Optimize workflow: Run tests only on PRs to save runner minutes #10
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Container | |
| on: | |
| push: | |
| tags: | |
| # Match SemVer tags without 'v' prefix (e.g., 1.0.0, 2.1.3) | |
| - '[0-9]+.[0-9]+.[0-9]+' | |
| # Allow manual triggering for testing | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Version to use for tagging (for testing only)' | |
| required: true | |
| default: 'test' | |
| jobs: | |
| build-and-publish: | |
| name: Build and Publish Container | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # Podman is pre-installed on the GitHub Ubuntu runner | |
| - name: Check Podman version | |
| run: podman --version | |
| - name: Extract version from tag | |
| id: get-version | |
| run: | | |
| if [[ "${{ github.event_name }}" == "push" ]]; then | |
| # For tag push events, use the tag name | |
| VERSION=${GITHUB_REF#refs/tags/} | |
| else | |
| # For workflow_dispatch, use the input version | |
| VERSION=${{ github.event.inputs.version }} | |
| fi | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "Using version: $VERSION" | |
| - name: Log in to GitHub Container Registry | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Prepare image name | |
| id: prep | |
| run: | | |
| REPO_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') | |
| IMAGE_NAME="ghcr.io/${REPO_NAME}/troubleshoot-mcp-server" | |
| echo "image=${IMAGE_NAME}" >> $GITHUB_OUTPUT | |
| echo "Image name: ${IMAGE_NAME}" | |
| - name: Set file permissions | |
| run: | | |
| chmod +x scripts/build.sh | |
| chmod +x scripts/run.sh | |
| chmod +x scripts/run_tests.sh | |
| chmod +x scripts/setup_env.sh | |
| chmod +x scripts/generate_test_keys.sh | |
| - name: Verify melange/apko availability via containers | |
| run: | | |
| # Test that melange and apko work via containers (as used in our build system) | |
| # We run them in containers rather than installing binaries directly | |
| podman run --rm cgr.dev/chainguard/melange:latest version | |
| podman run --rm cgr.dev/chainguard/apko:latest version | |
| - name: Verify melange and apko configs exist | |
| run: | | |
| if [ ! -f .melange.yaml ]; then | |
| echo "ERROR: .melange.yaml not found" | |
| exit 1 | |
| fi | |
| if [ ! -f apko.yaml ]; then | |
| echo "ERROR: apko.yaml not found" | |
| exit 1 | |
| fi | |
| echo "Configuration files found:" | |
| ls -la .melange.yaml apko.yaml | |
| - name: Setup melange signing key | |
| run: | | |
| # Create temporary signing key from secret | |
| echo "${{ secrets.MELANGE_RSA }}" > melange.rsa | |
| chmod 600 melange.rsa | |
| - name: Build with melange and apko | |
| env: | |
| IMAGE_NAME: ${{ steps.prep.outputs.image }} | |
| VERSION: ${{ steps.get-version.outputs.version }} | |
| run: | | |
| # Build melange package with signing key using containerized melange | |
| podman run --rm --privileged --cap-add=SYS_ADMIN -v "$PWD":/work cgr.dev/chainguard/melange build .melange.yaml --arch=amd64 --signing-key=melange.rsa | |
| # Build apko image using containerized apko | |
| podman run --rm --privileged --cap-add=SYS_ADMIN -v "$PWD":/work cgr.dev/chainguard/apko build apko.yaml ${IMAGE_NAME}:${VERSION} ${IMAGE_NAME}.tar --arch=amd64 | |
| # Load into podman | |
| podman load < ${IMAGE_NAME##*/}.tar | |
| # Tag with "latest" if this is not a test run | |
| if [[ "${{ github.event_name }}" == "push" ]]; then | |
| podman tag ${IMAGE_NAME}:${VERSION} ${IMAGE_NAME}:latest | |
| fi | |
| - name: Cleanup signing key | |
| if: always() | |
| run: | | |
| # Remove temporary signing key | |
| rm -f melange.rsa | |
| - name: Push container to GitHub Container Registry | |
| env: | |
| IMAGE_NAME: ${{ steps.prep.outputs.image }} | |
| VERSION: ${{ steps.get-version.outputs.version }} | |
| run: | | |
| podman push ${IMAGE_NAME}:${VERSION} | |
| # Push "latest" tag if this is not a test run | |
| if [[ "${{ github.event_name }}" == "push" ]]; then | |
| podman push ${IMAGE_NAME}:latest | |
| fi | |
| - name: Output image details | |
| run: | | |
| echo "::notice::Published image: ghcr.io/${{ github.repository }}/troubleshoot-mcp-server:${{ steps.get-version.outputs.version }}" |