diff --git a/.github/workflows/build-notebooks-TEMPLATE.yaml b/.github/workflows/build-notebooks-TEMPLATE.yaml index 5dea96a64..0b9fcbcf2 100644 --- a/.github/workflows/build-notebooks-TEMPLATE.yaml +++ b/.github/workflows/build-notebooks-TEMPLATE.yaml @@ -20,6 +20,8 @@ jobs: build: runs-on: ubuntu-22.04 env: + # We don't push here when building PRs, so we can use the same IMAGE_REGISTRY in all branches of the workflow + IMAGE_REGISTRY: "ghcr.io/${{ github.repository }}/workbench-images" # GitHub image registry used for storing $(CONTAINER_ENGINE)'s cache CACHE: "ghcr.io/${{ github.repository }}/workbench-images/build-cache" TRIVY_VERSION: 0.57.1 @@ -115,6 +117,15 @@ jobs: systemctl --user start homebrew.podman.service echo "PODMAN_SOCK=/run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV + - name: Calculate image name and tag + id: calculated_vars + run: | + SANITIZED_REF_NAME=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9._-]/_/g') + IMAGE_TAG="${SANITIZED_REF_NAME}_${{ github.sha }}" + + echo "IMAGE_TAG=${IMAGE_TAG}" >> "$GITHUB_OUTPUT" + echo "OUTPUT_IMAGE=${{ env.IMAGE_REGISTRY}}:${{ inputs.target }}-${IMAGE_TAG}" >> "$GITHUB_OUTPUT" + - name: "pull_request|schedule: resolve target if Trivy scan should run" id: resolve-target if: ${{ fromJson(inputs.github).event_name == 'pull_request' || fromJson(inputs.github).event_name == 'schedule' }} @@ -128,7 +139,7 @@ jobs: TARGET="$FS_SCAN_FOLDER" TYPE="fs" else - TARGET="ghcr.io/${{ github.repository }}/workbench-images:${{ inputs.target }}-${{ github.sha }}" + TARGET="${{ steps.calculated_vars.outputs.OUTPUT_IMAGE }}" TYPE="image" fi elif [[ "$EVENT_NAME" == "schedule" ]]; then @@ -136,7 +147,7 @@ jobs: TARGET="$FS_SCAN_FOLDER" TYPE="fs" else - TARGET="ghcr.io/${{ github.repository }}/workbench-images:${{ inputs.target }}-${{ github.ref_name }}_${{ github.sha }}" + TARGET="${{ steps.calculated_vars.outputs.OUTPUT_IMAGE }}" TYPE="image" fi fi @@ -172,12 +183,10 @@ jobs: # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push - name: "push|schedule: make ${{ inputs.target }}" run: | - SANITIZED_REF_NAME=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9._-]/_/g') - export IMAGE_TAG="${SANITIZED_REF_NAME}_${{ github.sha }}" make ${{ inputs.target }} if: ${{ fromJson(inputs.github).event_name == 'push' || fromJson(inputs.github).event_name == 'schedule' }} env: - IMAGE_REGISTRY: "ghcr.io/${{ github.repository }}/workbench-images" + IMAGE_TAG: "${{ steps.calculated_vars.outputs.IMAGE_TAG }}" CONTAINER_BUILD_CACHE_ARGS: "--cache-from ${{ env.CACHE }} --cache-to ${{ env.CACHE }}" # dependent images were already built and pushed, so just let podman pull it BUILD_DEPENDENT_IMAGES: "no" @@ -188,8 +197,7 @@ jobs: make ${{ inputs.target }} if: "${{ fromJson(inputs.github).event_name == 'pull_request' }}" env: - IMAGE_TAG: "${{ github.sha }}" - IMAGE_REGISTRY: "ghcr.io/${{ github.repository }}/workbench-images" + IMAGE_TAG: "${{ steps.calculated_vars.outputs.IMAGE_TAG }}" CONTAINER_BUILD_CACHE_ARGS: "--cache-from ${{ env.CACHE }}" # We don't have access to image registry, so disable pushing PUSH_IMAGES: "no" @@ -275,7 +283,7 @@ jobs: EOF working-directory: tests/browser env: - TEST_TARGET: "ghcr.io/${{ github.repository }}/workbench-images:${{ inputs.target }}-${{ github.sha }}" + TEST_TARGET: "${{ steps.calculated_vars.outputs.OUTPUT_IMAGE }}" - uses: actions/upload-artifact@v4 if: ${{ !cancelled() && fromJson(inputs.github).event_name == 'pull_request' && contains(inputs.target, 'codeserver') }} with: