feat(ci): refactor pipelines — Hadolint, PR checks, tag releases, nightly rebuild #12

2026-06-12T14:19:09-04:00

2026-06-12 14:19:09 -04:00

Résumé

Refactor complet des pipelines CI : remplacement du docker-build.yaml monolithique par 4 workflows spécialisés, un par trigger.

Changements

Supprimé

docker-build.yaml — l'ancien workflow unique qui gérait tout (PR, push, cron)

Ajoutés

Fichier	Trigger	Hadolint	Build/Push
`pr.yaml`	PR → main	✅ bloquant	build sans push
`main.yaml`	push main	✅ allow-fail	push `latest` + auto-tag semver
`tag.yaml`	push tag	✅ allow-fail	push `:<tag>`
`cron.yaml`	minuit (UTC)	✅ allow-fail	push `latest` + `<dernier tag>`

Comportement par événement

PR : Hadolint bloque si warning → build de vérification (pas de push)
Merge main : Hadolint en allow-fail → build+push latest → bump semver auto → le tag créé déclenche tag.yaml
Tag ajouté (ex: v1.2.3) : Hadolint allow-fail → build+push jcabillot/opencode:v1.2.3
Cron quotidien : rebuild latest + dernier tag pour intégrer les patchs de sécu de l'image de base (node:24-trixie)

Pas de boucle infinie

tag.yaml ne contient pas d'étape de bump semver → pas de nouveau tag créé → fin du flow.

Vérification

✅ Hadolint 2.14.0 sur le Dockerfile actuel : 0 warning, 0 erreur
✅ Toutes les actions pinées par SHA (mêmes versions que l'ancien workflow)
✅ GIT_API_TAGGING: false conservé pour la compatibilité Gitea

## Résumé Refactor complet des pipelines CI : remplacement du `docker-build.yaml` monolithique par 4 workflows spécialisés, un par trigger. ## Changements ### Supprimé - `docker-build.yaml` — l'ancien workflow unique qui gérait tout (PR, push, cron) ### Ajoutés | Fichier | Trigger | Hadolint | Build/Push | |---------|---------|----------|------------| | `pr.yaml` | PR → main | ✅ **bloquant** | build sans push | | `main.yaml` | push main | ✅ allow-fail | push `latest` + auto-tag semver | | `tag.yaml` | push tag | ✅ allow-fail | push `:<tag>` | | `cron.yaml` | minuit (UTC) | ✅ allow-fail | push `latest` + `<dernier tag>` | ### Comportement par événement - **PR** : Hadolint bloque si warning → build de vérification (pas de push) - **Merge main** : Hadolint en allow-fail → build+push `latest` → bump semver auto → le tag créé déclenche `tag.yaml` - **Tag ajouté** (ex: `v1.2.3`) : Hadolint allow-fail → build+push `jcabillot/opencode:v1.2.3` - **Cron quotidien** : rebuild `latest` + dernier tag pour intégrer les patchs de sécu de l'image de base (`node:24-trixie`) ### Pas de boucle infinie `tag.yaml` ne contient **pas** d'étape de bump semver → pas de nouveau tag créé → fin du flow. ## Vérification - ✅ Hadolint 2.14.0 sur le Dockerfile actuel : 0 warning, 0 erreur - ✅ Toutes les actions pinées par SHA (mêmes versions que l'ancien workflow) - ✅ `GIT_API_TAGGING: false` conservé pour la compatibilité Gitea

cloudix_mcp_server added 5 commits 2026-06-12 14:19:10 -04:00

feat(ci): add PR workflow with Hadolint + build 29ddd3f23b

feat(ci): add main release workflow with Hadolint + push latest + auto-tag 993c749a89

feat(ci): add tag release workflow with Hadolint + push :tag b6a9577eee

feat(ci): add nightly rebuild of latest + most recent tag a261bdc030

chore(ci): remove monolithic docker-build.yaml, replaced by pr/main/tag/cron

PR Checks / hadolint (pull_request) Failing after 3s

Details

PR Checks / build (pull_request) Has been skipped

Details

e21758978a

cloudix_mcp_server added 1 commit 2026-06-12 14:20:39 -04:00

fix(ci): correct hadolint SHA (d2da2 → dda2) 1c50016d80

cloudix_mcp_server added 1 commit 2026-06-12 14:20:47 -04:00

fix(ci): correct hadolint SHA (d2da2 → dda2)

PR Checks / build (pull_request) Successful in 4m40s

Details

PR Checks / hadolint (pull_request) Successful in 5s

Details

caa18faff0

cloudix_mcp_server added 1 commit 2026-06-12 14:20:52 -04:00

fix(ci): correct hadolint SHA (d2da2 → dda2)

PR Checks / hadolint (pull_request) Successful in 5s

Details

PR Checks / build (pull_request) Successful in 4m33s

Details

293cb50d4a

cloudix_mcp_server added 1 commit 2026-06-12 14:20:55 -04:00

fix(ci): correct hadolint SHA (d2da2 → dda2)

PR Checks / hadolint (pull_request) Successful in 8s

Details

PR Checks / build (pull_request) Successful in 4m28s

Details

8682d4587a

cloudix_mcp_server added 1 commit 2026-06-12 14:28:34 -04:00

refactor(ci): run Hadolint and build in parallel on PR

PR Checks / hadolint (pull_request) Successful in 8s

Details

PR Checks / build (pull_request) Successful in 2m46s

Details

0526268333

cloudix_mcp_server added 1 commit 2026-06-12 14:31:17 -04:00

refactor(ci): run Hadolint and build in parallel on main push

PR Checks / build (pull_request) Successful in 4m0s

Details

PR Checks / hadolint (pull_request) Failing after 13m32s

Details

e1fab4f11f

cloudix_mcp_server added 1 commit 2026-06-12 14:31:26 -04:00

refactor(ci): run Hadolint and build in parallel on tag push fa685fd63e

cloudix_mcp_server added 1 commit 2026-06-12 14:31:31 -04:00

refactor(ci): run Hadolint and build in parallel on cron

PR Checks / hadolint (pull_request) Successful in 7s

Details

PR Checks / build (pull_request) Successful in 4m17s

Details

88ab5fa893

cloudix_mcp_server added 1 commit 2026-06-12 14:32:59 -04:00

refactor(ci): decouple semver tagging from build on main push

PR Checks / hadolint (pull_request) Successful in 8s

Details

PR Checks / build (pull_request) Successful in 3m23s

Details

850d6ed58c

jcabillot merged commit 7778ba4315 into main

2026-06-12 14:37:25 -04:00

jcabillot deleted branch fix/refactor-ci-pipelines

2026-06-12 14:37:27 -04:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: perso/opencode#12