Skip to content

Fix CI workflow to handle missing Docker Hub secrets #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 32 commits into
base: mainline
Choose a base branch
from
Open

Fix CI workflow to handle missing Docker Hub secrets #62

Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
8f6c0b8
Modified ci.yml to run without fail when there is no secrets
hanxizh9910 Sep 30, 2025
e7e44dc
Removed some space and fixed some comments
hanxizh9910 Oct 1, 2025
f282639
Used more descriptive names for the job and id
hanxizh9910 Oct 1, 2025
491dcb5
Added back the name for update docker description job
hanxizh9910 Oct 9, 2025
768d652
Test: expect all the versions pusing to dockerhub when merge to mainline
hanxizh9910 Oct 10, 2025
f475c50
Added filters to rebuild only the changed images
hanxizh9910 Sep 8, 2025
cdc2222
Removed a comment
hanxizh9910 Sep 23, 2025
2d13cd4
Removed a duplicated comment
hanxizh9910 Oct 8, 2025
a4e87b2
Added back original debugging aid
hanxizh9910 Oct 8, 2025
30cd931
Test: check if the modified images will be built
hanxizh9910 Oct 8, 2025
0fadad5
Check if both images will be built
hanxizh9910 Oct 8, 2025
959dd5c
Test: multiple files change and workflow will detect the modified doc…
hanxizh9910 Oct 8, 2025
c315973
revert the dummy changes
hanxizh9910 Oct 8, 2025
fe5a71b
Added a comment to check
hanxizh9910 Oct 8, 2025
c238710
modified readme
hanxizh9910 Oct 8, 2025
4973bc4
Avoid rebuilding the images if it is pushing to mainline
hanxizh9910 Oct 8, 2025
f2af212
revmoed a dummy change
hanxizh9910 Oct 8, 2025
b972e7d
Test: dockerfile change, expect only the 8.1 jobs to run when push to…
hanxizh9910 Oct 9, 2025
c205325
Test: multiple dockerfile changes, expect both 8.1 and 9.0 jobs to ru…
hanxizh9910 Oct 9, 2025
587bc0a
Test: Dummy change to ci.yml, expect all the jobs to run for PR and n…
hanxizh9910 Oct 9, 2025
8f9f9e3
Test: Expect all versions to push to dockerhub when merge to mainline
hanxizh9910 Oct 13, 2025
1762743
Test: reverted changes to both images, expect them to push to dockerhub
hanxizh9910 Oct 13, 2025
f6124d5
Removed an error due to merge conflict issue before
hanxizh9910 Oct 13, 2025
5a0518f
Test: has secrets, expect all versions to be pushed when merging to m…
hanxizh9910 Oct 13, 2025
00827de
Test again, try to push the images when merge to the mainline
hanxizh9910 Oct 14, 2025
cf67691
Last test, removed secrets, and expect nothing to be pushed but not f…
hanxizh9910 Oct 14, 2025
47d3007
Fix: fix the error when multiple changed files were flattened to one …
hanxizh9910 Oct 14, 2025
f6923d0
Test: check if there is no dockerfile modified, expect: all the test …
hanxizh9910 Oct 15, 2025
8a6469d
Test: has secrets, expect all tests to run for PR and push to mainlin
hanxizh9910 Oct 15, 2025
a3a0930
Clean the dummy tests
hanxizh9910 Oct 15, 2025
7741b57
Removed the dummy change of README.md
hanxizh9910 Oct 15, 2025
5447c73
Removed dummy change of README
hanxizh9910 Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 35 additions & 11 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ on:

env:
IS_PULL: ${{ github.event_name == 'pull_request' }}
HAS_SECRETS: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' && secrets.DOCKERHUB_ACCOUNT != '' }}

defaults:
run:
Expand All @@ -36,7 +37,7 @@ jobs:
# For pushes to mainline or PRs targeting mainline, only build changed versions
if [[ ("${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/mainline")]] ; then
changed_files=$(git diff --name-only HEAD~1 HEAD)
if echo $changed_files | grep -qE "^(versions\.json|[0-9]+\.[0-9]+/|unstable/)"; then
if printf "%s\n" "$changed_files" | grep -qE "^(versions\.json|[0-9]+\.[0-9]+/|unstable/)"; then
changed_versions=$(echo $changed_files | grep -oE "[0-9]+\.[0-9]+|unstable" | sort -u | tr '\n' '|' | sed 's/|$//')
if [[ -n "$changed_versions" ]]; then
strategy=$(jq -c --arg versions "$changed_versions" '{"fail-fast": .["fail-fast"],"matrix":{"include":[ .matrix.include[]|select(.meta.entries[0].directory | test($versions))]}}' <<<"$strategy")
Expand All @@ -48,7 +49,6 @@ jobs:

echo "strategy=$(jq -c . <<<"$strategy")" >> "$GITHUB_OUTPUT"
jq . <<<"$strategy" # debugging aid to visually inspect the generated matrix

# Job to build and push Docker images individually for each architecture/platform
build_and_push:
needs: [generate-jobs]
Expand Down Expand Up @@ -78,6 +78,8 @@ jobs:
run: |
if [[ "${{ env.IS_PULL }}" == "true" ]]; then
echo "DOCKER_REPO_NAME=${{ github.actor }}/valkey-bundle" >> $GITHUB_ENV
elif [[ "${{ env.HAS_SECRETS }}" != "true" ]]; then
echo "DOCKER_REPO_NAME=${{ github.actor }}/valkey-bundle" >> $GITHUB_ENV
else
echo "DOCKER_REPO_NAME=${{ secrets.DOCKERHUB_ACCOUNT }}/valkey-bundle" >> $GITHUB_ENV
fi
Expand All @@ -89,7 +91,7 @@ jobs:
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
if: env.IS_PULL != 'true'
if: env.IS_PULL != 'true' && env.HAS_SECRETS == 'true'
uses: docker/login-action@v3
with:
registry: docker.io
Expand All @@ -107,6 +109,7 @@ jobs:
echo "$tags" > tags.txt

- name: Upload Tags Artifact
if: env.HAS_SECRETS == 'true'
uses: actions/upload-artifact@v4
with:
name: tags-${{ matrix.version.name }}
Expand All @@ -120,8 +123,8 @@ jobs:
with:
file: ./${{ matrix.version.meta.entries[0].directory }}/Dockerfile
platforms: ${{ matrix.platform }}
# Push is true only for push events
push: ${{ env.IS_PULL != 'true' }}
# Push is true only for push events if the secrets have been created
push: ${{ env.HAS_SECRETS == 'true' && env.IS_PULL != 'true' }}
outputs: type=image,push-by-digest=true,name-canonical=true
tags: ${{ env.DOCKER_REPO_NAME }}
provenance: false
Expand Down Expand Up @@ -157,6 +160,7 @@ jobs:

# Export digest to a file to reference it later in merging manifests
- name: Export digest
if: env.HAS_SECRETS == 'true'
id: export-digest
run: |
mkdir -p ${{ runner.temp }}/digests
Expand All @@ -177,6 +181,7 @@ jobs:
echo "version_major_minor=$major_minor" >> "$GITHUB_OUTPUT"

- name: Upload digest for version-distro combination
if: env.HAS_SECRETS == 'true'
uses: actions/upload-artifact@v4
with:
name: digests-${{ steps.export-digest.outputs.version_major_minor }}-${{ steps.export-digest.outputs.linux_distro }}-${{ env.PLATFORM_PAIR }}
Expand All @@ -191,39 +196,43 @@ jobs:
steps:
- name: Set DOCKER_REPO_NAME dynamically
run: |
if [[ "${{ env.IS_PULL }}" == "true" ]]; then
if [[ "${{ env.IS_PULL }}" == "true" || "${{ env.HAS_SECRETS }}" != "true" ]]; then
echo "DOCKER_REPO_NAME=${{ github.actor }}/valkey-bundle" >> $GITHUB_ENV
else
echo "DOCKER_REPO_NAME=${{ secrets.DOCKERHUB_ACCOUNT }}/valkey-bundle" >> $GITHUB_ENV
fi

- name: Download All Digests
if: env.HAS_SECRETS == 'true'
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/all-digests
pattern: digests-*
merge-multiple: false

- name: Download All Tags
if: env.HAS_SECRETS == 'true'
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/all-tags
pattern: tags-*
merge-multiple: false

- name: Login to Docker Hub
if: env.HAS_SECRETS == 'true' && env.IS_PULL != 'true'
uses: docker/login-action@v3
if: env.IS_PULL != 'true'
with:
registry: docker.io
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Set up Docker Buildx
if: env.HAS_SECRETS == 'true'
uses: docker/setup-buildx-action@v3

# Use imagetools to combine the arch-specific digests into respective multi-arch manifest
# Use imagetools to combine the arch-specific digests into respective multi-arch manifest test
- name: Create Multi-Arch Manifest and Push
if: env.HAS_SECRETS == 'true'
working-directory: ${{ runner.temp }}
run: |
declare -A combinations
Expand Down Expand Up @@ -279,10 +288,25 @@ jobs:
docker buildx imagetools create $tag_args $digest_args
fi
done


check-docker-secrets:
runs-on: ubuntu-latest
outputs:
has-secrets: ${{ steps.check_if_secrets_exist.outputs.has-secrets }}
steps:
- id: check_if_secrets_exist
run: |
if [ -n "${{ secrets.DOCKERHUB_USERNAME }}" ] && \
[ -n "${{ secrets.DOCKERHUB_TOKEN }}" ] && \
[ -n "${{ secrets.DOCKERHUB_REPOSITORY }}" ]; then
echo "has-secrets=true" >> $GITHUB_OUTPUT
else
echo "has-secrets=false" >> $GITHUB_OUTPUT
fi

update-dockerhub-description:
if: github.event_name == 'push' && github.ref == 'refs/heads/mainline'
needs: merge-manifest
if: github.event_name == 'push' && github.ref == 'refs/heads/mainline' && needs.check-docker-secrets.outputs.has-secrets == 'true'
needs: [merge-manifest, check-docker-secrets]
name: Update DockerHub Description
uses: ./.github/workflows/update-dockerhub-docs.yml
secrets:
Expand Down