diff --git a/.github/workflows/sync-build-release.yml b/.github/workflows/sync-build-release.yml index f1b3c1252..76bcbaf45 100644 --- a/.github/workflows/sync-build-release.yml +++ b/.github/workflows/sync-build-release.yml @@ -22,7 +22,6 @@ jobs: with: fetch-depth: 0 fetch-tags: true - - name: Install prerequisites (jq, curl, git) run: | set -e @@ -30,7 +29,6 @@ jobs: sudo apt-get update -y sudo apt-get install -y jq curl git fi - - name: Check for New Upstream Release id: check_version shell: bash @@ -43,7 +41,6 @@ jobs: else echo "new_version=none" >> "$GITHUB_OUTPUT" fi - - name: Cleanup workspace (always, scoped) if: ${{ always() }} run: | @@ -56,17 +53,18 @@ jobs: if: needs.check-upstream.outputs.new_version != 'none' runs-on: ubuntu-latest continue-on-error: true + outputs: + built: ${{ steps.mark.outputs.built }} + digest: ${{ steps.build.outputs.digest }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 fetch-tags: true - - name: Set Git Config run: | git config --global user.name "GitHub Actions" git config --global user.email "actions@github.com" - - name: Sync with Upstream (idempotent) run: | set -euo pipefail @@ -83,12 +81,10 @@ jobs: git add README.md git commit -m "Merge upstream/master, keep local README.md" || true git push origin master - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: cleanup: true - - name: Check CR_PAT secret id: crpat shell: bash @@ -98,7 +94,6 @@ jobs: else echo "present=false" >> "$GITHUB_OUTPUT" fi - - name: Login to GHCR with GITHUB_TOKEN if: ${{ steps.crpat.outputs.present == 'false' }} uses: docker/login-action@v3 @@ -106,7 +101,6 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Login to GHCR with CR_PAT if: ${{ steps.crpat.outputs.present == 'true' }} uses: docker/login-action@v3 @@ -114,7 +108,6 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.CR_PAT }} - - name: Free disk space (best effort) continue-on-error: true run: | @@ -122,8 +115,8 @@ jobs: sudo rm -rf /usr/local/lib/android || true sudo rm -rf /opt/ghc || true sudo rm -rf /opt/hostedtoolcache/CodeQL || true - - name: Build and Push (GH runner) + id: build uses: docker/build-push-action@v6 with: context: . @@ -135,23 +128,28 @@ jobs: tags: | ${{ env.IMAGE_NAME }}:${{ needs.check-upstream.outputs.new_version }} ${{ env.IMAGE_NAME }}:latest + - name: Mark build success + id: mark + if: ${{ success() && steps.build.outputs.digest != '' }} + run: echo "built=true" >> "$GITHUB_OUTPUT" build-self: name: Build on Self-Hosted (fallback) needs: [check-upstream, build-gh] - if: needs.check-upstream.outputs.new_version != 'none' && needs.build-gh.result != 'success' + if: needs.check-upstream.outputs.new_version != 'none' && needs.build-gh.outputs.built != 'true' runs-on: [self-hosted, linux, x64, homelab] + outputs: + built: ${{ steps.mark.outputs.built }} + digest: ${{ steps.build.outputs.digest }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 fetch-tags: true - - name: Set Git Config run: | git config --global user.name "GitHub Actions" git config --global user.email "actions@github.com" - - name: Sync with Upstream (idempotent) run: | set -euo pipefail @@ -168,12 +166,10 @@ jobs: git add README.md git commit -m "Merge upstream/master, keep local README.md" || true git push origin master - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: cleanup: true - - name: Check CR_PAT secret id: crpat shell: bash @@ -183,7 +179,6 @@ jobs: else echo "present=false" >> "$GITHUB_OUTPUT" fi - - name: Login to GHCR with GITHUB_TOKEN if: ${{ steps.crpat.outputs.present == 'false' }} uses: docker/login-action@v3 @@ -191,7 +186,6 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Login to GHCR with CR_PAT if: ${{ steps.crpat.outputs.present == 'true' }} uses: docker/login-action@v3 @@ -199,8 +193,8 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.CR_PAT }} - - name: Build and Push (self-hosted) + id: build uses: docker/build-push-action@v6 with: context: . @@ -212,14 +206,16 @@ jobs: tags: | ${{ env.IMAGE_NAME }}:${{ needs.check-upstream.outputs.new_version }} ${{ env.IMAGE_NAME }}:latest - + - name: Mark build success + id: mark + if: ${{ success() && steps.build.outputs.digest != '' }} + run: echo "built=true" >> "$GITHUB_OUTPUT" - name: Remove BuildKit image (moby/buildkit) if: ${{ always() }} shell: bash run: | set -euxo pipefail docker image rm -f $(docker images 'moby/buildkit*' -q) 2>/dev/null || true - - name: Cleanup (always, scoped) if: ${{ always() }} run: | @@ -231,12 +227,7 @@ jobs: publish: name: Publish Release needs: [check-upstream, build-gh, build-self] - if: | - ${{ - always() && - needs.check-upstream.outputs.new_version != 'none' && - (needs.build-gh.result == 'success' || needs.build-self.result == 'success') - }} + if: needs.check-upstream.outputs.new_version != 'none' && (needs.build-gh.outputs.built == 'true' || needs.build-self.outputs.built == 'true') runs-on: ubuntu-latest steps: - name: Create GitHub Release @@ -252,15 +243,3 @@ jobs: - docker pull ${{ env.IMAGE_NAME }}:latest draft: false prerelease: false - - finalize: - name: Finalize Outcome - needs: [check-upstream, build-gh, build-self, publish] - if: ${{ always() && needs.check-upstream.outputs.new_version != 'none' }} - runs-on: ubuntu-latest - steps: - - name: Fail if no build path succeeded - if: ${{ !(needs.build-gh.result == 'success' || needs.build-self.result == 'success') }} - run: | - echo "Both GitHub-hosted and self-hosted builds failed." - exit 1