Pass checkpoint image properly#277
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe workflow refactors checkpoint image propagation: ChangesCheckpoint digest propagation refactor
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Abdelsalam-Abbas
left a comment
There was a problem hiding this comment.
Approving. Verified against the latest main run: sync_checkpoints succeeds, public fails at the empty-input check, astera is skipped — exactly the secret-in-job-output emptying this fixes. Passing the bare sha256: digest across the job boundary and reconstructing the ref inside the consuming job (a step output, not subject to the same emptying) is the right mechanism, and the added sha256: prefix check is a nice guard.
Non-blocking follow-up: the public -> astera image-ref job output (docker.yml:111/179, consumed at :230) embeds the same docker.io/<namespace>/... path and is the same kind of cross-job output. If the masking secret is the Docker Hub namespace, astera will hit the identical emptying once public starts succeeding (it's been skipped until now). Worth applying the same pattern there — pass only the digest/short-sha and rebuild the full ref inside astera.
Fix Docker workflow output masking.
A value stored in GitHub Secrets matches part of the Docker image path, so GitHub masks that part of the string. Because we were passing the full image path between jobs as an output, the value could be dropped/emptied.
This changes the workflow to pass only the checkpoint digest between jobs and rebuild the full image path inside the build job.
Summary by CodeRabbit