Fix docker version

[gounthar]

Summary by CodeRabbit

• Chores
  • Upgraded Jenkins base image and bumped many Jenkins plugin versions for stability and security.
  • Refreshed the cloud development workspace image to the latest upstream.
  • CI: Docker-version updates now create targeted branches/PRs only when changes are detected.
  • CI: Added Docker-change detection and gating so registry login, build/push steps, and related jobs run only for relevant Docker changes and skip forks.
  • Build/push steps broadened arm64 support alongside amd64.
  • Updated Dockerfile linting action to a newer revision.
  • No user-facing feature changes.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Detects docker-related changes and conditions CI: rewrites the Docker PR automation to only commit/push docker-versions.txt when relevant diffs exist, gates GHCR/login and many build-push steps on docker changes and forks, adds arm64 platform tags, pins hadolint action, bumps Gitpod base image and Jenkins controller ARG, and updates Jenkins plugin versions.

Changes

Cohort / File(s)	Summary of Changes
Docker PR automation workflow .github/workflows/github-docker-registry-push.yml	Rewrote flow to reset to origin/main, create a timestamped branch, generate and stage only docker-versions.txt, detect staged changes, commit/push and open a PR only when changes exist; introduced HAS_DOCKER_CHANGES detection/export and IS_FORK guards; gated GHCR login and many build/push steps on these flags; narrowed path triggers to dockerfiles/* and added linux/arm64 platform targets alongside linux/amd64.
Hadolint workflow pin .github/workflows/hadolint.yml	Updated hadolint-action pin from commit 3fc49fb50d59c6ab7917a2e4195dba633e515b29 to 2332a7b74a6de0dda2e2221d575162eba76ba5e5; no control-flow changes.
Gitpod base image .gitpod/Dockerfile	Bumped base image tag from gitpod/workspace-full:2025-08-25-18-17-39 to gitpod/workspace-full:2025-09-22-12-51-14.
Jenkins controller image dockerfiles/Dockerfile	Incremented ARG JENKINS_VERSION from 2.516.2 to 2.516.3, updating the FROM image tag.
Jenkins plugins manifest dockerfiles/plugins.txt	Updated many Jenkins plugin version entries (multiple bumps, some reordering and replacements) across the manifest.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Runner as Actions Runner
  participant Git as Git (origin)
  participant FS as Workspace FS
  participant GHAPI as GitHub API

  Runner->>Git: fetch + reset --hard origin/main
  Runner->>Git: create branch docker-versions-<ts>
  Runner->>FS: generate/write `docker-versions.txt`
  Runner->>Git: git add `docker-versions.txt`
  Runner->>Git: git diff --staged --quiet?

  alt changes detected
    Note over Runner: HAS_DOCKER_CHANGES = true
    Runner->>Git: git commit -m "update docker-versions"
    Runner->>Git: git push --set-upstream origin branch
    Runner->>GHAPI: create PR --title/--body
    GHAPI-->>Runner: PR metadata
  else no changes
    Note over Runner: skip commit/push/PR
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• fix(docker): Multi does not launch a second Jenkins controller anymore. #264: Overlaps edits to .github/workflows/github-docker-registry-push.yml (CI/docker PR automation changes).
• chore(jenkins): Updates Jenkins plugins #332: Overlapping updates to dockerfiles/plugins.txt (Jenkins plugin version bumps).
• chore(jenkins): Updates Jenkins plugins #309: Related plugin version adjustments in dockerfiles/plugins.txt (e.g., bouncycastle-api).

Poem

I thump and tidy CI lines bright,
Branches bloom beneath the night,
Plugins hop to versions new,
Docker notes in morning dew,
A rabbit cheers — merge takes flight! 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The title "Fix docker version" is partially related to the changeset but does not capture the main changes. While the PR does include a Docker version update (Jenkins 2.516.2 to 2.516.3) and plugin version bumps, the most substantial changes are the comprehensive workflow refactoring in github-docker-registry-push.yml, which introduces PR automation, Docker change detection, and conditional build logic. The title suggests a simple bug fix for a version issue, but the changeset represents a significant workflow enhancement alongside routine version updates. A more accurate title would highlight the workflow automation improvements or the broader scope of changes.	Consider revising the title to better reflect the primary changes in the PR. For example, "Automate Docker version tracking and refactor build workflow" or "Add PR automation for Docker builds and update versions" would more accurately describe the main changes. If the workflow changes are in support of fixing the Docker version tracking, consider a title like "Improve Docker version management workflow" to capture both the intent and the implementation.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-docker-version

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @gounthar, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request systematically updates various Docker-related versions across the project. It includes refreshing the Gitpod workspace base image, incrementing the core Jenkins version, and updating a comprehensive list of Jenkins plugins. These changes aim to maintain a current and robust development and continuous integration environment, leveraging the latest features and security patches from these essential tools.

Highlights

• Gitpod Workspace Base Image Update: The base image for the Gitpod development environment has been updated to a more recent version, ensuring access to the latest tools and configurations.
• Jenkins Version Increment: The Jenkins server's base version has been incremented from 2.516.2 to 2.516.3, providing minor updates to the Jenkins core.
• Jenkins Plugin Updates: Numerous Jenkins plugins have been updated to their latest stable versions, which likely includes bug fixes, performance improvements, and security enhancements for the CI/CD pipeline.

Ignored Files

• Ignored by pattern: .github/workflows/** (2)
  • .github/workflows/github-docker-registry-push.yml
  • .github/workflows/hadolint.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the versions for the Gitpod Docker image, Jenkins, and various Jenkins plugins. The changes are straightforward dependency bumps. My review includes suggestions to improve the Dockerfiles by using image digests instead of tags for base images. This is a best practice that enhances build reproducibility and security.

[gemini-code-assist]

For better build reproducibility and to avoid potential issues with mutable tags, it's recommended to pin the base image to its digest (e.g., gitpod/workspace-full@sha256:...) instead of a tag. This ensures that you are always using the exact same image version. You might need to update your updatecli configuration in updatecli/updatecli.d/gitpod.yaml to fetch the digest instead of the tag.

[gemini-code-assist]

While updating the Jenkins version is correct, for better build reproducibility and security, it's a best practice to pin the base image in the FROM instruction (line 6) to its digest (@sha256:...) rather than a tag. Tags can be overwritten, which might lead to unexpected changes in the base image. You could update your updatecli configuration to fetch both the version number for this ARG and the image digest for the FROM line.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

.gitpod/Dockerfile (1)

4-4: Consider digest pin and minor hardening.

• Pin the base to an image digest for reproducibility.
• Use apt-get with --no-install-recommends, and combine update/install under apt-get to satisfy hadolint best practices.

.github/workflows/github-docker-registry-push.yml (2)

48-56: Safer branch prep.

Consider guarding against repos whose default branch isn’t main, or when main is protected in forks. Optionally use: git checkout -B "$BRANCH_NAME" origin/main.

---

57-60: Capture Docker and Compose versions robustly

Replace the current version-capture lines (around 57–60) in .github/workflows/github-docker-registry-push.yml with the following to enable fail-fast behavior and fall back when “docker compose” isn’t available:

-          # Write Docker versions to file
-          echo "- $(docker --version)" > docker-versions.txt
-          echo "- $(docker compose version)" >> docker-versions.txt
+          # Fail fast and capture versions robustly
+          set -euo pipefail
+          { docker --version || true; } | sed 's/^/- /' > docker-versions.txt
+          if docker compose version >/dev/null 2>&1; then
+            echo "- $(docker compose version)" >> docker-versions.txt
+          elif command -v docker-compose >/dev/null 2>&1; then
+            echo "- docker-compose $(docker-compose --version | sed 's/^docker-compose //')" >> docker-versions.txt
+          else
+            echo "- docker compose: not installed" >> docker-versions.txt
+          fi

dockerfiles/plugins.txt (1)

4-25: Broad plugin bumps—please validate against new core.

With Jenkins 2.516.3, ensure all updated plugins resolve cleanly (no downgrades via workflow-aggregator) and no implied dependencies conflict. Recommend a dry run with jenkins-plugin-cli --plugin-file plugins.txt --jenkins-version 2.516.3 in CI.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bc46547 and f73e04c.

📒 Files selected for processing (5)

• .github/workflows/github-docker-registry-push.yml (1 hunks)
• .github/workflows/hadolint.yml (7 hunks)
• .gitpod/Dockerfile (1 hunks)
• dockerfiles/Dockerfile (1 hunks)
• dockerfiles/plugins.txt (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (3)

dockerfiles/Dockerfile (1)

4-6: Jenkins core bump looks fine; please confirm plugin compatibility.

ARG changed to 2.516.3 and used in FROM and UpgradeWizard state. Verify that all pinned plugins in dockerfiles/plugins.txt resolve against 2.516.3 and that the lts-jdk21 tag exists for this version in your registry. If any plugin requires a newer core, builds will fail at jenkins-plugin-cli time.

.github/workflows/hadolint.yml (1)

36-36: Good: action pinned by commit SHA.

Upgrading hadolint/hadolint-action with a pinned commit improves supply‑chain safety. No other issues spotted.

Also applies to: 45-45, 54-54, 63-63, 72-72, 81-81, 90-90

dockerfiles/plugins.txt (1)

75-82: Workflow plugins updated in lockstep—nice.

Keeping workflow-* family aligned reduces classloader issues. LGTM.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

.github/workflows/github-docker-registry-push.yml (5)

58-60: Provide a fallback when Docker Compose plugin is absent.

On some runners, only docker-compose exists. Add a safe fallback to avoid step failure.

-          echo "- $(docker --version)" > docker-versions.txt
-          echo "- $(docker compose version)" >> docker-versions.txt
+          echo "- $(docker --version)" > docker-versions.txt
+          if docker compose version >/dev/null 2>&1; then
+            echo "- $(docker compose version)" >> docker-versions.txt
+          elif command -v docker-compose >/dev/null 2>&1; then
+            echo "- $(docker-compose --version)" >> docker-versions.txt
+          else
+            echo "- Docker Compose: not installed" >> docker-versions.txt
+          fi

---

81-92: Fix Dockerfile change detection (current check always prints “No changes”).

$? here reflects the loop’s last command, not whether a match was found. Export a boolean and use it downstream.

-          for file in ${{ env.files }}; do
-            if [[ $file =~ (^|/)Dockerfile($|/)|(^|/)dockerfiles/ ]]; then
-              echo "Dockerfile or dockerfiles directory has changed."
-              echo "Changed file: $file"
-              break
-            fi
-          done
-          
-          if (( $? == 0 )); then
-            echo "No Dockerfile or context directory changes. Skipping Docker image build and push steps."
-            echo "Changed files: ${{ env.files }}"
-          fi
+          HAS_DOCKER_CHANGES=false
+          for file in ${{ env.files }}; do
+            if [[ "$file" =~ (^|/)Dockerfile($|/)|(^|/)dockerfiles/ ]]; then
+              echo "Dockerfile or dockerfiles directory has changed: $file"
+              HAS_DOCKER_CHANGES=true
+              break
+            fi
+          done
+          echo "HAS_DOCKER_CHANGES=$HAS_DOCKER_CHANGES" >> "$GITHUB_ENV"

Then gate push/login/build steps on env.HAS_DOCKER_CHANGES == 'true'.

---

103-111: Avoid GHCR login on forks (secrets unavailable).

Fork PRs don’t receive repo secrets; gate login on both change detection and fork status.

-        if: contains(env.files, 'Dockerfile')
+        if: env.HAS_DOCKER_CHANGES == 'true' && env.IS_FORK != 'true'

Also consider adding the same fork guard to each build-and-push step to prevent failures on forked PRs.

---

112-128: Duplicate branch-name extraction step.

Two consecutive steps set BRANCH the same way. Remove one to reduce noise.

-      - name: Extract branch name and set BRANCH environment variable
-        # This step extracts the branch name and sets the BRANCH environment variable
-        shell: bash
-        run: |
-          BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | sed -e 's#/#-#g')
-          if [[ "$BRANCH_NAME" == "main" ]]; then BRANCH_NAME=""; fi
-          echo "BRANCH=$BRANCH_NAME" >> $GITHUB_ENV

---

139-241: Replace linux/aarch64 with linux/arm64 across workflows

In .github/workflows/github-docker-registry-push.yml update all occurrences of

platforms: linux/amd64, linux/aarch64

to

platforms: linux/amd64, linux/arm64

Buildx’s canonical architecture token is arm64; using aarch64 may fail on some runners.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f73e04c and 8ef04ff.

📒 Files selected for processing (1)

• .github/workflows/github-docker-registry-push.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: update_release_draft

🔇 Additional comments (2)

.github/workflows/github-docker-registry-push.yml (2)

68-75: Unterminated quotes issue is fixed.

The commit message and PR body strings are now correctly closed. Looks good.

---

29-31: Retain actions/checkout@v5 — v5 is the latest stable major version; no change required.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8ef04ff and 464d27b.

📒 Files selected for processing (1)

• .github/workflows/github-docker-registry-push.yml (5 hunks)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/github-docker-registry-push.yml (2)

42-76: Consider edge cases in the PR creation flow.

The workflow checks out main, resets to origin/main, creates a branch, and then attempts to create a PR. However, if the workflow runs concurrently (e.g., from scheduled triggers at 4:30 and 16:30), multiple branches could be created with different timestamps, each potentially creating a PR.

While the unique timestamp prevents branch name collisions, you may want to consider adding a check to see if an open PR for docker version updates already exists before creating a new one.

You could add a check before PR creation:

          if git diff --cached --quiet; then
            echo "No changes to docker-versions.txt, skipping PR creation"
          else
+           # Check if an open PR already exists
+           EXISTING_PR=$(gh pr list --base main --state open --search "chore: update Docker versions in:title" --json number --jq '.[0].number')
+           if [ -n "$EXISTING_PR" ]; then
+             echo "PR #$EXISTING_PR already exists for docker version updates, skipping"
+             exit 0
+           fi
            git commit -m "chore: update Docker versions"

---

130-130: Refine the trigger condition to avoid unnecessary rebuilds.

The condition triggers on any file change under dockerfiles/, but the Dockerfile only uses files from the root of that directory (jobs/, plugins.txt, jenkins.yaml). Changes to subdirectories like dockerfiles/maven/, dockerfiles/python/, etc., will unnecessarily trigger a rebuild of the simple controller.

Consider updating the condition to be more specific:

if: (contains(env.files, 'dockerfiles/Dockerfile') || contains(env.files, 'dockerfiles/plugins.txt') || contains(env.files, 'dockerfiles/jenkins.yaml') || contains(env.files, 'dockerfiles/jobs/')) && env.IS_FORK != 'true'

This ensures the build only triggers when files actually used by the Dockerfile are modified.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 464d27b and f5bdbb9.

📒 Files selected for processing (1)

• .github/workflows/github-docker-registry-push.yml (5 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (4)

.github/workflows/github-docker-registry-push.yml (4)

68-75: The unterminated quote issues have been resolved.

The commit message on line 68 and PR body on line 73 are now properly terminated with closing quotes. The syntax errors flagged in the previous review have been fixed.

---

78-95: LGTM! The docker change detection is well-implemented.

The regex pattern correctly identifies both Dockerfile changes and any changes under dockerfiles/ directories. The flag is properly exported to GITHUB_ENV for use in subsequent steps.

---

108-108: LGTM! The GHCR login is properly guarded.

The condition correctly gates authentication on both docker changes and fork status, avoiding unnecessary credential operations.

---

140-236: The directory-based triggers have been correctly implemented.

All build steps now use directory patterns (e.g., dockerfiles/maven/, dockerfiles/python/) instead of checking only for specific Dockerfile paths. This ensures that changes to any file within the build context (like requirements.txt, package.json, etc.) will trigger the appropriate image rebuild, addressing the concern raised in the previous review.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

.github/workflows/github-docker-registry-push.yml (2)

42-89: Consider limiting Docker version PR creation to main branch.

The Docker version PR creation step runs on every push to any branch (due to line 9: branches: ['*']). While the step resets to origin/main and checks for existing PRs, this means feature branch pushes will also trigger version checks and potentially create branches.

Consider limiting this step to only run when pushing to main:

       - name: Commit and create PR for Docker versions
-        if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
         run: |

This ensures version updates are only proposed from main branch activity, reducing noise from feature branches.

---

33-36: File detection may fail on scheduled runs.

The git diff --name-only ${{ github.event.before }} ${{ github.sha }} command relies on github.event.before, which is not available during scheduled workflow runs. This will cause the diff to fail or return empty results.

Current behavior is likely acceptable if scheduled runs are only meant to update docker-versions.txt. However, if you want to explicitly handle scheduled runs differently, consider:

       - name: Retrieve modified files
         # This step retrieves the files that were modified in the commit
         id: changes
-        run: echo "files=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | tr '\n' ' ')" >> $GITHUB_ENV
+        run: |
+          if [[ "${{ github.event_name }}" == "schedule" ]]; then
+            echo "files=" >> $GITHUB_ENV
+          else
+            echo "files=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | tr '\n' ' ')" >> $GITHUB_ENV
+          fi

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f5bdbb9 and d1efff5.

📒 Files selected for processing (1)

• .github/workflows/github-docker-registry-push.yml (5 hunks)

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/github-docker-registry-push.yml

81-81: could not parse as YAML: yaml: line 81: did not find expected alphabetic or numeric character

(syntax-check)

🪛 YAMLlint (1.37.1)

.github/workflows/github-docker-registry-push.yml

[error] 81-81: syntax error: expected alphabetic or numeric character, but found '*'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (2)

.github/workflows/github-docker-registry-push.yml (2)

118-126: Good optimization to gate login on Docker changes.

The condition now only logs into GHCR when there are actual Docker-related changes, avoiding unnecessary authentication steps.

---

153-249: Build conditionals correctly match directory changes.

The build step conditionals have been updated to use directory paths (e.g., dockerfiles/maven/) instead of specific Dockerfile paths. This ensures that changes to any file within the build context (not just the Dockerfile) will trigger the appropriate image build.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Condition triggers on unrelated subdirectory changes.

The condition contains(env.files, 'dockerfiles/') will match any file under dockerfiles/, including files in subdirectories like dockerfiles/maven/Dockerfile or dockerfiles/python/requirements.txt. This causes the simple controller build to run unnecessarily when only language-specific agent files change.

To match only files directly in the dockerfiles/ root (not subdirectories), you need a more precise check. Consider this approach:

-      - name: Build and push a simple jenkins controller
-        # This step builds and pushes a simple Jenkins controller
-        if: (contains(env.files, 'dockerfiles/Dockerfile') || contains(env.files, 'dockerfiles/')) && env.IS_FORK != 'true'
+      - name: Build and push a simple jenkins controller
+        # This step builds and pushes a simple Jenkins controller
+        if: (contains(env.files, 'dockerfiles/Dockerfile') || contains(env.files, 'dockerfiles/plugins.txt')) && env.IS_FORK != 'true'

Alternatively, use a more sophisticated check in the "Check for Dockerfile and context changes" step to set separate flags for each build context.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In .github/workflows/github-docker-registry-push.yml around lines 141–149, the
job condition uses contains(env.files, 'dockerfiles/') which also matches files
in subdirectories and causes irrelevant builds; replace that check with a
precise test for files directly under dockerfiles/ (for example check for the
explicit path(s) like 'dockerfiles/Dockerfile' or equivalent exact filenames you
expect) or, preferably, modify the earlier "Check for Dockerfile and context
changes" step to set a dedicated env flag per build context (e.g.,
DOCKERFILES_ROOT_CHANGED) and use that flag in this job’s if condition so only
changes to files directly in the dockerfiles/ root trigger the simple controller
build.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d1efff5 and d9954fa.

📒 Files selected for processing (1)

• .github/workflows/github-docker-registry-push.yml (5 hunks)

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/github-docker-registry-push.yml

81-81: could not parse as YAML: yaml: line 81: did not find expected alphabetic or numeric character

(syntax-check)

🪛 YAMLlint (1.37.1)

.github/workflows/github-docker-registry-push.yml

[error] 81-81: syntax error: expected alphabetic or numeric character, but found '*'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (4)

.github/workflows/github-docker-registry-push.yml (4)

91-108: LGTM: Docker change detection is well-implemented.

The change detection logic correctly identifies Dockerfile and dockerfiles/ changes, and the HAS_DOCKER_CHANGES flag properly gates downstream Docker operations.

---

121-121: Good optimization: GHCR login now properly gated.

Gating the GHCR login on HAS_DOCKER_CHANGES prevents unnecessary authentication when Docker builds won't run, improving workflow efficiency.

---

147-247: Good enhancement: arm64 platform support added.

Adding linux/arm64 to multiple build steps provides broader platform coverage. Android appropriately remains amd64-only due to emulator constraints.

---

141-149: Build condition too broad: triggers on unrelated subdirectory changes.

The condition contains(env.files, 'dockerfiles/') matches any file under dockerfiles/, including subdirectories like dockerfiles/maven/ or dockerfiles/python/. This causes the simple controller build to run unnecessarily when only language-specific agent files change.

Match only files directly in the dockerfiles/ root:

-      - name: Build and push a simple jenkins controller
-        # This step builds and pushes a simple Jenkins controller
-        if: (contains(env.files, 'dockerfiles/Dockerfile') || contains(env.files, 'dockerfiles/')) && env.IS_FORK != 'true'
+      - name: Build and push a simple jenkins controller
+        # This step builds and pushes a simple Jenkins controller
+        if: (contains(env.files, 'dockerfiles/Dockerfile') || contains(env.files, 'dockerfiles/plugins.txt')) && env.IS_FORK != 'true'

Alternatively, modify the "Check for Dockerfile and context changes" step to set separate flags for each build context (e.g., DOCKERFILES_ROOT_CHANGED).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical YAML syntax error: fix multi-line PR body.

Static analysis confirms line 81 causes a YAML parsing error because **Changes:** at the line start is interpreted as YAML syntax. The backslash-continued multi-line string is fragile.

Use a heredoc to avoid YAML parsing issues:

-            # Create PR with explicit title and body instead of --fill
-            gh pr create \
-              --title "chore: update Docker versions" \
-              --body "Automated update of docker-versions.txt with current Docker and Docker Compose versions.
-
-**Changes:**
-- Updated Docker version information
-- Updated Docker Compose version information
-
-This PR only contains changes to docker-versions.txt and no other files." \
-              --base main \
-              --head "$BRANCH_NAME"
+            # Create PR with explicit title and body instead of --fill
+            gh pr create \
+              --title "chore: update Docker versions" \
+              --body "$(cat <<'EOF'
+Automated update of docker-versions.txt with current Docker and Docker Compose versions.
+
+**Changes:**
+- Updated Docker version information
+- Updated Docker Compose version information
+
+This PR only contains changes to docker-versions.txt and no other files.
+EOF
+)" \
+              --base main \
+              --head "$BRANCH_NAME"

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 actionlint (1.7.7)

81-81: could not parse as YAML: yaml: line 81: did not find expected alphabetic or numeric character

(syntax-check)

🪛 YAMLlint (1.37.1)

[error] 81-81: syntax error: expected alphabetic or numeric character, but found '*'

(syntax)