }}
116116
push: true
117-
tags: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}
117+
tags: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}
118118
labels: |
119119
${{ steps.metadata.outputs.labels }}
120120
${{ steps.devcontainer-metadata.outputs.label }}
@@ -130,19 +130,17 @@ jobs:
130130
DIGEST: ${{ steps.build-and-push.outputs.digest }}
131131
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
132132
with:
133-
name: digests-${{ needs.sanitize-image-name.outputs.image-basename }}-${{ steps.devcontainer-arch.outputs.arch }}
133+
name: digests-${{ needs.sanitize-inputs.outputs.image-basename }}-${{ needs.sanitize-inputs.outputs.runner-arch }}
134134
path: ${{ runner.temp }}/digests/*
135135
if-no-files-found: error
136136
retention-days: 1
137137

138138
merge-image:
139139
name: 🔗 Merge Image
140-
# Support either a plain single label (e.g. ubuntu-latest) OR a JSON array of labels.
141-
# If the input starts & ends with brackets we attempt JSON parsing; otherwise we pass the raw string.
142140
runs-on: ${{ (startsWith(inputs.runner-labels, '[') && endsWith(inputs.runner-labels, ']')) && fromJson(inputs.runner-labels) || inputs.runner-labels }}
143141
needs:
144142
- build-push
145-
- sanitize-image-name
143+
- sanitize-inputs
146144
permissions:
147145
actions: read
148146
attestations: write
@@ -159,13 +157,10 @@ jobs:
159157
with:
160158
disable-sudo: true
161159
egress-policy: audit
162-
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
163-
with:
164-
persist-credentials: false
165160
- uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
166161
with:
167162
path: ${{ runner.temp }}/digests
168-
pattern: digests-${{ needs.sanitize-image-name.outputs.image-basename }}-*
163+
pattern: digests-${{ needs.sanitize-inputs.outputs.image-basename }}-*
169164
merge-multiple: true
170165
- uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
171166
with:
@@ -180,7 +175,7 @@ jobs:
180175
env:
181176
DOCKER_METADATA_ANNOTATIONS_LEVELS: index
182177
with:
183-
images: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}
178+
images: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}
184179
# Generate Docker tags based on the following events/attributes.
185180
# To prevent unnecessary image builds we simulate the `type=edge` tag
186181
# with `type=raw,value=edge,enable=...` which only enables the tag
@@ -208,7 +203,7 @@ jobs:
208203
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "${METADATA_JSON}") \
209204
$(printf "${CONTAINER}@sha256:%s " *)
210205
env:
211-
CONTAINER: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}
206+
CONTAINER: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}
212207
METADATA_JSON: ${{ steps.metadata.outputs.json }}
213208
shell: bash
214209
working-directory: ${{ runner.temp }}/digests
@@ -219,44 +214,44 @@ jobs:
219214
output=$(docker buildx imagetools inspect "${CONTAINER}" --format '{{json .}}')
220215
echo "digest=$(echo "$output" | jq -r '.manifest.digest // .manifests[0].digest')" >> "$GITHUB_OUTPUT"
221216
env:
222-
CONTAINER: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
217+
CONTAINER: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
223218
- run: |
224219
set -Eeuo pipefail
225220
wget -O diffoci https://github.com/reproducible-containers/diffoci/releases/download/v0.1.7/diffoci-v0.1.7.linux-amd64
226221
chmod +x diffoci
227222
./diffoci diff --semantic --report-file=container-diff.json "${FROM_CONTAINER}" "${TO_CONTAINER}" || true
228223
env:
229-
FROM_CONTAINER: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}:edge
230-
TO_CONTAINER: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
224+
FROM_CONTAINER: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}:edge
225+
TO_CONTAINER: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
231226
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
232227
with:
233-
name: container-diff-${{ needs.sanitize-image-name.outputs.image-basename }}
228+
name: container-diff-${{ needs.sanitize-inputs.outputs.image-basename }}
234229
path: container-diff.json
235230
retention-days: 10
236231
- uses: philips-software/amp-devcontainer/.github/actions/container-size-diff@ab0940b1e92f3ccee257d5984166c63c8cfe6a9d # v6.5.0
237232
id: container-size-diff
238233
with:
239-
from-container: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}:edge
240-
to-container: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
234+
from-container: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}:edge
235+
to-container: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
241236
- uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
242237
with:
243-
header: container-size-diff-${{ needs.sanitize-image-name.outputs.image-basename }}
238+
header: container-size-diff-${{ needs.sanitize-inputs.outputs.image-basename }}
244239
message: |
245240
${{ steps.container-size-diff.outputs.size-diff-markdown }}
246241
- uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
247242
with:
248-
image: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}@${{ steps.inspect-manifest.outputs.digest }}
243+
image: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}@${{ steps.inspect-manifest.outputs.digest }}
249244
dependency-snapshot: true
250245
- uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
251246
with:
252-
subject-name: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}
247+
subject-name: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}
253248
subject-digest: ${{ steps.inspect-manifest.outputs.digest }}
254249
show-summary: false
255250
push-to-registry: true
256251
- name: Verify attestation
257252
run: gh attestation verify --repo "${GH_REPO}" "oci://${FULLY_QUALIFIED_IMAGE_NAME}@${DIGEST}"
258253
env:
259254
DIGEST: ${{ steps.inspect-manifest.outputs.digest }}
260-
FULLY_QUALIFIED_IMAGE_NAME: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}
255+
FULLY_QUALIFIED_IMAGE_NAME: ${{ needs.sanitize-inputs.outputs.fully-qualified-image-name }}
261256
GH_REPO: ${{ github.repository }}
262257
GH_TOKEN: ${{ github.token }}

.github/workflows/wc-integration-test.yml

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,10 @@ on:
2020
description: "Runner to use for the job, will be passed to `runs-on`"
2121
required: true
2222
type: string
23+
runner-arch:
24+
description: "Architecture of the runner executing the job, only used for job naming and test report files"
25+
required: true
26+
type: string
2327
registry:
2428
description: "Docker registry to push built containers to, DOCKER_REGISTRY_USERNAME and DOCKER_REGISTRY_PASSWORD secrets must be set if not using GitHub Container Registry"
2529
required: false
@@ -35,7 +39,7 @@ permissions: {}
3539

3640
jobs:
3741
run-test:
38-
name: 🧪 Integration Test
42+
name: 🧪 Integration Test (${{ inputs.runner-arch }})
3943
runs-on: ${{ (startsWith(inputs.runner-labels, '[') && endsWith(inputs.runner-labels, ']')) && fromJson(inputs.runner-labels) || inputs.runner-labels }}
4044
container:
4145
image: ${{ inputs.fully-qualified-image-name }}@${{ inputs.image-digest }}
@@ -52,15 +56,13 @@ jobs:
5256
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
5357
with:
5458
persist-credentials: false
55-
- run: echo "arch=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
56-
id: runner-arch
57-
- run: bats --formatter junit "${TEST_FILE}" | tee "test-report-${IMAGE_BASENAME}-${RUNNER_ARCH}.xml"
59+
- run: bats --formatter junit "${TEST_FILE}" | tee "test-report-${IMAGE_BASENAME}-${RUNNER_ARCHITECTURE}.xml"
5860
env:
5961
IMAGE_BASENAME: ${{ inputs.image-basename }}
6062
TEST_FILE: ${{ inputs.test-file }}
61-
RUNNER_ARCH: ${{ steps.runner-arch.outputs.arch }}
63+
RUNNER_ARCHITECTURE: ${{ inputs.runner-arch }}
6264
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
6365
if: ${{ !cancelled() }}
6466
with:
65-
name: test-results-integration-${{ inputs.image-basename }}-${{ steps.runner-arch.outputs.arch }}
67+
name: test-results-integration-${{ inputs.image-basename }}-${{ inputs.runner-arch }}
6668
path: test-report-*.xml

.github/workflows/wc-sanitize-image-name.yml renamed to .github/workflows/wc-sanitize-inputs.yml

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
name: Sanitize Image Name
2+
name: Sanitize Inputs
33

44
on:
55
workflow_call:
@@ -15,31 +15,38 @@ on:
1515
type: string
1616
outputs:
1717
image-basename:
18-
description: "The sanitized base name of the image (without registry or tag)"
18+
description: "The sanitized base name of the image"
1919
value: ${{ jobs.sanitize.outputs.image-basename }}
2020
image-name:
21-
description: "The sanitized name of the image (without registry or tag)"
21+
description: "The sanitized name of the image"
2222
value: ${{ jobs.sanitize.outputs.image-name }}
2323
fully-qualified-image-name:
24-
description: "The fully qualified name of the image including registry (but without tag)"
24+
description: "The fully qualified name of the image including registry"
2525
value: ${{ jobs.sanitize.outputs.fully-qualified-image-name }}
26+
runner-arch:
27+
description: "The architecture of the runner executing the job"
28+
value: ${{ jobs.sanitize.outputs.runner-arch }}
2629

2730
permissions: {}
2831

2932
jobs:
3033
sanitize:
31-
name: Sanitize Image Name
34+
name: Sanitize Inputs
3235
runs-on: ${{ (startsWith(inputs.runner-labels, '[') && endsWith(inputs.runner-labels, ']')) && fromJson(inputs.runner-labels) || inputs.runner-labels }}
3336
outputs:
3437
image-basename: ${{ steps.sanitize-image-name.outputs.sanitized-basename }}
3538
image-name: ${{ steps.sanitize-image-name.outputs.sanitized-image-name }}
3639
fully-qualified-image-name: ${{ inputs.registry }}/${{ steps.sanitize-image-name.outputs.sanitized-image-name }}
40+
runner-arch: ${{ steps.runner-arch.outputs.arch }}
3741
steps:
3842
- uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
3943
with:
4044
disable-sudo-and-containers: true
4145
allowed-endpoints: >
4246
api.github.com:443
47+
- name: Sanitize runner architecture
48+
id: runner-arch
49+
run: echo "arch=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
4350
- name: Sanitize image name
4451
id: sanitize-image-name
4552
env:

0 commit comments

Comments
 (0)