akanealw
eec8c28fb3
Some checks failed
Go Benchmark / Performance Regression Check (push) Has been cancelled
Cerberus Integration / Cerberus Security Stack Integration (push) Has been cancelled
Upload Coverage to Codecov / Backend Codecov Upload (push) Has been cancelled
Upload Coverage to Codecov / Frontend Codecov Upload (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (go) (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Has been cancelled
CrowdSec Integration / CrowdSec Bouncer Integration (push) Has been cancelled
Docker Build, Publish & Test / build-and-push (push) Has been cancelled
Quality Checks / Auth Route Protection Contract (push) Has been cancelled
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Has been cancelled
Quality Checks / Backend (Go) (push) Has been cancelled
Quality Checks / Frontend (React) (push) Has been cancelled
Rate Limit integration / Rate Limiting Integration (push) Has been cancelled
Security Scan (PR) / Trivy Binary Scan (push) Has been cancelled
Supply Chain Verification (PR) / Verify Supply Chain (push) Has been cancelled
WAF integration / Coraza WAF Integration (push) Has been cancelled
Docker Build, Publish & Test / Security Scan PR Image (push) Has been cancelled
Repo Health Check / Repo health (push) Has been cancelled
History Rewrite Dry-Run / Dry-run preview for history rewrite (push) Has been cancelled
Prune Renovate Branches / prune (push) Has been cancelled
Renovate / renovate (push) Has been cancelled
Nightly Build & Package / sync-development-to-nightly (push) Has been cancelled
Nightly Build & Package / Trigger Nightly Validation Workflows (push) Has been cancelled
Nightly Build & Package / build-and-push-nightly (push) Has been cancelled
Nightly Build & Package / test-nightly-image (push) Has been cancelled
Nightly Build & Package / verify-nightly-supply-chain (push) Has been cancelled
Update GeoLite2 Checksum / update-checksum (push) Has been cancelled
Container Registry Prune / prune-ghcr (push) Has been cancelled
Container Registry Prune / prune-dockerhub (push) Has been cancelled
Container Registry Prune / summarize (push) Has been cancelled
Supply Chain Verification / Verify SBOM (push) Has been cancelled
Supply Chain Verification / Verify Release Artifacts (push) Has been cancelled
Supply Chain Verification / Verify Docker Image Supply Chain (push) Has been cancelled
Monitor Caddy Major Release / check-caddy-major (push) Has been cancelled
Weekly Nightly to Main Promotion / Verify Nightly Branch Health (push) Has been cancelled
Weekly Nightly to Main Promotion / Create Promotion PR (push) Has been cancelled
Weekly Nightly to Main Promotion / Trigger Missing Required Checks (push) Has been cancelled
Weekly Nightly to Main Promotion / Notify on Failure (push) Has been cancelled
Weekly Nightly to Main Promotion / Workflow Summary (push) Has been cancelled
52 lines
2.3 KiB
Markdown
Executable File
52 lines
2.3 KiB
Markdown
Executable File
**Status**: ✅ RESOLVED (January 30, 2026)
|
||
|
||
<https://github.com/Wikid82/Charon/actions/runs/21503634925/job/61955008214>
|
||
|
||
Run # Normalize image name for reference
|
||
🔍 Extracting binary from: ghcr.io/wikid82/charon:feature/beta-release
|
||
invalid reference format
|
||
Error: Process completed with exit code 1.
|
||
|
||
The failure is caused by an invalid Docker image reference format when trying to extract the charon binary. In the logs:
|
||
|
||
invalid reference format
|
||
|
||
This happens during the construction of the IMAGE_REF environment variable in this step:
|
||
|
||
bash
|
||
if [[ "${{ steps.pr-info.outputs.is_push }}" == "true" ]]; then
|
||
IMAGE_REF="ghcr.io/${IMAGE_NAME}:${{ github.event.workflow_run.head_branch }}"
|
||
else
|
||
IMAGE_REF="ghcr.io/${IMAGE_NAME}:pr-${{ steps.pr-info.outputs.pr_number }}"
|
||
fi
|
||
If the PR number is missing or blank, IMAGE_REF becomes invalid (e.g., ghcr.io/wikid82/charon:pr-), which is not a valid tag. The extraction then fails.
|
||
|
||
Solution:
|
||
|
||
Add a check to ensure steps.pr-info.outputs.pr_number is set before constructing IMAGE_REF for PRs. If it’s missing/empty, exit or skip with a clear message.
|
||
Suggested code improvement for the “Extract charon binary from container” step:
|
||
|
||
YAML
|
||
|
||
- name: Extract charon binary from container
|
||
if: steps.check-artifact.outputs.artifact_exists == 'true'
|
||
id: extract
|
||
run: |
|
||
IMAGE_NAME=$(echo "${{ github.repository_owner }}/charon" | tr '[:upper:]' '[:lower:]')
|
||
if [[ "${{ steps.pr-info.outputs.is_push }}" == "true" ]]; then
|
||
IMAGE_REF="ghcr.io/${IMAGE_NAME}:${{ github.event.workflow_run.head_branch }}"
|
||
else
|
||
if [[ -z "${{ steps.pr-info.outputs.pr_number }}" ]]; then
|
||
echo "❌ PR number missing, cannot form Docker image reference."
|
||
exit 1
|
||
fi
|
||
IMAGE_REF="ghcr.io/${IMAGE_NAME}:pr-${{ steps.pr-info.outputs.pr_number }}"
|
||
fi
|
||
echo "🔍 Extracting binary from: ${IMAGE_REF}"
|
||
...
|
||
This ensures the workflow does not attempt to use an invalid image tag when the PR number is missing. Adjust similar logic throughout the workflow to handle missing variables gracefully.
|
||
|
||
## Resolution
|
||
|
||
Fixed by adding proper validation for PR number before constructing Docker image reference, ensuring IMAGE_REF is never constructed with empty/missing variables. Branch name sanitization also implemented to handle slashes in feature branch names.
|