Add extra checks

Author: ValentaTomas

.github/workflows/build.yml

@@ -19,8 +19,7 @@ jobs:
       - name: Parse versions from file
         id: set-versions
         run: |
-          # Read versions, skip comments and empty lines, output as JSON array
-          versions=$(grep -v '^ *#' firecracker_versions.txt | grep -v '^$' | jq -R -s -c 'split("\n") | map(select(length > 0))')
+          versions=$(./scripts/parse-versions.sh firecracker_versions.txt)
           echo "versions=$versions" >> $GITHUB_OUTPUT
           echo "Building versions: $versions"
 
@@ -49,10 +48,3 @@ jobs:
           name: firecracker-${{ steps.build.outputs.version_name }}
           path: builds/
           retention-days: 7
-
-      - name: Upload version info
-        uses: actions/upload-artifact@v4
-        with:
-          name: version-info-${{ steps.build.outputs.version_name }}
-          path: built_versions.txt
-          retention-days: 7

.github/workflows/fc-versions.yml

@@ -17,9 +17,30 @@ jobs:
   build:
     uses: ./.github/workflows/build.yml
 
+  # Check CI status in parallel with builds (for faster feedback)
+  check-ci:
+    name: Check FC repo CI status
+    runs-on: ubuntu-latest
+    outputs:
+      ci_passed: ${{ steps.ci-check.outputs.ci_passed }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check CI status for all versions
+        id: ci-check
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          output=$(./scripts/check-fc-ci.sh firecracker_versions.txt)
+          echo "$output"
+          # Extract ci_passed from last line
+          ci_passed=$(echo "$output" | grep "^ci_passed=" | cut -d= -f2)
+          echo "ci_passed=$ci_passed" >> $GITHUB_OUTPUT
+
+  # Collect artifacts and publish (waits for both build and CI check)
   publish:
     name: Collect and upload builds
-    needs: build
+    needs: [build, check-ci]
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repository
@@ -38,76 +59,22 @@ jobs:
       - name: List downloaded builds
         run: find builds -type f | head -20
 
-      # Download version info to get commit hashes
-      - name: Download version info
-        uses: actions/download-artifact@v4
-        with:
-          path: version-info
-          pattern: version-info-*
-          merge-multiple: true
-
-      # Check CI status for all commits (runs on all branches for visibility)
-      - name: Check CI status for all versions
-        id: ci-check
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: CI check result
         run: |
-          FIRECRACKER_REPO="e2b-dev/firecracker"
-          all_passed=true
-          failed_versions=""
-
-          # Read all version:hash pairs
-          for line in $(cat version-info/built_versions.txt 2>/dev/null || echo ""); do
-            version_name=$(echo "$line" | cut -d: -f1)
-            commit_hash=$(echo "$line" | cut -d: -f2)
-            
-            echo "Checking CI for $version_name (commit: $commit_hash)..."
-            
-            # Check combined commit status
-            status=$(gh api "/repos/${FIRECRACKER_REPO}/commits/${commit_hash}/status" --jq '.state' 2>/dev/null || echo "unknown")
-            
-            # Check check-runs (GitHub Actions)
-            check_conclusion=$(gh api "/repos/${FIRECRACKER_REPO}/commits/${commit_hash}/check-runs" --jq '
-              if .total_count == 0 then "no_checks"
-              elif ([.check_runs[].conclusion] | all(. == "success" or . == "skipped" or . == null)) then "success"
-              elif ([.check_runs[].status] | any(. == "in_progress" or . == "queued")) then "pending"
-              else "failure"
-              end
-            ' 2>/dev/null || echo "unknown")
-            
-            echo "  Status: $status, Check runs: $check_conclusion"
-            
-            if [[ "$status" == "failure" ]] || [[ "$check_conclusion" == "failure" ]]; then
-              echo "  ❌ CI failed for $version_name"
-              all_passed=false
-              failed_versions="${failed_versions}${version_name} "
-            elif [[ "$status" == "pending" ]] || [[ "$check_conclusion" == "pending" ]]; then
-              echo "  ⏳ CI still running for $version_name"
-              all_passed=false
-              failed_versions="${failed_versions}${version_name}(pending) "
-            else
-              echo "  ✅ CI passed for $version_name"
-            fi
-          done
-
-          if [[ "$all_passed" == "true" ]]; then
-            echo "All CI checks passed!"
-            echo "ci_passed=true" >> $GITHUB_OUTPUT
-          else
-            echo "CI checks failed or pending for: $failed_versions"
-            echo "ci_passed=false" >> $GITHUB_OUTPUT
-            echo "Skipping GCS upload and release creation."
+          echo "CI check passed: ${{ needs.check-ci.outputs.ci_passed }}"
+          if [[ "${{ needs.check-ci.outputs.ci_passed }}" != "true" ]]; then
+            echo "⚠️ CI checks did not pass - skipping GCS upload and release"
           fi
 
       - name: Setup Service Account
-        if: github.ref_name == 'main' && steps.ci-check.outputs.ci_passed == 'true'
+        if: github.ref_name == 'main' && needs.check-ci.outputs.ci_passed == 'true'
         uses: google-github-actions/auth@v2
         with:
           project_id: ${{ secrets.GCP_PROJECT_ID }}
           workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
 
       - name: Upload firecrackers to GCS
-        if: github.ref_name == 'main' && steps.ci-check.outputs.ci_passed == 'true'
+        if: github.ref_name == 'main' && needs.check-ci.outputs.ci_passed == 'true'
         uses: "google-github-actions/upload-cloud-storage@v1"
         with:
           path: "./builds"
@@ -116,7 +83,7 @@ jobs:
           parent: false
 
       - name: Create releases for each Firecracker version
-        if: github.ref_name == 'main' && steps.ci-check.outputs.ci_passed == 'true'
+        if: github.ref_name == 'main' && needs.check-ci.outputs.ci_passed == 'true'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |

scripts/check-fc-ci.sh

@@ -0,0 +1,106 @@
+#!/bin/bash
+# Check CI status for all Firecracker versions
+# Outputs: ci_passed=true|false to stdout (for GitHub Actions)
+
+set -euo pipefail
+
+VERSIONS_FILE="${1:-firecracker_versions.txt}"
+FIRECRACKER_REPO_URL="https://github.com/e2b-dev/firecracker.git"
+FIRECRACKER_REPO_API="e2b-dev/firecracker"
+
+if [[ ! -f "$VERSIONS_FILE" ]]; then
+  echo "Error: $VERSIONS_FILE not found" >&2
+  exit 1
+fi
+
+# Clone FC repo to resolve commit hashes
+TEMP_DIR=$(mktemp -d)
+trap "rm -rf $TEMP_DIR" EXIT
+
+echo "Cloning FC repo to resolve commit hashes..."
+git clone --bare "$FIRECRACKER_REPO_URL" "$TEMP_DIR/fc-repo" 2>/dev/null
+cd "$TEMP_DIR/fc-repo"
+
+all_passed=true
+failed_versions=""
+
+# Read versions from file
+while IFS= read -r version || [[ -n "$version" ]]; do
+  # Skip comments and empty lines
+  [[ "$version" =~ ^[[:space:]]*# ]] && continue
+  [[ -z "$version" ]] && continue
+  
+  echo "Processing version: $version"
+  
+  # Resolve commit hash
+  if [[ "$version" =~ ^([^_]+)_([0-9a-fA-F]+)$ ]]; then
+    # Format: tag_shorthash
+    tag="${BASH_REMATCH[1]}"
+    shorthash="${BASH_REMATCH[2]}"
+    commit_hash=$(git rev-parse --verify "$shorthash^{commit}" 2>/dev/null || echo "")
+    version_name="${tag}_${shorthash}"
+  else
+    # Plain tag
+    commit_hash=$(git rev-parse --verify "${version}^{commit}" 2>/dev/null || echo "")
+    if [[ -n "$commit_hash" ]]; then
+      short_hash=$(git rev-parse --short "$commit_hash")
+      version_name="${version}_${short_hash}"
+    else
+      version_name="$version"
+    fi
+  fi
+  
+  if [[ -z "$commit_hash" ]]; then
+    echo "  ⚠️ Could not resolve commit for $version"
+    continue
+  fi
+  
+  echo "  Checking CI for $version_name (commit: $commit_hash)..."
+  
+  # Check combined commit status
+  status=$(gh api "/repos/${FIRECRACKER_REPO_API}/commits/${commit_hash}/status" --jq '.state' 2>/dev/null || echo "unknown")
+  
+  # Check check-runs (GitHub Actions)
+  # Order matters: check pending BEFORE success (null conclusion means in-progress)
+  check_conclusion=$(gh api "/repos/${FIRECRACKER_REPO_API}/commits/${commit_hash}/check-runs" --jq '
+    if .total_count == 0 then "no_checks"
+    elif ([.check_runs[].status] | any(. == "in_progress" or . == "queued")) then "pending"
+    elif ([.check_runs[].conclusion] | any(. == "failure" or . == "cancelled" or . == "timed_out")) then "failure"
+    elif ([.check_runs[].conclusion] | all(. == "success" or . == "skipped" or . == "neutral")) then "success"
+    else "unknown"
+    end
+  ' 2>/dev/null || echo "unknown")
+  
+  echo "  Status: $status, Check runs: $check_conclusion"
+  
+  # Treat unknown as failure (API errors should block release)
+  if [[ "$status" == "failure" ]] || [[ "$check_conclusion" == "failure" ]]; then
+    echo "  ❌ CI failed for $version_name"
+    all_passed=false
+    failed_versions="${failed_versions}${version_name} "
+  elif [[ "$status" == "pending" ]] || [[ "$check_conclusion" == "pending" ]]; then
+    echo "  ⏳ CI still running for $version_name"
+    all_passed=false
+    failed_versions="${failed_versions}${version_name}(pending) "
+  elif [[ "$status" == "unknown" ]] || [[ "$check_conclusion" == "unknown" ]]; then
+    echo "  ⚠️ Could not verify CI status for $version_name (API error)"
+    all_passed=false
+    failed_versions="${failed_versions}${version_name}(unknown) "
+  elif [[ "$status" == "success" ]] || [[ "$check_conclusion" == "success" ]]; then
+    echo "  ✅ CI passed for $version_name"
+  else
+    # Catch-all for unexpected states
+    echo "  ⚠️ Unexpected CI state for $version_name: status=$status, check_conclusion=$check_conclusion"
+    all_passed=false
+    failed_versions="${failed_versions}${version_name}(unexpected) "
+  fi
+done < "$OLDPWD/$VERSIONS_FILE"
+
+echo ""
+if [[ "$all_passed" == "true" ]]; then
+  echo "All CI checks passed!"
+  echo "ci_passed=true"
+else
+  echo "CI checks failed or pending for: $failed_versions"
+  echo "ci_passed=false"
+fi

scripts/parse-versions.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# Parse versions from firecracker_versions.txt and output as JSON array
+
+set -euo pipefail
+
+VERSIONS_FILE="${1:-firecracker_versions.txt}"
+
+if [[ ! -f "$VERSIONS_FILE" ]]; then
+  echo "Error: $VERSIONS_FILE not found" >&2
+  exit 1
+fi
+
+# Read versions, skip comments and empty lines, output as JSON array
+grep -v '^ *#' "$VERSIONS_FILE" | grep -v '^$' | jq -R -s -c 'split("\n") | map(select(length > 0))'