fly316/PX4-Autopilot
7
0
Fork 0
mirror of https://gitee.com/mirrors_PX4/PX4-Autopilot.git synced 2026-04-14 10:07:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

ci(container): harden dev_container workflow against cache-export flakes

Browse Source 
Three related fixes to prevent a repeat of the v1.17.0-rc2 incident, where a
post-push GHA cache-export 404 failed the arm64 build after both registry
pushes had already succeeded, fail-fast cancelled amd64, and the deploy job
was skipped, leaving the registries with only a partial arm64 publish and no
multi-arch manifest.

- Mark cache export as non-fatal via ignore-error=true on cache-to. A
  successful registry push should never be undone by a cache-layer flake.
  This alone would have let rc2 publish correctly.

- Decouple the deploy job from the build job's exit code. Change its if:
  gate to !cancelled() + setup success only, and promote the existing
  "Verify Images Exist Before Creating Manifest" step from a warning into
  a hard precondition. Deploy now runs whenever both per-arch tags actually
  exist in the registries, which is its real precondition, and fails loudly
  if a tag is missing.

- Bump every action to the current major (runs-on/action v2,
  actions/checkout v5, docker/login-action v4, docker/setup-buildx-action v4,
  docker/build-push-action v7, docker/metadata-action v6). This gets the
  workflow off Node 20 before GitHub's June 2 2026 forced runtime switch
  and keeps runs-on/action on the same major as the runs-on platform.

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
This commit is contained in:
Ramon Roche 2026-04-06 21:53:57 -07:00
parent 89e575ed34
commit d74db56a06
1 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.github/workflows/dev_container.yml vendored
View File

@ -45,8 +45,8 @@ jobs:
meta_tags: ${{ steps.meta.outputs.tags }}
meta_labels: ${{ steps.meta.outputs.labels }}
steps:
- uses: runs-on/action@v1
- uses: actions/checkout@v4
- uses: runs-on/action@v2
- uses: actions/checkout@v5
with:
fetch-tags: true
submodules: false
@ -64,7 +64,7 @@ jobs:
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: |
ghcr.io/PX4/px4-dev
@ -89,22 +89,22 @@ jobs:
runner: x64
runs-on: [runs-on,"runner=4cpu-linux-${{ matrix.runner }}","image=ubuntu24-full-${{ matrix.runner }}","run-id=${{ github.run_id }}",extras=s3-cache,spot=false]
steps:
- uses: runs-on/action@v1
- uses: actions/checkout@v4
- uses: runs-on/action@v2
- uses: actions/checkout@v5
with:
fetch-tags: true
submodules: false
fetch-depth: 0
- name: Login to Docker Hub
uses: docker/login-action@v3
uses: docker/login-action@v4
if: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }}
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
if: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }}
with:
registry: ghcr.io
@ -112,13 +112,13 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
with:
driver: docker-container
platforms: ${{ matrix.platform }}
- name: Build and Load Container Image
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
id: docker
with:
context: Tools/setup
@ -131,7 +131,7 @@ jobs:
push: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }}
provenance: false
cache-from: type=gha,scope=${{ matrix.arch }}
cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
cache-to: type=gha,mode=max,scope=${{ matrix.arch }},ignore-error=true
deploy:
name: Deploy To Registry
@ -140,23 +140,26 @@ jobs:
packages: write
runs-on: [runs-on,"runner=4cpu-linux-x64","image=ubuntu24-full-x64","run-id=${{ github.run_id }}",extras=s3-cache,spot=false]
needs: [build, setup]
if: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }}
if: |
!cancelled() &&
needs.setup.result == 'success' &&
(startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry == 'true'))
steps:
- uses: runs-on/action@v1
- uses: actions/checkout@v4
- uses: runs-on/action@v2
- uses: actions/checkout@v5
with:
fetch-tags: true
submodules: false
fetch-depth: 0
- name: Login to Docker Hub
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -164,10 +167,10 @@ jobs:
- name: Verify Images Exist Before Creating Manifest
run: |
docker manifest inspect px4io/px4-dev:${{ needs.setup.outputs.px4_version }}-arm64 || echo "⚠️ Warning: No ARM64 image found!"
docker manifest inspect px4io/px4-dev:${{ needs.setup.outputs.px4_version }}-amd64 || echo "⚠️ Warning: No AMD64 image found!"
docker manifest inspect ghcr.io/px4/px4-dev:${{ needs.setup.outputs.px4_version }}-arm64 || echo "⚠️ Warning: No ARM64 image found!"
docker manifest inspect ghcr.io/px4/px4-dev:${{ needs.setup.outputs.px4_version }}-amd64 || echo "⚠️ Warning: No AMD64 image found!"
docker manifest inspect px4io/px4-dev:${{ needs.setup.outputs.px4_version }}-arm64
docker manifest inspect px4io/px4-dev:${{ needs.setup.outputs.px4_version }}-amd64
docker manifest inspect ghcr.io/px4/px4-dev:${{ needs.setup.outputs.px4_version }}-arm64
docker manifest inspect ghcr.io/px4/px4-dev:${{ needs.setup.outputs.px4_version }}-amd64
- name: Create and Push Multi-Arch Manifest for Docker Hub
run: |