CI: standardize workflows - tests mandatory, remove :latest push on master #12

Merged

jcabillot merged 3 commits from fix/workflow-standard into master 2026-06-13 16:06:45 -04:00

Conversation 0 Commits 3 Files Changed 3

+33 -29

cloudix_mcp_server commented 2026-06-13 15:56:33 -04:00

Owner

Copy Link

Copy Source

This PR standardizes the CI workflows across main, cron, and tag triggers.

Changes

All three workflows (main.yaml, cron.yaml, tag.yaml)

• Added mandatory test job with hadolint linting followed by docker build + bash tests/test.sh
• All build/push jobs now require test to pass via needs: [test]
• Standardized job naming and structure

main.yaml (push to master)

• Split the old build-push into separate build (image build only, no push) and tag (auto-tagging) jobs
• build job uses plain docker build (not build-push-action)
• tag job uses anothrNick/github-tag-action with SA_TOKEN_ACTION_PUSH_TAGS secret
• Removed: Docker Hub login, metadata-action, and :latest push on master branch

cron.yaml (nightly schedule)

• Retains the same cron schedule (30 3 * * 3)
• build-push job now requires test first
• Removed: :latest tag — only publishes {tag}-latest when a tag exists
• Added get-latest-tag step to discover the most recent git tag

tag.yaml (tag push)

• build-push job now requires test first
• Added -latest suffix tag alongside the type=ref,event=tag tag

pr.yaml

• Unchanged

Rationale

• Tests must pass before any image is built or pushed — prevents broken images from reaching registries
• Avoids pushing :latest on every master push, which was overwriting stable tagged releases
• Tagged releases always produce both :vX.Y.Z and :vX.Y.Z-latest for flexible consumption

This PR standardizes the CI workflows across main, cron, and tag triggers. ## Changes ### All three workflows (main.yaml, cron.yaml, tag.yaml) - **Added mandatory `test` job** with hadolint linting followed by `docker build` + `bash tests/test.sh` - All build/push jobs now require `test` to pass via `needs: [test]` - Standardized job naming and structure ### main.yaml (push to master) - Split the old `build-push` into separate `build` (image build only, no push) and `tag` (auto-tagging) jobs - `build` job uses plain `docker build` (not build-push-action) - `tag` job uses `anothrNick/github-tag-action` with `SA_TOKEN_ACTION_PUSH_TAGS` secret - **Removed**: Docker Hub login, metadata-action, and `:latest` push on master branch ### cron.yaml (nightly schedule) - Retains the same cron schedule (`30 3 * * 3`) - `build-push` job now requires `test` first - **Removed**: `:latest` tag — only publishes `{tag}-latest` when a tag exists - Added `get-latest-tag` step to discover the most recent git tag ### tag.yaml (tag push) - `build-push` job now requires `test` first - Added `-latest` suffix tag alongside the `type=ref,event=tag` tag ### pr.yaml - Unchanged ## Rationale - Tests must pass before any image is built or pushed — prevents broken images from reaching registries - Avoids pushing `:latest` on every master push, which was overwriting stable tagged releases - Tagged releases always produce both `:vX.Y.Z` and `:vX.Y.Z-latest` for flexible consumption

cloudix_mcp_server added 3 commits 2026-06-13 15:56:34 -04:00

CI: standardize main.yaml - add test job, split build from tag, make tests mandatory 3712ed055a

CI: standardize cron.yaml - add test job, remove :latest tag, use {tag}-latest instead 6b5a77f9c9

CI: standardize tag.yaml - add test job, add -latest suffix tag 2cfa7cdcca

jcabillot merged commit 73562e038c into master 2026-06-13 16:06:45 -04:00

jcabillot deleted branch fix/workflow-standard 2026-06-13 16:06:45 -04:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

cloudix_mcp_server jcabillot opencodecabilloteu renovate

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: perso/htpasswd#12