Add GitHub Action to build and push Docker images on PRs

[aantn]

Builds robusta-runner images on every PR and pushes to the temporary-builds registry in GCP. Posts a comment on the PR with the image tag and helm upgrade instructions.

Fork PRs will build but not push (no registry access).

[coderabbitai]

Walkthrough

A new GitHub Actions workflow is introduced that triggers on PR events to orchestrate Docker image building. The workflow implements fork-aware behavior, managing PR comments, extracting Git metadata, handling registry authentication, and controlling concurrency for same-branch builds.

Changes

Cohort / File(s)	Summary
New Docker Build Workflow .github/workflows/docker-build-pr.yaml	+282 lines: Workflow configuration for PR-triggered Docker builds with fork detection, multi-step build caching, PR comment management (create/update/cleanup), registry authentication for non-fork PRs, image push/build-only logic, concurrency control, and structured success/failure reporting with Helm guidance.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the primary change: adding a GitHub Action workflow to build and push Docker images on pull requests.
Description check	✅ Passed	The description is directly related to the changeset, providing relevant details about the workflow's functionality including image building, GCP registry pushes, PR comments, and fork-aware behavior.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch claude/review-image-workflow-wLnu7

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Docker image ready for dccb865 (built in 2m 42s)

• us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:dccb865

⚠️ Warning: does not support ARM (ARM images are built on release only - not on every PR)

Use this tag to pull the image for testing.

📋 Copy commands

⚠️ Temporary images are deleted after 30 days. Copy to a permanent registry before using them:

gcloud auth configure-docker us-central1-docker.pkg.dev
docker pull us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:dccb865
docker tag us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:dccb865 me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:dccb865
docker push me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:dccb865

Patch Helm values in one line:

helm upgrade --install robusta robusta/robusta \
  --reuse-values \
  --set runner.image=me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:dccb865

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.github/workflows/docker-build-pr.yaml:
- Around line 7-10: The concurrency group uses docker-build-${{ github.head_ref
}} which can collide across forks with identical branch names; update the group
to include the pull request identifier (for example docker-build-${{
github.event.pull_request.number }} or docker-build-${{
github.event.pull_request.number }}-${{ github.head_ref }}) so each PR gets a
unique concurrency key, keeping cancel-in-progress: true unchanged; modify the
concurrency.group value accordingly in the workflow.
- Around line 104-109: The Helm command strings use double-escaped backslashes
('\\\\') causing output to show double backslashes; locate the Helm upgrade
lines in the workflow where the strings contain 'helm upgrade --install robusta
robusta/robusta \\\\' and '  --reuse-values \\\\' and replace each
double-escaped backslash with a single escaped backslash ('\\') so the rendered
comment shows a single backslash line-continuation (matching the other success
comment) while preserving YAML/string escaping.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 42ed013 and 0d837c1.

📒 Files selected for processing (1)

• .github/workflows/docker-build-pr.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: run_tests
• GitHub Check: build

🔇 Additional comments (2)

.github/workflows/docker-build-pr.yaml (2)

100-101: Verify the target registry region for permanent images.

The workflow pushes temporary images to us-central1 but instructs users to copy permanent images to me-west1 (Middle East). If this is intentional (e.g., your development registry is in Middle East), this is fine. Otherwise, it might be a typo for us-west1.

---

194-282: Well-structured final status comment implementation.

Good use of:

• if: always() to ensure the comment is updated on both success and failure
• Marker-based idempotent comment updates
• Build duration calculation
• Conditional messaging based on job status
• Collapsible details for copy commands