chore: refactor re-usable workflows to enable re-use in derived repositories #968
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the wc-build-push.yml workflow to make it more reusable by adding configurable registry and authentication options. Previously, the workflow was hardcoded to use GitHub Container Registry with GitHub authentication.
- Adds optional
registryinput parameter withghcr.ioas the default - Introduces optional Docker authentication secrets (
DOCKER_USERNAMEandDOCKER_PASSWORD) - Updates the workflow to use configurable registry and authentication with fallbacks to GitHub defaults
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 22 | 0 | 0 | 0.53s | |
| ✅ DOCKERFILE | hadolint | 2 | 0 | 0 | 0.77s | |
| ✅ GHERKIN | gherkin-lint | 6 | 0 | 0 | 2.29s | |
| ✅ JSON | npm-package-json-lint | yes | no | no | 0.35s | |
| ✅ JSON | prettier | 15 | 2 | 0 | 0 | 0.52s |
| ✅ JSON | v8r | 15 | 0 | 0 | 10.77s | |
| ✅ MARKDOWN | markdownlint | 11 | 0 | 0 | 0 | 0.94s |
| ✅ MARKDOWN | markdown-table-formatter | 11 | 0 | 0 | 0 | 0.24s |
| ✅ REPOSITORY | gitleaks | yes | no | no | 0.66s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.01s | |
| ✅ REPOSITORY | grype | yes | no | no | 28.33s | |
| ✅ REPOSITORY | secretlint | yes | no | no | 0.98s | |
| ✅ REPOSITORY | syft | yes | no | no | 2.0s | |
| ✅ REPOSITORY | trivy | yes | no | no | 4.54s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.24s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 3.04s | |
| lychee | 73 | 1 | 0 | 21.57s | ||
| ✅ YAML | prettier | 28 | 0 | 0 | 0 | 0.83s |
| ✅ YAML | v8r | 28 | 0 | 0 | 7.88s | |
| ✅ YAML | yamllint | 28 | 0 | 0 | 0.97s |
Detailed Issues
⚠️ SPELL / lychee - 1 error
[IGNORED] docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a)
[ERROR] https://slsa.dev/spec/v1.0/threats | Network error: error sending request for url (https://slsa.dev/spec/v1.0/threats) Maybe a certificate error?
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
📝 Summary
---------------------
🔍 Total..........122
✅ Successful.....119
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........1
Errors in test/cpp/features/security.feature
[ERROR] https://slsa.dev/spec/v1.0/threats | Network error: error sending request for url (https://slsa.dev/spec/v1.0/threats) Maybe a certificate error?
See detailed reports in MegaLinter artifacts
Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)
- Documentation: Custom Flavors
- Command:
npx [email protected] --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,GHERKIN_GHERKIN_LINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
…tps://github.com/philips-software/amp-devcontainer into ci/refactor-reusable-workflows-for-better-re-use
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 2 out of 4 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
.github/workflows/wc-build-push.yml:1
- This step references
inputs.flavorandCONTAINER_FLAVORwhich no longer exist after the refactoring. This should use the newinputs.devcontainer-metadataparameter and handle the case when it's not provided.
---
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 2 out of 4 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
.github/workflows/wc-build-push.yml:1
- The step still references the removed
CONTAINER_FLAVORenvironment variable. This should use the newdevcontainer-metadatainput parameter or be updated to work with the new parameterized approach.
---
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 5 out of 7 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
.github/workflows/wc-build-push.yml:1
- This code references the old
inputs.flavorparameter which no longer exists, and uses hardcoded path.devcontainer/${CONTAINER_FLAVOR}/. This should use the newinputs.devcontainer-metadataparameter instead.
---
rjaegers
changed the title
| uses: ./.github/workflows/wc-dependency-review.yml | ||
| permissions: | ||
| contents: read | ||
| pull-requests: write |
Check warning
Code scanning / zizmor
permissions without explanatory comments Warning
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
|
Pull Request Report (#968)Static measures
Time related measures
Status check related measures
|
|
🎉 Hooray! The changes in this pull request went live with the release of v6.5.2 🎉 |
This pull request refactors and enhances the GitHub Actions workflows for building, testing, and publishing multi-architecture devcontainer images. The changes introduce more flexible and reusable workflow templates, improve input/output handling, and add documentation and validation to standardize workflow practices across the repository.
Workflow Refactoring and Reusability
flavorusage with flexible inputs likedockerfile,image-name, and test paths. This enables easier extension to new flavors and architectures. (wc-build-push.yml,wc-build-push-test.yml,continuous-integration.yml,release-build.yml) [1] [2] [3] [4]wc-sanitize-image-name.yml) and corresponding job to sanitize and standardize image names and registry references for all build/push operations. This ensures consistent image naming and tagging.Input/Output and Secrets Handling
wc-build-push.yml,wc-build-push-test.yml) [1] [2]wc-acceptance-test.yml) [1] [2] [3]Testing and Publishing Improvements
continuous-integration.yml,release-build.yml,wc-build-push-test.yml,wc-build-push.yml) [1] [2] [3]wc-acceptance-test.yml,continuous-integration.yml) [1] [2]Documentation and Guidelines
.github/instructions/workflows.instructions.mdoutlining best practices for workflow naming, input/output sorting, and file conventions to ensure consistency and maintainability.General Workflow Robustness
${{ !cancelled() }}for step execution, better handling of optional inputs and secrets, and more robust runner selection for jobs). (wc-acceptance-test.yml,pr-conventional-title.yml,wc-build-push.yml) [1] [2] [3]