Skip to content

Optimize GitHub Actions workflows for State Manager & Dashboard builds#430

Merged
NiveditJain merged 3 commits intoexospherehost:mainfrom
RohanDisa:ci/docker-build-once-multi-arch
Oct 2, 2025
Merged

Optimize GitHub Actions workflows for State Manager & Dashboard builds#430
NiveditJain merged 3 commits intoexospherehost:mainfrom
RohanDisa:ci/docker-build-once-multi-arch

Conversation

@RohanDisa
Copy link
Contributor

@RohanDisa RohanDisa commented Sep 27, 2025

What Changed

  • Consolidated duplicate build jobs (publish-image-on-ghcr & publish-image-on-docker) into a single job per workflow.
  • Ensured one build per workflow, pushing the same image to both GHCR and DockerHub.

…DockerHub

- merged duplicate build jobs into a single job per workflow
- standardized image tagging (latest, semver, sha)
- ensured tests run before publishing images
- reduced CI runtime and improved maintainability
@gemini-code-assist
Copy link
Contributor

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@safedep
Copy link

safedep bot commented Sep 27, 2025

SafeDep Report Summary

Green Malicious Packages Badge Green Vulnerable Packages Badge Green Risky License Badge

Package Details
Package Malware Vulnerability Risky License Report

This report is generated by SafeDep Github App.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 27, 2025

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Container images for Dashboard and State Manager are now published to both GitHub Container Registry and Docker Hub.
    • Standardized image names (e.g., exosphere-dashboard) under the owner namespace; tags now include a short commit SHA.
  • Chores

    • Consolidated image publishing into a single workflow for each service, simplifying tagging and pushing.
    • Renamed the publish job for clarity and removed redundant steps and jobs.

Summary by CodeRabbit

  • Chores
    • Consolidated publish jobs into a single workflow for simpler, more reliable releases.
    • Images now published to both GitHub Container Registry and Docker Hub.
    • Standardized image naming and tagging (short SHA) for clearer, consistent versions.
    • Removed redundant steps and jobs to streamline the release process and reduce complexity.

Walkthrough

Consolidates publishing into a single publish-image job and changes image handling to publish a plain-named image to both GHCR and Docker Hub by adding GHCR_REGISTRY and DOCKER_REGISTRY, updating IMAGE_NAME, and switching to a multi-registry docker/metadata-action flow.

Changes

Cohort / File(s) Summary of Changes
Multi-registry publishing refactor
.github/workflows/publish-dashboard.yml, .../publish-state-mangaer.yml, .../release-state-manager.yml, .../release-dashboard.yml
- Added env vars GHCR_REGISTRY=ghcr.io, DOCKER_REGISTRY=docker.io; set IMAGE_NAME to a plain image name
- Replaced REGISTRY usage with GHCR_REGISTRY for GHCR login
- Renamed publish jobs to publish-image and removed separate DockerHub publish jobs/outputs
- Replaced per-registry tag/build/push steps with a unified docker/metadata-action images input listing both registries: ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} and ${{ env.DOCKER_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
- Removed explicit tag/build/push/provenance/SBOM steps and simplified final tagging/pushing flow

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Trigger as Git event / release
    participant GHActions as GitHub Actions
    participant Meta as docker/metadata-action
    participant GHCR as ghcr.io
    participant DH as docker.io

    Trigger->>GHActions: trigger publish workflow
    GHActions->>GHActions: checkout, setup-buildx
    GHActions->>GHCR: docker login (GHCR_REGISTRY)
    GHActions->>DH: docker login (DOCKER_REGISTRY)
    GHActions->>Meta: generate tags/labels for both registry image refs
    GHActions->>GHActions: buildx build & push (uses metadata)
    GHActions->>GHCR: push image
    GHActions->>DH: push image
    GHActions-->>Trigger: publish-image job completes
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Poem

I hop through YAML fields at night,
Two registries twinkle, tidy and bright.
One small IMAGE_NAME, one job to steer,
Tags and pushes done with cheer.
Carrots, builds, and CI clear—🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title Check ✅ Passed The title succinctly conveys the core change by indicating the optimization of GitHub Actions workflows specifically for the State Manager and Dashboard builds, matching the consolidation and multi-registry push focus of the PR. It is clear, concise, and accurately reflects the main update without extraneous detail.
Description Check ✅ Passed The description directly outlines the main modifications by describing the consolidation of duplicate publish jobs into a single workflow and the push to both GHCR and DockerHub, aligning well with the actual changes in the PR. It is relevant and on-topic for the workflow updates.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 91cbd02 and 5bfea5f.

📒 Files selected for processing (1)
  • .github/workflows/release-dashboard.yml (2 hunks)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

…ating steps

- Renamed job from 'publish-image-on-ghcr' to 'publish-image' for clarity.
- Removed redundant Docker Hub publishing job to streamline the workflow.
- Ensured consistent image publishing settings across workflows, including provenance and SBOM generation.
…figuration

- Renamed environment variables for clarity, changing REGISTRY to GHCR_REGISTRY and adding DOCKER_REGISTRY.
- Simplified image name handling by directly using the environment variable for both GHCR and Docker Hub.
- Removed unnecessary outputs from the workflow to streamline the process.
@NiveditJain NiveditJain merged commit 13afe0f into exospherehost:main Oct 2, 2025
3 checks passed
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
.github/workflows/release-dashboard.yml (1)

48-67: GHCR tags are no longer generated or pushed
By feeding images: ${{ env.IMAGE_NAME }} to docker/metadata-action, the build now emits tags like exospherehost/exosphere-dashboard:latest without the ghcr.io/ prefix. docker/build-push-action therefore only publishes to Docker Hub, and the GHCR login step becomes a no-op. This regresses the release workflow because GHCR never receives the image. Please emit tags for both registries.

       - name: Generate tags & labels
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.IMAGE_NAME }}
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+            ${{ env.IMAGE_NAME }}
           tags: |
             type=raw,value=latest
             type=semver,pattern={{version}}
.github/workflows/release-state-manager.yml (1)

118-125: Enable buildx GHA cache for faster repeat builds.

Adds substantial speed-ups and lower CI cost without behavior change.

       with:
         context: ./state-manager
         push: true
         platforms: linux/amd64,linux/arm64
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha,scope=state-manager
+        cache-to: type=gha,mode=max,scope=state-manager
         provenance: true
         sbom: true
📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bb6399c and 91cbd02.

📒 Files selected for processing (2)
  • .github/workflows/release-dashboard.yml (1 hunks)
  • .github/workflows/release-state-manager.yml (5 hunks)
🔇 Additional comments (4)
.github/workflows/release-state-manager.yml (4)

8-10: Good env factoring for registries and image name.


47-47: uv sync for dev deps is appropriate.


69-77: Consolidated publish job + minimal permissions look good.


91-93: GHCR login OK; confirm package visibility.

If this is a public image, ensure the GHCR package visibility is public on first push (GHCR defaults can be private). Adjust via UI/API if needed.

Comment on lines +105 to 108
images: |
${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
${{ env.DOCKER_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
tags: |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Enforce lowercase image names and allow Docker Hub namespace override.

Registry image names should be lowercase. Also, Docker Hub namespace may differ from github.repository_owner, causing push failures. Apply:

-          images: |
-            ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
-            ${{ env.DOCKER_REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+          images: |
+            ${{ toLower(format('{0}/{1}/{2}', env.GHCR_REGISTRY, github.repository_owner, env.IMAGE_NAME)) }}
+            ${{ toLower(format('{0}/{1}/{2}', env.DOCKER_REGISTRY, env.DOCKERHUB_NAMESPACE, env.IMAGE_NAME)) }}

Add this env key near the other env vars to override when needed (defaults to repo owner):

env:
  GHCR_REGISTRY: ghcr.io
  DOCKER_REGISTRY: docker.io
  IMAGE_NAME: exosphere-state-manager
  DOCKERHUB_NAMESPACE: ${{ vars.DOCKERHUB_NAMESPACE || github.repository_owner }}
🤖 Prompt for AI Agents
.github/workflows/release-state-manager.yml around lines 105-108: the workflow
currently uses github.repository_owner for Docker Hub namespace and does not
guarantee lowercase image names, which can cause push failures; add a new env
key DOCKERHUB_NAMESPACE (defaulting to github.repository_owner) alongside
GHCR_REGISTRY/DOCKER_REGISTRY/IMAGE_NAME, ensure IMAGE_NAME is set to a
lowercase string, and update the images entries to use ${DOCKERHUB_NAMESPACE}
for the docker.io path (and keep GHCR_REGISTRY for ghcr) so both registry image
names use the proper namespace and lowercase image name.

@RohanDisa RohanDisa deleted the ci/docker-build-once-multi-arch branch October 2, 2025 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments