fly316/PX4-Autopilot
7
0
Fork 0
mirror of https://gitee.com/mirrors_PX4/PX4-Autopilot.git synced 2026-05-17 11:37:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

ci(container): harden dev_container workflow against cache-export flakes

Browse Source 
Three related fixes to prevent a repeat of the v1.17.0-rc2 incident, where a
post-push GHA cache-export 404 failed the arm64 build after both registry
pushes had already succeeded, fail-fast cancelled amd64, and the deploy job
was skipped, leaving the registries with only a partial arm64 publish and no
multi-arch manifest.

- Mark cache export as non-fatal via ignore-error=true on cache-to. A
  successful registry push should never be undone by a cache-layer flake.
  This alone would have let rc2 publish correctly.

- Decouple the deploy job from the build job's exit code. Change its if:
  gate to !cancelled() + setup success only, and promote the existing
  "Verify Images Exist Before Creating Manifest" step from a warning into
  a hard precondition. Deploy now runs whenever both per-arch tags actually
  exist in the registries, which is its real precondition, and fails loudly
  if a tag is missing.

- Bump every action to the current major (runs-on/action v2,
  actions/checkout v5, docker/login-action v4, docker/setup-buildx-action v4,
  docker/build-push-action v7, docker/metadata-action v6). This gets the
  workflow off Node 20 before GitHub's June 2 2026 forced runtime switch
  and keeps runs-on/action on the same major as the runs-on platform.

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
This commit is contained in:
Ramon Roche
2026-04-06 21:53:57 -07:00
parent 89e575ed34
commit d74db56a06
1 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/dev_container.yml
+22 -19
View File
@@ -45,8 +45,8 @@ jobs:
meta_tags: ${{ steps.meta.outputs.tags }} meta_tags: ${{ steps.meta.outputs.tags }}
meta_labels: ${{ steps.meta.outputs.labels }} meta_labels: ${{ steps.meta.outputs.labels }}
steps: steps:
- uses: runs-on/action@v1 - uses: runs-on/action@v2
- uses: actions/checkout@v4 - uses: actions/checkout@v5
with: with:
fetch-tags: true fetch-tags: true
submodules: false submodules: false
@@ -64,7 +64,7 @@ jobs:
- name: Extract metadata (tags, labels) for Docker - name: Extract metadata (tags, labels) for Docker
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v6
with: with:
images: | images: |
ghcr.io/PX4/px4-dev ghcr.io/PX4/px4-dev
@@ -89,22 +89,22 @@ jobs:
runner: x64 runner: x64
runs-on: [runs-on,"runner=4cpu-linux-${{ matrix.runner }}","image=ubuntu24-full-${{ matrix.runner }}","run-id=${{ github.run_id }}",extras=s3-cache,spot=false] runs-on: [runs-on,"runner=4cpu-linux-${{ matrix.runner }}","image=ubuntu24-full-${{ matrix.runner }}","run-id=${{ github.run_id }}",extras=s3-cache,spot=false]
steps: steps:
- uses: runs-on/action@v1 - uses: runs-on/action@v2
- uses: actions/checkout@v4 - uses: actions/checkout@v5
with: with:
fetch-tags: true fetch-tags: true
submodules: false submodules: false
fetch-depth: 0 fetch-depth: 0
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v3 uses: docker/login-action@v4
if: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }} if: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }}
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 uses: docker/login-action@v4
if: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }} if: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }}
with: with:
registry: ghcr.io registry: ghcr.io
@@ -112,13 +112,13 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v4
with: with:
driver: docker-container driver: docker-container
platforms: ${{ matrix.platform }} platforms: ${{ matrix.platform }}
- name: Build and Load Container Image - name: Build and Load Container Image
uses: docker/build-push-action@v6 uses: docker/build-push-action@v7
id: docker id: docker
with: with:
context: Tools/setup context: Tools/setup
@@ -131,7 +131,7 @@ jobs:
push: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }} push: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }}
provenance: false provenance: false
cache-from: type=gha,scope=${{ matrix.arch }} cache-from: type=gha,scope=${{ matrix.arch }}
cache-to: type=gha,mode=max,scope=${{ matrix.arch }} cache-to: type=gha,mode=max,scope=${{ matrix.arch }},ignore-error=true
deploy: deploy:
name: Deploy To Registry name: Deploy To Registry
@@ -140,23 +140,26 @@ jobs:
packages: write packages: write
runs-on: [runs-on,"runner=4cpu-linux-x64","image=ubuntu24-full-x64","run-id=${{ github.run_id }}",extras=s3-cache,spot=false] runs-on: [runs-on,"runner=4cpu-linux-x64","image=ubuntu24-full-x64","run-id=${{ github.run_id }}",extras=s3-cache,spot=false]
needs: [build, setup] needs: [build, setup]
if: ${{ startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry) }} if: |
!cancelled() &&
needs.setup.result == 'success' &&
(startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_to_registry == 'true'))
steps: steps:
- uses: runs-on/action@v1 - uses: runs-on/action@v2
- uses: actions/checkout@v4 - uses: actions/checkout@v5
with: with:
fetch-tags: true fetch-tags: true
submodules: false submodules: false
fetch-depth: 0 fetch-depth: 0
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v3 uses: docker/login-action@v4
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 uses: docker/login-action@v4
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -164,10 +167,10 @@ jobs:
- name: Verify Images Exist Before Creating Manifest - name: Verify Images Exist Before Creating Manifest
run: | run: |
docker manifest inspect px4io/px4-dev:${{ needs.setup.outputs.px4_version }}-arm64 || echo "⚠️ Warning: No ARM64 image found!" docker manifest inspect px4io/px4-dev:${{ needs.setup.outputs.px4_version }}-arm64
docker manifest inspect px4io/px4-dev:${{ needs.setup.outputs.px4_version }}-amd64 || echo "⚠️ Warning: No AMD64 image found!" docker manifest inspect px4io/px4-dev:${{ needs.setup.outputs.px4_version }}-amd64
docker manifest inspect ghcr.io/px4/px4-dev:${{ needs.setup.outputs.px4_version }}-arm64 || echo "⚠️ Warning: No ARM64 image found!" docker manifest inspect ghcr.io/px4/px4-dev:${{ needs.setup.outputs.px4_version }}-arm64
docker manifest inspect ghcr.io/px4/px4-dev:${{ needs.setup.outputs.px4_version }}-amd64 || echo "⚠️ Warning: No AMD64 image found!" docker manifest inspect ghcr.io/px4/px4-dev:${{ needs.setup.outputs.px4_version }}-amd64
- name: Create and Push Multi-Arch Manifest for Docker Hub - name: Create and Push Multi-Arch Manifest for Docker Hub
run: | run: |