Consolidate Docker verification for CI workflows#16841
Open
Copilot wants to merge 3 commits into
Open
Conversation
6 tasks
Copilot
AI
changed the title
[WIP] Consolidate verify Docker is running step into a composite action
Consolidate Docker verification for CI workflows
May 6, 2026
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 16841Or
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 16841" |
radical
force-pushed
the
copilot/consolidate-verify-docker-step
branch
2 times, most recently
from
c0ab1d6 to
916e79e
Compare
Contributor
|
Re-running the failed jobs in the CI workflow for this pull request because 1 job was identified as retry-safe transient failures in the CI run attempt.
|
The CLI E2E Java polyglot image extends the polyglot base via `FROM aspire-e2e-polyglot-base`, which only exists in the local docker daemon (it is loaded there via the `--load` option of the previous buildx build). The docker-container buildx driver cannot see local daemon images, so any attempt to build the Java image through the shared `cli-e2e-builder` instance fails with `pull access denied for docker.io/library/aspire-e2e-polyglot-base`. Branch the `build_image` helper on the cache scope: - non-empty scope → cached buildx docker-container path - empty scope → daemon-driven `DOCKER_BUILDKIT=1 docker build` Route the Java image through `build_with_mirror_retry` with an empty cache scope so it picks the daemon-driven path and the special-case `build_java_image` helper can be removed. Behavior matches what docs/ci/cli-e2e-images.md already calls out: the Java image is built from the local polyglot base and does not use a shared BuildKit cache scope. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The build_cli_e2e_image reusable workflow was previously gated on `tests_matrix_requires_cli_archive` so it only ran when the test matrix contained at least one job that needed the CLI archive. That gate also forced the image build to wait for setup_for_tests to finish computing the matrix, which delayed test jobs that depend on the image. Drop the gate so the image build kicks off in parallel with setup. The extra cost on PRs that don't need the image is one short-lived Docker build job, which is preferable to serializing every CLI E2E test run on matrix setup. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace ad-hoc `docker info` calls in the CI workflows with a single shared composite action at `.github/actions/verify-docker`. The action runs `docker info` as the gating check and always emits `docker version` and `docker buildx version` diagnostics, so the build log is useful even when the daemon is broken. `docker info`'s exit code is re-raised at the end so the step still fails on a missing or unreachable daemon. The action is a no-op on non-Linux runners, so callers in cross-OS matrices (run-tests.yml, reproduce-flaky-tests.yml) can drop their `if: runner.os == 'Linux'` guards. Migrate all five callers (build-cli-e2e-image, deployment-tests, reproduce-flaky-tests, run-tests, tests-daily-smoke) and add docs/ci/verify-docker.md. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
radical
force-pushed
the
copilot/consolidate-verify-docker-step
branch
from
916e79e to
4ae1be0
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR consolidates Docker daemon verification used by multiple CI workflows into a shared composite action, and adjusts the CLI E2E image build workflow so downstream Docker-based tests get earlier, more consistent diagnostics.
Changes:
- Introduces a new
.github/actions/verify-dockercomposite action that gates ondocker infowhile still emittingdocker versionanddocker buildx versiondiagnostics. - Updates multiple CI workflows to use the shared Docker verification action (removing per-workflow
docker infosnippets and Linux-only guards at call sites). - Adjusts the CLI E2E image build workflow to route the Java polyglot image through a daemon-backed
docker buildpath when a cache scope is empty.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| docs/ci/verify-docker.md | Adds documentation for the new shared Docker verification action. |
| .github/actions/verify-docker/action.yml | New composite action that verifies Docker availability and emits diagnostics (Linux only). |
| .github/workflows/tests.yml | Removes the conditional gate so the CLI E2E Docker image workflow always runs after setup_for_tests. |
| .github/workflows/tests-daily-smoke.yml | Switches Docker verification to the shared action. |
| .github/workflows/run-tests.yml | Switches Docker verification to the shared action (call sites no longer need Linux guards). |
| .github/workflows/reproduce-flaky-tests.yml | Switches Docker verification to the shared action. |
| .github/workflows/deployment-tests.yml | Switches Docker verification to the shared action (replacing inline diagnostic script). |
| .github/workflows/build-cli-e2e-image.yml | Uses shared Docker verification; changes image build logic to choose cached buildx vs daemon-backed build for local-image FROM support. |
| @@ -0,0 +1,7 @@ | |||
| # Verify Docker action | |||
|
|
|||
| Workflows that need Docker should use `.github/actions/verify-docker` instead of running `docker info` directly. The action checks that the Docker daemon is reachable with `docker info` and always emits `docker version` and `docker buildx version` so logs are useful when the daemon is broken. | |||
Contributor
|
Re-running the failed jobs in the CI workflow for this pull request because 1 job was identified as retry-safe transient failures in the CI run attempt.
|
Contributor
|
🎬 CLI E2E Test Recordings — 78 recordings uploaded (commit View all recordings
📹 Recordings uploaded automatically from CI run #25703369768 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three related CI changes around the CLI E2E Docker images and Docker daemon verification:
Consolidate Docker verification into a shared composite action (
4ae1be0).github/actions/verify-dockercomposite action runsdocker infoas the gating check and always emitsdocker versionanddocker buildx versiondiagnostics, so the build log is useful even when the daemon is broken.docker info's exit code is re-raised at the end so the step still fails on a missing or unreachable daemon.if: runner.os == 'Linux'makes the action a no-op on non-Linux runners, so cross-OS callers can drop theirif: runner.os == 'Linux'guards.run: docker infoin five workflows:build-cli-e2e-image.yml,deployment-tests.yml,reproduce-flaky-tests.yml,run-tests.yml,tests-daily-smoke.yml.docs/ci/verify-docker.md.Always build CLI E2E Docker image, independent of matrix gate (
b98720b)build_cli_e2e_imagereusable workflow was gated ontests_matrix_requires_cli_archive, which forced the image build to wait onsetup_for_testsand delayed every downstream CLI E2E test. Drop the gate so the image build runs as soon as setup completes, in parallel with the rest of the test matrix.Build Java polyglot CLI E2E image via local docker daemon (
577c460)FROM aspire-e2e-polyglot-base, which only exists in the local docker daemon (loaded via--loadfrom the previous buildx step). The docker-container buildx driver cannot resolve local-daemon images and tries to pull fromdocker.io/library/..., which 401s.build_imageon the cache scope: non-empty → cached buildx docker-container path; empty → daemon-drivenDOCKER_BUILDKIT=1 docker build. Route the Java image through the empty-scope path. Matches whatdocs/ci/cli-e2e-images.mdalready documents.Checklist