diff --git a/.github/workflows/crowdsec-integration.yml b/.github/workflows/crowdsec-integration.yml index 107757d0..bc9ef2f4 100644 --- a/.github/workflows/crowdsec-integration.yml +++ b/.github/workflows/crowdsec-integration.yml @@ -11,15 +11,7 @@ on: workflow_dispatch: inputs: image_tag: -<<<<<<< HEAD description: 'Docker image tag to test (e.g., pr-123-abc1234, latest)' -======= -<<<<<<< HEAD - description: 'Docker image tag to test (e.g., pr-123-abc1234)' -======= - description: 'Docker image tag to test (e.g., pr-123-abc1234, latest)' ->>>>>>> 8edde88f (fix(ci): add image_tag input for manual triggers in integration workflows) ->>>>>>> 05695af2 ( git status) required: false type: string @@ -43,7 +35,7 @@ jobs: # Determine the correct image tag based on trigger context # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - name: Determine image tag - id: determine-tag + id: image env: EVENT: ${{ github.event.workflow_run.event }} REF: ${{ github.event.workflow_run.head_branch }} @@ -109,7 +101,7 @@ jobs: max_attempts: 3 retry_wait_seconds: 10 command: | - IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/charon:${{ steps.determine-tag.outputs.tag }}" + IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/charon:${{ steps.image.outputs.tag }}" echo "Pulling image: $IMAGE_NAME" docker pull "$IMAGE_NAME" docker tag "$IMAGE_NAME" charon:local @@ -121,12 +113,12 @@ jobs: if: steps.pull_image.outcome == 'failure' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SHA: ${{ steps.determine-tag.outputs.sha }} + SHA: ${{ steps.image.outputs.sha }} run: | echo "⚠️ Registry pull failed, falling back to artifact..." # Determine artifact name based on source type - if [[ "${{ steps.determine-tag.outputs.source_type }}" == "pr" ]]; then + if [[ "${{ steps.image.outputs.source_type }}" == "pr" ]]; then PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number') ARTIFACT_NAME="pr-image-${PR_NUM}" else @@ -150,7 +142,7 @@ jobs: # Validate image freshness by checking SHA label - name: Validate image SHA env: - SHA: ${{ steps.determine-tag.outputs.sha }} + SHA: ${{ steps.image.outputs.sha }} run: | LABEL_SHA=$(docker inspect charon:local --format '{{index .Config.Labels "org.opencontainers.image.revision"}}' | cut -c1-7) echo "Expected SHA: $SHA" diff --git a/.github/workflows/rate-limit-integration.yml b/.github/workflows/rate-limit-integration.yml index 8bb35e9e..cfdb946d 100644 --- a/.github/workflows/rate-limit-integration.yml +++ b/.github/workflows/rate-limit-integration.yml @@ -11,15 +11,7 @@ on: workflow_dispatch: inputs: image_tag: -<<<<<<< HEAD description: 'Docker image tag to test (e.g., pr-123-abc1234, latest)' -======= -<<<<<<< HEAD - description: 'Docker image tag to test (e.g., pr-123-abc1234)' -======= - description: 'Docker image tag to test (e.g., pr-123-abc1234, latest)' ->>>>>>> 8edde88f (fix(ci): add image_tag input for manual triggers in integration workflows) ->>>>>>> 05695af2 ( git status) required: false type: string @@ -43,7 +35,7 @@ jobs: # Determine the correct image tag based on trigger context # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - name: Determine image tag - id: determine-tag + id: image env: EVENT: ${{ github.event.workflow_run.event }} REF: ${{ github.event.workflow_run.head_branch }} @@ -109,7 +101,7 @@ jobs: max_attempts: 3 retry_wait_seconds: 10 command: | - IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/charon:${{ steps.determine-tag.outputs.tag }}" + IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/charon:${{ steps.image.outputs.tag }}" echo "Pulling image: $IMAGE_NAME" docker pull "$IMAGE_NAME" docker tag "$IMAGE_NAME" charon:local @@ -121,12 +113,12 @@ jobs: if: steps.pull_image.outcome == 'failure' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SHA: ${{ steps.determine-tag.outputs.sha }} + SHA: ${{ steps.image.outputs.sha }} run: | echo "⚠️ Registry pull failed, falling back to artifact..." # Determine artifact name based on source type - if [[ "${{ steps.determine-tag.outputs.source_type }}" == "pr" ]]; then + if [[ "${{ steps.image.outputs.source_type }}" == "pr" ]]; then PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number') ARTIFACT_NAME="pr-image-${PR_NUM}" else @@ -150,7 +142,7 @@ jobs: # Validate image freshness by checking SHA label - name: Validate image SHA env: - SHA: ${{ steps.determine-tag.outputs.sha }} + SHA: ${{ steps.image.outputs.sha }} run: | LABEL_SHA=$(docker inspect charon:local --format '{{index .Config.Labels "org.opencontainers.image.revision"}}' | cut -c1-7) echo "Expected SHA: $SHA" diff --git a/.github/workflows/waf-integration.yml b/.github/workflows/waf-integration.yml index 667f92ec..1c1fe38d 100644 --- a/.github/workflows/waf-integration.yml +++ b/.github/workflows/waf-integration.yml @@ -11,7 +11,7 @@ on: workflow_dispatch: inputs: image_tag: - description: 'Docker image tag to test (e.g., pr-123-abc1234)' + description: 'Docker image tag to test (e.g., pr-123-abc1234, latest)' required: false type: string @@ -35,7 +35,7 @@ jobs: # Determine the correct image tag based on trigger context # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - name: Determine image tag - id: determine-tag + id: image env: EVENT: ${{ github.event.workflow_run.event }} REF: ${{ github.event.workflow_run.head_branch }} @@ -101,7 +101,7 @@ jobs: max_attempts: 3 retry_wait_seconds: 10 command: | - IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/charon:${{ steps.determine-tag.outputs.tag }}" + IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/charon:${{ steps.image.outputs.tag }}" echo "Pulling image: $IMAGE_NAME" docker pull "$IMAGE_NAME" docker tag "$IMAGE_NAME" charon:local @@ -113,12 +113,12 @@ jobs: if: steps.pull_image.outcome == 'failure' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SHA: ${{ steps.determine-tag.outputs.sha }} + SHA: ${{ steps.image.outputs.sha }} run: | echo "⚠️ Registry pull failed, falling back to artifact..." # Determine artifact name based on source type - if [[ "${{ steps.determine-tag.outputs.source_type }}" == "pr" ]]; then + if [[ "${{ steps.image.outputs.source_type }}" == "pr" ]]; then PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number') ARTIFACT_NAME="pr-image-${PR_NUM}" else @@ -142,7 +142,7 @@ jobs: # Validate image freshness by checking SHA label - name: Validate image SHA env: - SHA: ${{ steps.determine-tag.outputs.sha }} + SHA: ${{ steps.image.outputs.sha }} run: | LABEL_SHA=$(docker inspect charon:local --format '{{index .Config.Labels "org.opencontainers.image.revision"}}' | cut -c1-7) echo "Expected SHA: $SHA" diff --git a/docs/plans/rebase_resolution.md b/docs/plans/rebase_resolution.md new file mode 100644 index 00000000..73d1b400 --- /dev/null +++ b/docs/plans/rebase_resolution.md @@ -0,0 +1,53 @@ +# Rebase Resolution Plan + +## Overview +We are resolving conflicts in 4 workflow files during an interactive rebase. The conflicts primarily involve: +1. Updates to `workflow_dispatch` inputs (adding `latest` to description) from the rebase target. +2. Regression/simplification of `concurrency` groups in `e2e-tests.yml` (we must keep our robust HEAD version). +3. A massive duplication of logic ("Determine tag" -> "Pull image") in integration workflows caused by git auto-merge. +4. A conflict between "Pull from Registry" (HEAD) vs "Download Artifact" (Incoming) in `e2e-tests.yml` (we must keep Registry pull). + +## File-by-File Instructions + +### 1. `.github/workflows/crowdsec-integration.yml` + +* **Conflict Area 1 (Inputs)**: + * **Resolution**: Accept the *Incoming* change for the description (includes `latest`). + * **Action**: Update description to `'Docker image tag to test (e.g., pr-123-abc1234, latest)'`. +* **Duplication Fix (CRITICAL)**: + * **Issue**: The steps "Determine image tag", "Pull Docker image from registry", and "Fallback to artifact download" appear TWICE sequentially. + * **Resolution**: Delete the **FIRST** occurrence of this block. Keep the sequence that leads directly into "Validate image SHA". + * **Block to Delete**: Approximately lines 26-124. + +### 2. `.github/workflows/e2e-tests.yml` + +* **Inputs Issue (No marker, but duplicated)**: + * **Issue**: `image_tag` input appears twice in `workflow_dispatch`. + * **Resolution**: Keep the second one (with `latest` in description) and delete the first one. +* **Conflict Area 2 (Concurrency)**: + * **Resolution**: Keep **HEAD**. It contains the robust concurrency group key (`e2e-${{ github.workflow }}-${{ ... }}`) whereas the incoming change reverts to a simpler, less safe one. +* **Conflict Area 3 (Pull vs Download)**: + * **Issue**: HEAD uses "Pull Docker image from registry" (Phase 4 strategy). Incoming uses "Download Docker image" (old strategy). + * **Resolution**: Keep **HEAD**. + +### 3. `.github/workflows/rate-limit-integration.yml` + +* **Conflict Area 1 (Inputs)**: + * **Resolution**: Accept *Incoming* (with `latest`). +* **Duplication Fix**: + * **Issue**: Same as CrowdSec. Duplicate logic block. + * **Resolution**: Delete the **FIRST** occurrence of the [Determine -> Pull -> Fallback] sequence. + +### 4. `.github/workflows/waf-integration.yml` + +* **Conflict Area 1 (Inputs)**: + * **Resolution**: Accept *Incoming* (with `latest`). +* **Duplication Fix**: + * **Issue**: Same as CrowdSec. Duplicate logic block. + * **Resolution**: Delete the **FIRST** occurrence of the [Determine -> Pull -> Fallback] sequence. + +## Verification +After applying these fixes, we will verify: +1. No conflict markers (`<<<<<<<`, `=======`, `>>>>>>>`) remain. +2. No duplicate steps in the flows. +3. `e2e-tests.yml` specifically retains "Pull Docker image from registry".