Skip to content

Commit cac0f6e

Browse files
fffonionfffonion
committed
fix(cd): use correct sha for PR based docker build
KAG-3251
1 parent 1c4bfb3 commit cac0f6e

File tree

1 file changed

+15
-11
lines changed

1 file changed

+15
-11
lines changed

.github/workflows/release.yml

+15-11
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,8 @@ jobs:
5555
deploy-environment: ${{ steps.build-info.outputs.deploy-environment }}
5656
matrix: ${{ steps.build-info.outputs.matrix }}
5757
arch: ${{ steps.build-info.outputs.arch }}
58+
# use github.event.pull_request.head.sha instead of github.sha on a PR, as github.sha on PR is the merged commit (temporary commit)
59+
commit-sha: ${{ github.event.pull_request.head.sha || github.sha }}
5860

5961
steps:
6062
- uses: actions/checkout@v3
@@ -342,11 +344,13 @@ jobs:
342344
- name: Docker meta
343345
id: meta
344346
uses: docker/metadata-action@v5
347+
env:
348+
DOCKER_METADATA_PR_HEAD_SHA: true
345349
with:
346350
images: ${{ needs.metadata.outputs.prerelease-docker-repository }}
347351
tags: |
348-
type=raw,${{ github.sha }}-${{ matrix.label }}
349-
type=raw,enable=${{ matrix.label == 'ubuntu' }},${{ github.sha }}
352+
type=raw,${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
353+
type=raw,enable=${{ matrix.label == 'ubuntu' }},${{ needs.metadata.outputs.commit-sha }}
350354
351355
- name: Set up QEMU
352356
if: matrix.docker-platforms != ''
@@ -400,7 +404,7 @@ jobs:
400404
token: ${{ secrets.GHA_COMMENT_TOKEN }}
401405
body: |
402406
### Bazel Build
403-
Docker image available `${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}`
407+
Docker image available `${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}`
404408
Artifacts available https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
405409
406410
verify-manifest-images:
@@ -429,7 +433,7 @@ jobs:
429433
# docker image verify requires sudo to set correct permissions, so we
430434
# also install deps for root
431435
sudo -E pip install -r requirements.txt
432-
IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }}
436+
IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
433437
434438
sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s docker-image
435439
@@ -451,7 +455,7 @@ jobs:
451455
matrix:
452456
include: "${{ fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] }}"
453457
env:
454-
IMAGE: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }}
458+
IMAGE: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
455459
steps:
456460
- name: Install regctl
457461
uses: regclient/actions/regctl-installer@main
@@ -490,16 +494,16 @@ jobs:
490494
if: steps.image_manifest_metadata.outputs.amd64_sha != ''
491495
uses: Kong/public-shared-actions/security-actions/scan-docker-image@v1
492496
with:
493-
asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-amd64
494-
image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }}
497+
asset_prefix: kong-${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}-linux-amd64
498+
image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
495499

496500
- name: Scan ARM64 Image digest
497501
if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != ''
498502
id: sbom_action_arm64
499503
uses: Kong/public-shared-actions/security-actions/scan-docker-image@v1
500504
with:
501-
asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-arm64
502-
image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }}
505+
asset_prefix: kong-${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}-linux-arm64
506+
image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
503507

504508
smoke-tests:
505509
name: Smoke Tests - ${{ matrix.label }}
@@ -552,7 +556,7 @@ jobs:
552556
--restart always \
553557
--network=host -d \
554558
--pull always \
555-
${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }} \
559+
${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} \
556560
sh -c "kong migrations bootstrap && kong start"
557561
sleep 3
558562
docker logs kong
@@ -697,7 +701,7 @@ jobs:
697701
env:
698702
TAGS: "${{ steps.meta.outputs.tags }}"
699703
run: |
700-
PRERELEASE_IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }}
704+
PRERELEASE_IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
701705
docker pull $PRERELEASE_IMAGE
702706
for tag in $TAGS; do
703707
regctl -v debug image copy $PRERELEASE_IMAGE $tag

0 commit comments

Comments
 (0)