perso/nanobot
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(workflow): standardize to 4-workflow pattern (pr/main/tag/cron) #7

Merged
jcabillot merged 5 commits from fix/workflow-standard into main 2026-06-13 22:15:00 -04:00
Conversation 0 Commits 5 Files Changed 5
+190 -62
cloudix_mcp_server commented 2026-06-13 21:17:55 -04:00
Owner
Copy Link
Copy Source

Description

Replace the monolithic docker-build.yaml with the standard 4-workflow pattern used across the perso org.

Changes

  • Deleted: .gitea/workflows/docker-build.yaml — old monolithic workflow
  • Added: .gitea/workflows/pr.yaml — PR checks (hadolint ∥ build-test, no push)
  • Added: .gitea/workflows/main.yaml — merge to main (test ⇒ build ⇒ git tag, no Docker push)
  • Added: .gitea/workflows/tag.yaml — tag push (test ⇒ build-push to DockerHub, pushes :vX.Y.Z + :vX.Y.Z-latest)
  • Added: .gitea/workflows/cron.yaml — nightly rebuild (test ⇒ build-push :$TAG-latest)

Key design decisions

  • Tag-only Docker push: Docker images are ONLY pushed on tag pushes (tag.yaml). Main merges only build, test, and create a git semver tag. This prevents accidentally pushing broken code.
  • No tests directory: Since nanobot has no custom tests, the test jobs just validate the Docker build succeeds (clones HKUDS/nanobot, builds the image).
  • External build source: All workflows clone https://github.com/HKUDS/nanobot.git to external-nanobot/ and build from external-nanobot/Dockerfile.
  • No :latest tag: Following the tag-only-push pattern, no mutable :latest tag is pushed. Users pull specific versions.
  • Hadolint: Parallel, non-blocking (continue-on-error: true at step level).
  • Cron: 0 0 * * * (daily at midnight).
  • Git tag auth: Uses SA_TOKEN_ACTION_PUSH_TAGS (not GITHUB_TOKEN) so the tag push triggers tag.yaml.

Architecture

PR          → pr.yaml     → [hadolint] ∥ [build-test]
Merge main  → main.yaml   → [hadolint] ∥ [test] ⇒ [build] ⇒ [tag] (creates vX.Y.Z)
Tag push    → tag.yaml    → [hadolint] ∥ [test] ⇒ [build-push] (pushes :vX.Y.Z + :vX.Y.Z-latest)
Cron minuit → cron.yaml   → [hadolint] ∥ [test] ⇒ [build-push] (pushes :vX.Y.Z-latest)
## Description Replace the monolithic `docker-build.yaml` with the standard 4-workflow pattern used across the perso org. ## Changes - **Deleted**: `.gitea/workflows/docker-build.yaml` — old monolithic workflow - **Added**: `.gitea/workflows/pr.yaml` — PR checks (hadolint ∥ build-test, no push) - **Added**: `.gitea/workflows/main.yaml` — merge to main (test ⇒ build ⇒ git tag, **no Docker push**) - **Added**: `.gitea/workflows/tag.yaml` — tag push (test ⇒ build-push to DockerHub, pushes `:vX.Y.Z` + `:vX.Y.Z-latest`) - **Added**: `.gitea/workflows/cron.yaml` — nightly rebuild (test ⇒ build-push `:$TAG-latest`) ## Key design decisions - **Tag-only Docker push**: Docker images are ONLY pushed on tag pushes (`tag.yaml`). Main merges only build, test, and create a git semver tag. This prevents accidentally pushing broken code. - **No tests directory**: Since nanobot has no custom tests, the `test` jobs just validate the Docker build succeeds (clones HKUDS/nanobot, builds the image). - **External build source**: All workflows clone `https://github.com/HKUDS/nanobot.git` to `external-nanobot/` and build from `external-nanobot/Dockerfile`. - **No `:latest` tag**: Following the tag-only-push pattern, no mutable `:latest` tag is pushed. Users pull specific versions. - **Hadolint**: Parallel, non-blocking (`continue-on-error: true` at step level). - **Cron**: `0 0 * * *` (daily at midnight). - **Git tag auth**: Uses `SA_TOKEN_ACTION_PUSH_TAGS` (not `GITHUB_TOKEN`) so the tag push triggers `tag.yaml`. ## Architecture ``` PR → pr.yaml → [hadolint] ∥ [build-test] Merge main → main.yaml → [hadolint] ∥ [test] ⇒ [build] ⇒ [tag] (creates vX.Y.Z) Tag push → tag.yaml → [hadolint] ∥ [test] ⇒ [build-push] (pushes :vX.Y.Z + :vX.Y.Z-latest) Cron minuit → cron.yaml → [hadolint] ∥ [test] ⇒ [build-push] (pushes :vX.Y.Z-latest) ```
cloudix_mcp_server added 5 commits 2026-06-13 21:17:56 -04:00
chore: remove monolithic docker-build.yaml (replaced by 4-workflow pattern) 8b2fad603e
feat(workflow): add pr.yaml — PR checks (hadolint + build-test) 0aa8b4011b
feat(workflow): add main.yaml — merge to main (test + build + git tag, no Docker push) a0a021dacd
feat(workflow): add tag.yaml — tag push (test + build-push to DockerHub) 032563cf7a
feat(workflow): add cron.yaml — nightly rebuild (test + build-push $TAG-latest)
PR Checks / hadolint (pull_request) Successful in 7s
Details
PR Checks / build-test (pull_request) Successful in 3m43s
Details
fa62ba3911
jcabillot merged commit a77e31fd53 into main 2026-06-13 22:15:00 -04:00
jcabillot deleted branch fix/workflow-standard 2026-06-13 22:15:04 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
cloudix_mcp_server jcabillot opencodecabilloteu renovate
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: perso/nanobot#7
Delete Branch "fix/workflow-standard"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?