Skip to content

ci: overhaul image build and promotion flow#68

Open
oguzkaganozt wants to merge 1 commit into
mainfrom
fix/ci-overhaul-release-pipeline
Open

ci: overhaul image build and promotion flow#68
oguzkaganozt wants to merge 1 commit into
mainfrom
fix/ci-overhaul-release-pipeline

Conversation

@oguzkaganozt
Copy link
Copy Markdown
Collaborator

@oguzkaganozt oguzkaganozt commented May 4, 2026

Summary

  • Make build tags deterministic (RUN_ID-RUN_ATTEMPT) so scans and release promotion target the exact build that produced the images.
  • Replace the old scheduled release workflow with a manual promotion workflow and add OCI labels, a build summary, and scheduled failure notification.
  • Free disk space earlier in the heavy image build jobs.

Review fixes

  • Resolve scan tags from the latest successful build run instead of guessing a tag.
  • Remove date-based tag reconstruction that could drift across midnight UTC.

@oguzkaganozt
ci: overhaul image build and promotion flow
c9aa415 
Use run-based immutable tags so release promotion and scans target the exact build that produced the images.
@oguzkaganozt oguzkaganozt requested a review from youtalk as a code owner May 4, 2026 09:46
@oguzkaganozt oguzkaganozt mentioned this pull request May 4, 2026
Closed
@oguzkaganozt oguzkaganozt requested a review from mitsudome-r May 4, 2026 12:11
mitsudome-r
mitsudome-r reviewed May 14, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@mitsudome-r mitsudome-r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you have tested the workflows on your fork, it would be nice if you could post the links in the PR description

Comment thread .github/workflows/scan.yaml
@@ -0,0 +1,77 @@
name: scan-images
Copy link
Copy Markdown
Member

@mitsudome-r mitsudome-r May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a brief description as a comment at the top of the file to explain what this workflow is for?

Comment thread .github/workflows/release.yaml
@@ -0,0 +1,178 @@
name: release
Copy link
Copy Markdown
Member

@mitsudome-r mitsudome-r May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a brief description to explain what this workflow is for?
Something like the following:

Suggested change
name: release
# Manually-triggered workflow that promotes images from a build-all-images run
# (identified by `build_tag`) to the release `version`, then creates the git
# tag and GitHub Release. This workflow does not rebuild — only re-tags existing
# manifests.
name: release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mitsudome-r mitsudome-r mitsudome-r left review comments

@youtalk youtalk Awaiting requested review from youtalk youtalk is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oguzkaganozt @mitsudome-r