From 9025b6a0fa02c46dd9c859882f1562c6a8ffa45f Mon Sep 17 00:00:00 2001 From: dsx137 <70027572+dsx137@users.noreply.github.com> Date: Mon, 6 Jul 2026 10:37:53 +0800 Subject: [PATCH] ci: serialize release image workflows --- ...cker-build-and-release-services-images.yml | 27 ++++++-- .github/workflows/publish-docker-image.yml | 25 ++++++- .github/workflows/release.yml | 56 +++++++++++++++ .../update-version-file-on-release.yml | 69 +++++++++++++++++-- 4 files changed, 164 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/docker-build-and-release-services-images.yml b/.github/workflows/docker-build-and-release-services-images.yml index 941f83cfa..2f69434fc 100644 --- a/.github/workflows/docker-build-and-release-services-images.yml +++ b/.github/workflows/docker-build-and-release-services-images.yml @@ -4,14 +4,26 @@ on: push: branches: - release-* - release: - types: [published] workflow_dispatch: inputs: tag: description: "Tag version to be used for Docker image" required: true default: "v3.8.3" + workflow_call: + inputs: + tag: + description: "Tag version to be used for Docker image" + required: true + type: string + checkout_sha: + description: "Commit SHA to checkout" + required: true + type: string + checkout_short_sha: + description: "Short commit SHA for image tags" + required: true + type: string jobs: build-and-push: @@ -23,6 +35,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v7.0.0 + with: + ref: ${{ inputs.checkout_sha || inputs.tag || github.event.inputs.tag }} - name: Set up QEMU uses: docker/setup-qemu-action@v4.1.0 @@ -53,8 +67,9 @@ jobs: - name: Resolve Docker image tags id: tags env: - INPUT_TAG: ${{ github.event.inputs.tag }} + INPUT_TAG: ${{ inputs.tag || github.event.inputs.tag }} RELEASE_TAG: ${{ github.event.release.tag_name }} + CHECKOUT_SHORT_SHA: ${{ inputs.checkout_short_sha }} run: | set -euo pipefail @@ -84,13 +99,17 @@ jobs: add_tag_with_semver_alias "${INPUT_TAG:-}" add_tag_with_semver_alias "${RELEASE_TAG:-}" + if [[ "${GITHUB_EVENT_NAME:-}" == "release" && "${{ github.event.release.prerelease }}" != "true" ]]; then + add_tag "latest" + fi + if [[ "${GITHUB_REF_TYPE:-}" == "tag" ]]; then add_tag_with_semver_alias "${GITHUB_REF_NAME}" elif [[ "${GITHUB_REF_TYPE:-}" == "branch" ]]; then add_tag "${GITHUB_REF_NAME}" fi - add_tag "sha-${GITHUB_SHA::7}" + add_tag "sha-${CHECKOUT_SHORT_SHA:-${GITHUB_SHA::7}}" { echo "tags</dev/null; then + echo "target_branch must be an existing branch: ${TARGET_BRANCH}" + exit 1 + fi + git checkout -B "${TARGET_BRANCH}" "origin/${TARGET_BRANCH}" + - name: Safe submodule initialization run: | echo "Checking for submodules..." @@ -48,7 +92,6 @@ jobs: run: | if git rev-parse ${{ env.TAG_VERSION }} >/dev/null 2>&1; then git tag -d ${{ env.TAG_VERSION }} - git push --delete origin ${{ env.TAG_VERSION }} fi # Step 4: Update version file @@ -62,14 +105,28 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + set -euo pipefail git add version/version - git commit -m "Update version to ${{ env.TAG_VERSION }}" + if git diff --cached --quiet; then + echo "version/version already matches ${TAG_VERSION}" + else + git commit -m "Update version to ${{ env.TAG_VERSION }}" + git push origin HEAD:${TARGET_BRANCH} + fi # Step 6: Update tag - name: Update tag run: | + set -euo pipefail git tag -fa ${{ env.TAG_VERSION }} -m "Update version to ${{ env.TAG_VERSION }}" - git push origin ${{ env.TAG_VERSION }} --force + git push origin refs/tags/${{ env.TAG_VERSION }}:refs/tags/${{ env.TAG_VERSION }} --force + + - name: Resolve updated tag SHA + id: resolve-tag + run: | + updated_sha="$(git rev-parse "${TAG_VERSION}^{commit}")" + echo "updated_sha=$updated_sha" >> "$GITHUB_OUTPUT" + echo "updated_short_sha=${updated_sha:0:12}" >> "$GITHUB_OUTPUT" # Step 7: Find and Publish Draft Release - name: Find and Publish Draft Release