Switch release trigger from tag push to GitHub Release published event#2
Merged
alongubkin merged 16 commits intoMar 12, 2026
Conversation
Rust library for building and pushing OCI container images without Docker. Includes layer builder, image builder, blob caching, registry push with auth support, CI/CD workflows, and crates.io release pipeline. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The integration tests in build_push_tests.rs need the test-utils feature and a Docker daemon. Run only --lib tests in CI to avoid compilation errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The extract method was unconditionally applying zstd decompression to all layers, but base image layers from registries are typically gzip-compressed. Now checks the layer media type and uses the appropriate decompressor. Also removes redundant gcr.io hostname checks in monolithic push detection. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Preserve base image CMD when only entrypoint is overridden (CMD is only cleared when entrypoint is explicitly set, matching Docker behavior) - Remove dead branch in push code (layers_to_push.is_empty() was unreachable after the early return above) - Handle uncompressed tar layers in extract (media types without +gzip or +zstd are now extracted as plain tar) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Distinguish gzip vs uncompressed Docker layers by checking for "gzip" in media type instead of matching all rootfs media types as gzip - Reset CMD to None (not empty array) when entrypoint overrides it, matching OCI spec semantics - Warn when only one of platform_os/platform_arch is set in PullAndExtractOptions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…g print - Record per-file metadata when adding directories to layers so the input-based cache key reflects actual directory contents (prevents stale cache hits when files inside a directory change) - Scope DOCKER_USERNAME/DOCKER_PASSWORD env vars to Docker Hub only, preventing credential leakage to unrelated registries - Remove leftover eprintln! debug statement in layer cache miss path - Document self-mount blob existence check workaround (oci-client lacks a HEAD blob API) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… dedup - Handle OCI/Docker whiteout files (.wh.<name> and .wh..wh..opq) during layer extraction so deleted files from prior layers are properly removed from the merged filesystem - Fix duplicate error message in From<io::Error> impl that produced "I/O error: Permission denied: Permission denied" - Deduplicate IMAGE_LAYER_ZSTD_MEDIA_TYPE constant into lib.rs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…content
- Include OS and arch in manifest cache key (manifest-v2:{ref}:{os}:{arch})
so multi-platform builds don't serve wrong cached manifests
- Hash in-memory content in data() FileMetadata so same-size blobs
at the same path produce different input cache keys
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…io::Error> The Docker Hub-only scoping of DOCKER_USERNAME/DOCKER_PASSWORD was a usability regression — CI/CD users commonly set these for any registry. The From<io::Error> impl was unused since all call sites construct Error::Io with contextual messages; removing it enforces that pattern. Also applies rustfmt formatting fixes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace push: tags: v* with release: types: [published] so releases require an explicit publish action, allowing draft review before the pipeline fires. Remove the github-release job since the release already exists when the workflow runs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ALIEN-9 Dockdash: Switch release trigger from tag push to GitHub Release published event
Currently the release workflow triggers on any v* tag push, which immediately publishes to crates.io with no opportunity to review. Switch to release: types: [published] so the flow is: create draft release → review/edit notes → publish → pipeline fires. |
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Member
Author
|
@greptile please review |
Greptile SummaryThis PR simplifies the release workflow by switching the trigger from a raw tag push (
Confidence Score: 4/5
Important Files Changed
Sequence DiagramsequenceDiagram
participant Dev as Developer
participant GH as GitHub
participant WF as Release Workflow
participant Crates as crates.io
Note over Dev,GH: Old flow (before PR)
Dev->>GH: git push tag v*
GH->>WF: Trigger (push: tags v*)
WF->>Crates: cargo publish
WF->>GH: Create GitHub Release (softprops/action-gh-release)
Note over Dev,GH: New flow (after PR)
Dev->>GH: Create draft release
Dev->>GH: Publish release
GH->>WF: Trigger (release: types published)
WF->>Crates: cargo publish
Last reviewed commit: 162ba76 |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
The github-release job that wrote back to GitHub was removed, so contents: write is no longer needed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Member
Author
|
Fixed — downgraded |
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
alongubkin
deleted the
alon/alien-9-dockdash-switch-release-trigger-from-tag-push-to-github
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
push: tags: v*withrelease: types: [published]so the pipeline only fires after explicitly publishing a draft releasegithub-releasejob — the release already exists when the workflow runs, making it redundantTest plan
v*tag@greptile please review
🤖 Generated with Claude Code