ci: upload sci_usi artifact on dev build

anokfireball · anokfireball · commit 94aa5845f723 · 2025-11-07T11:53:09.000+01:00
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
@@ -21,9 +21,15 @@ jobs:
         with:
           submodules: recursive
 
-      - name: use VERSION file to support dev build on rel-branch
+      - name: Derive version
         id: version
-        run: echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            echo "VERSION=today" >> $GITHUB_OUTPUT
+          else
+            echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT
+          fi
+
   build:
     needs: [set_version]
     uses: gardenlinux/gardenlinux/.github/workflows/build.yml@3b5ec77e4873462d56658c4ecd56caa0ff63542b
@@ -39,3 +45,30 @@ jobs:
       # aws_kms_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }}
       # aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }}
       # secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }}
+
+  meta:
+    name: Compute image metadata
+    if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }}
+    runs-on: ubuntu-latest
+    outputs:
+      UPLOAD_VERSION: ${{ steps.meta.outputs.upload_version }}
+    steps:
+      - name: Derive image version (pr-123-HASH)
+        id: meta
+        run: |
+          PR_NUMBER=${{ github.event.pull_request.number }}
+          COMMIT_HASH=${{ github.event.pull_request.head.sha }}
+          UPLOAD_VERSION="pr-${PR_NUMBER}-${COMMIT_HASH}"
+          echo "upload_version=${UPLOAD_VERSION}" >> $GITHUB_OUTPUT
+
+  upload:
+    name: Upload PR image to OCI
+    needs: [build, meta, set_version]
+    if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }}
+    uses: ./.github/workflows/upload_oci.yml
+    with:
+      version: ${{ needs.set_version.outputs.VERSION }}
+      upload_version: ${{ needs.meta.outputs.UPLOAD_VERSION }}
+      flavor_filter: '--include-only "metal-sci_usi-amd64"'
+      additional_semver_tag: false
+    secrets: inherit
diff --git a/.github/workflows/upload_oci.yml b/.github/workflows/upload_oci.yml
@@ -5,12 +5,21 @@ on:
       version:
         type: string
         default: today
+      upload_version:
+        type: string
+        default: ""
+      additional_semver_tag:
+        type: boolean
+        default: true
+      flavor_filter:
+        type: string
+        default: '--exclude "bare-*"'
 jobs:
   generate_matrix_publish:
     name: Generate flavors matrix to publish
     uses: gardenlinux/gardenlinux/.github/workflows/build_flavors_matrix.yml@3b5ec77e4873462d56658c4ecd56caa0ff63542b
     with:
-      flags: '--exclude "bare-*" --no-arch --json-by-arch --build --test'
+      flags: '${{ inputs.flavor_filter }} --no-arch --json-by-arch --build --test'
   upload_gl_artifacts:
     name: upload to OCI
     needs: [ generate_matrix_publish ]
@@ -62,17 +71,19 @@ jobs:
             --dir "${CNAME}" \
             --container "ghcr.io/${{ github.repository }}" \
             --arch ${{ matrix.arch }} \
-            --version ${{ inputs.version }} \
+            --version ${{ inputs.upload_version || inputs.version }} \
             --cname "${CNAME}" \
             --cosign_file digest.txt \
             --manifest_file "oci_manifest_entry_${CNAME}.json"
       - name: Add additional semver tag
+        if: ${{ inputs.additional_semver_tag }}
         run: |
           echo ${{ secrets.GITHUB_TOKEN }} | oras login -u ${{ github.repository_owner }} --password-stdin ghcr.io
+          UPLOAD_VER="${{ inputs.upload_version || inputs.version }}"
           CNAME2=${CNAME//_/-}
           CNAME2=${CNAME2//-${{ inputs.version }}/}
-          echo "Adding additional tag: ${{ inputs.version }}-${CNAME2}-${{ matrix.arch }}"
-          oras tag ghcr.io/${{ github.repository }}:${{ inputs.version }}-${CNAME}-${{ matrix.arch }} ${{ inputs.version }}-${CNAME2}-${{ matrix.arch }}
+          echo "Adding additional tag: ${UPLOAD_VER}-${CNAME2}-${{ matrix.arch }}"
+          oras tag ghcr.io/${{ github.repository }}:${UPLOAD_VER}-${CNAME}-${{ matrix.arch }} ${UPLOAD_VER}-${CNAME2}-${{ matrix.arch }}
       - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # pin@v4.2.3
         with:
           path: oci_manifest_entry_${{ env.CNAME }}.json
@@ -125,5 +136,5 @@ jobs:
 
           gl-oci update-index \
             --container "ghcr.io/${{ github.repository }}" \
-            --version ${{ inputs.version }} \
+            --version ${{ inputs.upload_version || inputs.version }} \
             --manifest_folder manifests
