ci: use OCI artifacts for PR image tests

[Amnoor]

Summary

This PR updates .github/workflows/pr-tests.yml on the develop-v1+node24 line to stop pushing PR test images to Docker Hub and instead pass the built image between jobs as an OCI artifact. The test workflow now uploads the multi-arch build output from build-image, downloads it in test-image, extracts a per-architecture image into the local Docker daemon with skopeo, and removes the artifact after testing. The artifact name includes the pull request number so concurrent PR runs do not share the same artifact identifier.

Files Changed

Added:

• None

Modified:

• .github/
  • workflows/
    • pr-tests.yml

Deleted:

• None

Key Changes

• Removed the Login to Docker Hub step from build-image and changed the Build Image step in .github/workflows/pr-tests.yml from push: true to push: false with outputs: type=oci,dest=image.tar, so the workflow produces a local OCI archive instead of publishing a PR image to Docker Hub.
• Added Upload Docker Image Artifact in build-image using actions/upload-artifact@v4 to persist image.tar as docker-image-pr-${{ github.event.pull_request.number }} for the downstream test job.
• Removed the Docker Hub login and docker pull flow from test-image, changed TEST_IMAGE from runtimenode/test:pr-${{ github.event.pull_request.number }} to test:pr-${{ github.event.pull_request.number }}, and added Download Docker Image Artifact plus Extract single-arch image with Skopeo so each matrix entry loads its own linux/amd64 or linux/arm64 image as test:pr-<number>-<arch>.
• Updated every docker run assertion in test-image to resolve ${{ matrix.platform }} into ARCH and run against ${{ env.TEST_IMAGE }}-$ARCH, keeping the existing smoke and integrity checks while testing the locally extracted per-architecture image.
• Added artifact-clean-up job with geekyeggo/delete-artifact@v4 to remove docker-image-pr-${{ github.event.pull_request.number }} after test-image completes.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8ad5d0606a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Avoid hard-failing artifact deletion on fork PRs

This new step can fail the whole pull_request workflow after tests pass when the run token is read-only (the default for many forked PR contexts), because geekyeggo/delete-artifact@v4 deletes via the Actions API and requires write access to Actions. Since failOnError defaults to true, a 403 here marks the check red for external contributors even though image tests succeeded; add explicit permissions: actions: write where allowed, or set failOnError: false/conditional execution for read-only contexts.

Useful? React with 👍 / 👎.