Ad-hoc image build workflow for feature branches #108
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol#108
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Deploying / poking at a feature branch in a real container today requires either pushing a temporary
vX.Y.Z-rc.Ntag (which triggers the full release pipeline — wrong tool, runs cosign + Rekor + creates a release page) or hand-rollingdocker build && docker pushlocally. Neither is right.A dedicated
workflow_dispatchworkflow that builds and (optionally) pushes an unsigned image tagged from the branch makes this a one-click operation in the Forgejo Actions UI, without polluting the release pipeline or the Rekor log.Design
workflow_dispatchonly. Pick a branch in the Run UI; nothing fires automatically. Keeps registry noise to "what was deliberately built", which matters for both storage and:latest-style mistakes.push(defaulttrue). Set tofalseto dry-run a build without uploading; useful for "does this branch even build" without consuming registry storage.branch-<slugified-branch>-<sha7>(e.g.branch-foo-bar-abc1234). Slugify lowercases and replaces non-[a-z0-9._-]runs with-. Always prefixedbranch-so a self-hoster'sdocker pullor registry listing immediately distinguishes ad-hoc tags from release tags (vX.Y.Z). The:latestpointer never moves.forge.int.wynning.techpush target as the release pipeline (#76); sameREGISTRY_USERNAME/REGISTRY_TOKENsecrets; image lives atforge.wynning.tech/james/carol:branch-…(same registry backend, two URLs).org.opencontainers.image.source,revision,version(with the ad-hoc tag), plus atech.wynning.carol.build-type=feature-branchlabel sodocker inspectmakes the image's nature obvious.Acceptance criteria
.forgejo/workflows/build-feature-image.ymlworkflow appears in the Actions UI under "Build feature image".forge.wynning.tech/james/carol:branch-<slug>-<sha7>in the registry.pushinput toggles whether the push step runs;falsebuilds and stops with a log line naming the tag.:latestis not touched.actionlint .forgejo/workflows/*.ymlpasses.docs/ci.mdgains a short "Ad-hoc feature-branch image builds" section explaining what the workflow produces and what it deliberately doesn't (no signing, no Rekor, no release page).Out of scope
branch-*tags. File a follow-up when the registry starts feeling full.Part of epic #2.