fix: use PR number instead of ref_name for Docker image tags
GitHub's github.ref_name returns "421/merge" for PR merge refs, creating invalid Docker tags like "pr-421/merge". Docker tags cannot contain forward slashes. Changed to use github.event.pull_request.number which returns just the PR number (e.g., "421") for valid tags like "pr-421". Fixes CI/CD failure in PR #421.
This commit is contained in:
GitHub Actions
4
.github/workflows/docker-build.yml
vendored
4
.github/workflows/docker-build.yml
vendored
@@ -98,7 +98,7 @@ jobs:
|
||||
type=raw,value=latest,enable={{is_default_branch}}
|
||||
type=raw,value=dev,enable=${{ github.ref == 'refs/heads/development' }}
|
||||
type=raw,value=beta,enable=${{ github.ref == 'refs/heads/feature/beta-release' }}
|
||||
type=raw,value=pr-${{ github.ref_name }},enable=${{ github.event_name == 'pull_request' }}
|
||||
type=raw,value=pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }}
|
||||
type=sha,format=short,enable=${{ github.event_name != 'pull_request' }}
|
||||
- name: Build and push Docker image
|
||||
if: steps.skip.outputs.skip_build != 'true'
|
||||
@@ -127,7 +127,7 @@ jobs:
|
||||
|
||||
# Determine the image reference based on event type
|
||||
if [ "${{ github.event_name }}" = "pull_request" ]; then
|
||||
IMAGE_REF="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.ref_name }}"
|
||||
IMAGE_REF="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }}"
|
||||
echo "Using PR image: $IMAGE_REF"
|
||||
else
|
||||
IMAGE_REF="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}"
|
||||
|
||||
2
.github/workflows/docker-publish.yml
vendored
2
.github/workflows/docker-publish.yml
vendored
@@ -101,7 +101,7 @@ jobs:
|
||||
type=raw,value=latest,enable={{is_default_branch}}
|
||||
type=raw,value=dev,enable=${{ github.ref == 'refs/heads/development' }}
|
||||
type=raw,value=beta,enable=${{ github.ref == 'refs/heads/feature/beta-release' }}
|
||||
type=raw,value=pr-${{ github.ref_name }},enable=${{ github.event_name == 'pull_request' }}
|
||||
type=raw,value=pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }}
|
||||
type=sha,format=short,enable=${{ github.event_name != 'pull_request' }}
|
||||
|
||||
- name: Build and push Docker image
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
135
docs/reports/qa_report_docker_tag_fix_pr421.md
Normal file
135
docs/reports/qa_report_docker_tag_fix_pr421.md
Normal file
@@ -0,0 +1,135 @@
|
||||
# QA Report: Docker Image Tag Invalid Reference Format Fix (PR #421)
|
||||
|
||||
**Date**: December 17, 2025
|
||||
**Agent**: QA_Security
|
||||
**Status**: ✅ **PASS**
|
||||
|
||||
---
|
||||
|
||||
## Summary
|
||||
|
||||
Verified the workflow file changes made to fix the Docker image tag "invalid reference format" error in PR #421. All changes have been correctly implemented.
|
||||
|
||||
---
|
||||
|
||||
## Issue Recap
|
||||
|
||||
**Problem**: CI/CD pipeline failure with:
|
||||
|
||||
```text
|
||||
Using PR image: ghcr.io/wikid82/charon:pr-421/merge
|
||||
docker: invalid reference format
|
||||
```
|
||||
|
||||
**Root Cause**: Docker image tags cannot contain forward slashes (`/`). The `github.ref_name` context variable returns `421/merge` for PR merge refs.
|
||||
|
||||
**Solution**: Replace `github.ref_name` with `github.event.pull_request.number` which returns just the PR number (e.g., `421`).
|
||||
|
||||
---
|
||||
|
||||
## Verification Results
|
||||
|
||||
### 1. Pre-commit Hooks
|
||||
|
||||
| Hook | Status |
|
||||
|------|--------|
|
||||
| fix end of files | ✅ Passed |
|
||||
| trim trailing whitespace | ✅ Passed |
|
||||
| **check yaml** | ✅ Passed |
|
||||
| check for added large files | ✅ Passed |
|
||||
| dockerfile validation | ✅ Passed |
|
||||
| Go Vet | ✅ Passed |
|
||||
| check-version-match | ⚠️ Failed (unrelated) |
|
||||
| check-lfs-large-files | ✅ Passed |
|
||||
| block-codeql-db-commits | ✅ Passed |
|
||||
| block-data-backups-commit | ✅ Passed |
|
||||
| Frontend Lint (Fix) | ✅ Passed |
|
||||
|
||||
> **Note**: The `check-version-match` failure is unrelated to PR #421. It's a version sync issue between `.version` file and Git tags.
|
||||
|
||||
### 2. YAML Syntax Validation
|
||||
|
||||
| File | Status |
|
||||
|------|--------|
|
||||
| `.github/workflows/docker-build.yml` | ✅ Valid YAML |
|
||||
| `.github/workflows/docker-publish.yml` | ✅ Valid YAML |
|
||||
|
||||
### 3. Problematic Pattern Search
|
||||
|
||||
**Search for `github.ref_name` in workflow files**: ✅ **No matches found**
|
||||
|
||||
All instances of `github.ref_name` in Docker tag contexts have been successfully replaced.
|
||||
|
||||
### 4. Correct Pattern Verification
|
||||
|
||||
**Search for `github.event.pull_request.number`**: ✅ **3 matches found (expected)**
|
||||
|
||||
| File | Line | Context |
|
||||
|------|------|---------|
|
||||
| `docker-build.yml` | 101 | Metadata tags (PR tag) |
|
||||
| `docker-build.yml` | 130 | Verify Caddy Security Patches step |
|
||||
| `docker-publish.yml` | 104 | Metadata tags (PR tag) |
|
||||
|
||||
### 5. Safe Patterns (No Changes Needed)
|
||||
|
||||
The following patterns use `github.sha` which is always valid (hex string, no slashes):
|
||||
|
||||
| File | Line | Code | Status |
|
||||
|------|------|------|--------|
|
||||
| docker-build.yml | 327 | `docker build -t charon:pr-${{ github.sha }} .` | ✅ Safe |
|
||||
| docker-build.yml | 331 | `CONTAINER=$(docker create charon:pr-${{ github.sha }})` | ✅ Safe |
|
||||
| docker-publish.yml | 267 | `docker build -t charon:pr-${{ github.sha }} .` | ✅ Safe |
|
||||
| docker-publish.yml | 271 | `CONTAINER=$(docker create charon:pr-${{ github.sha }})` | ✅ Safe |
|
||||
|
||||
---
|
||||
|
||||
## Changes Verified
|
||||
|
||||
### `.github/workflows/docker-build.yml`
|
||||
|
||||
**Line 101** - Metadata Tags:
|
||||
|
||||
```yaml
|
||||
type=raw,value=pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }}
|
||||
```
|
||||
|
||||
**Line 130** - Verify Caddy Security Patches:
|
||||
|
||||
```yaml
|
||||
IMAGE_REF="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }}"
|
||||
```
|
||||
|
||||
### `.github/workflows/docker-publish.yml`
|
||||
|
||||
**Line 104** - Metadata Tags:
|
||||
|
||||
```yaml
|
||||
type=raw,value=pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Expected Result
|
||||
|
||||
- **Before**: `ghcr.io/wikid82/charon:pr-421/merge` ❌ (INVALID)
|
||||
- **After**: `ghcr.io/wikid82/charon:pr-421` ✅ (VALID)
|
||||
|
||||
---
|
||||
|
||||
## Conclusion
|
||||
|
||||
| Check | Result |
|
||||
|-------|--------|
|
||||
| Pre-commit (relevant hooks) | ✅ PASS |
|
||||
| YAML syntax validation | ✅ PASS |
|
||||
| No remaining `github.ref_name` in tag contexts | ✅ PASS |
|
||||
| Correct use of `github.event.pull_request.number` | ✅ PASS |
|
||||
| No other problematic patterns in workflows | ✅ PASS |
|
||||
|
||||
**Overall Status**: ✅ **PASS**
|
||||
|
||||
The PR #421 fix has been correctly implemented and is ready for merge.
|
||||
|
||||
---
|
||||
|
||||
*Report generated by QA_Security agent*
|
||||
Reference in New Issue
Block a user