Skip to content

CI: Build & Push Docker Images on Tags, Manual ECR Transfer #1027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 14, 2025
Merged

CI: Build & Push Docker Images on Tags, Manual ECR Transfer #1027

merged 3 commits into from
Aug 14, 2025
+176 −240

Conversation

macpie
Copy link
Member

@macpie macpie commented Aug 11, 2025
edited
Loading

CI Improvement Overview

This PR overhauls our CI workflows to enable:

  • Automatic Docker image build and push to GHCR when pushing a tag.
  • A manual ECRPush workflow to selectively pull built images, re-tag them, and push to Amazon ECR.
  • Use of ${{ github.ref_name }} as the source tag—only valid when the workflow is manually triggered from a tag, enforced with if: startsWith(github.ref, 'refs/tags/').

Key changes include:

  • compute-tag job, which hashes Dockerfile and rust-toolchain.toml to generate a stable image_tag.
  • build-base job that pulls the base image if cached, otherwise builds and pushes to GHCR.
  • fmt and clippy jobs that run inside the built base image container—this eliminates docker run and caching permission steps.
  • tests job now runs inside the base image, with updated service connectivity (e.g., localstack accessible via service name).
  • build-image job pushes per-package runner images to GHCR on tag push.
  • ECRPush workflow—triggered manually from a tag—to transfer images from GHCR to ECR.

@macpie macpie marked this pull request as ready for review August 11, 2025 22:31
@macpie macpie changed the title Improve CI CI: Build & Push Docker Images on Tags, Manual ECR Transfer Aug 11, 2025
@michaeldjeffrey
Copy link
Contributor

Only gripe is the naming of compute-tag.
When looking at that step I was expecting it to compute the tag for one of our deployable artifact, not only the base image to build everything from.

And just to make sure, we're only expecting that tag to update when we change rust version? Not when we update any deps?...

Maybe compute-base-build-tag

bbalser
bbalser reviewed Aug 13, 2025
View reviewed changes
@macpie
Copy link
Member Author

macpie commented Aug 13, 2025

And just to make sure, we're only expecting that tag to update when we change rust version? Not when we update any deps?...

Yes cause it only takes rust-toolchain.toml and Dockerfile

@bbalser bbalser merged commit 4158a5b into main Aug 14, 2025
57 checks passed
@bbalser bbalser deleted the macpie/ci_upgrade branch August 14, 2025 13:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bbalser bbalser bbalser approved these changes

@michaeldjeffrey michaeldjeffrey michaeldjeffrey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@macpie @michaeldjeffrey @bbalser