Skip to content

Commit 50e6cee

Browse files
WuodanWuodan
committed
Build and test architecture images before push
Split the per-architecture workflow so each image is built locally, smoke-tested, and only then pushed to Docker Hub as an architecture-specific tag. This avoids publishing untested architecture images and keeps Docker Hub out of the build phase, so public base-image pulls are no longer attributed to the authenticated Docker Hub account.
1 parent 95ce711 commit 50e6cee

1 file changed

Lines changed: 12 additions & 9 deletions

File tree

.github/workflows/build.yaml

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -63,27 +63,30 @@ jobs:
6363
uv run dpn dockerfile --context "${context}"
6464
- name: Set up Docker Buildx
6565
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
66-
- name: Login to Docker Hub
67-
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
68-
with:
69-
username: ${{ secrets.DOCKERHUB_USERNAME }}
70-
password: ${{ secrets.DOCKERHUB_TOKEN }}
7166

72-
# Build and push
67+
# Build
7368
- name: Build image
74-
id: build-and-push
7569
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7
7670
with:
7771
context: .
7872
file: dockerfiles/${{ matrix.key }}.Dockerfile
7973
platforms: ${{ matrix.platform }}
80-
push: true
74+
load: true
8175
tags: ${{ env.IMAGE_NAME }}:${{ matrix.key }}-${{ matrix.arch }}
8276

8377
# Test
8478
- name: Run smoke tests
8579
run: |
86-
docker run --rm ${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} sh -c "node --version && npm --version && yarn --version && python --version && pip --version && pipenv --version && poetry --version && uv --version"
80+
docker run --rm ${{ env.IMAGE_NAME }}:${{ matrix.key }}-${{ matrix.arch }} sh -c "node --version && npm --version && yarn --version && python --version && pip --version && pipenv --version && poetry --version && uv --version"
81+
82+
# Push
83+
- name: Login to Docker Hub
84+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
85+
with:
86+
username: ${{ secrets.DOCKERHUB_USERNAME }}
87+
password: ${{ secrets.DOCKERHUB_TOKEN }}
88+
- name: Push image
89+
run: docker push "${IMAGE_NAME}:${{ matrix.key }}-${{ matrix.arch }}"
8790

8891
deploy:
8992
name: Publish ${{ matrix.key }}

0 commit comments

Comments
 (0)