From 80efa8d48d8c1fd55803dfe022753a700edc154d Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Fri, 11 Jul 2025 15:35:00 -0700 Subject: [PATCH 01/16] testing composite action --- .github/workflows/ci.yml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cc284e78618..5d90cfb4380 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -467,16 +467,13 @@ jobs: - name: Build and push to ghcr.io if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" - run: | - docker login --username '${{ github.actor }}' --password '${{ secrets.GITHUB_TOKEN }}' ghcr.io - - docker buildx build \ - --platform "${PLATFORMS}" \ - --tag "${DOCKER_IMAGE}:${REVISION}" \ - $( [[ "${IS_MASTER}" == "true" ]] && printf %s "--tag ${DOCKER_IMAGE}:nightly" ) \ - --file Dockerfile.release \ - --push \ - . + uses: getsentry/action-build-and-push-images@3e678a5b35eb78afec14922aa822c8923a2d2e32 + with: + image_name: "${{ matrix.image_name }}" + platforms: "${PLATFORMS}" + dockerfile: "./Dockerfile.release" + publish_to_ghcr: true + publish_to_gar: false - name: Build and publish docker artifact if: "github.event.pull_request.head.repo.fork || github.actor == 'dependabot[bot]'" @@ -572,7 +569,7 @@ jobs: matrix: image_name: ["relay"] # Don't publish relay-pop (for now) - if: github.event_name == 'merge_group' + if: github.event_name == 'merge_group' env: GHCR_DOCKER_IMAGE: "ghcr.io/getsentry/${{ matrix.image_name }}" From 10fffcb76e7831af8cccedccd31e59592fb4ad0c Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Fri, 11 Jul 2025 15:56:52 -0700 Subject: [PATCH 02/16] try just Dockerfile.release --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5d90cfb4380..89bf8cfd1f3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -471,7 +471,7 @@ jobs: with: image_name: "${{ matrix.image_name }}" platforms: "${PLATFORMS}" - dockerfile: "./Dockerfile.release" + dockerfile: "Dockerfile.release" publish_to_ghcr: true publish_to_gar: false From 2692c75363465ae5b9f12fda46d74a3f1e0b1875 Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Fri, 11 Jul 2025 16:01:49 -0700 Subject: [PATCH 03/16] use right input param --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 89bf8cfd1f3..019c33530be 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -471,7 +471,7 @@ jobs: with: image_name: "${{ matrix.image_name }}" platforms: "${PLATFORMS}" - dockerfile: "Dockerfile.release" + dockerfile_path: "./Dockerfile.release" publish_to_ghcr: true publish_to_gar: false From 1aad043e40c092295ed7b3c5aca93ef44f2bde6a Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Fri, 11 Jul 2025 16:06:23 -0700 Subject: [PATCH 04/16] use correct inputs once more --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 019c33530be..280246dfa3a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -470,10 +470,10 @@ jobs: uses: getsentry/action-build-and-push-images@3e678a5b35eb78afec14922aa822c8923a2d2e32 with: image_name: "${{ matrix.image_name }}" - platforms: "${PLATFORMS}" + platform: "${PLATFORMS}" dockerfile_path: "./Dockerfile.release" - publish_to_ghcr: true - publish_to_gar: false + ghcr: true + gar: false - name: Build and publish docker artifact if: "github.event.pull_request.head.repo.fork || github.actor == 'dependabot[bot]'" From 4be28dd94c95f4827b85fdb7d5a470cb81393e80 Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Thu, 17 Jul 2025 14:44:22 -0700 Subject: [PATCH 05/16] bump sha and change inputs --- .github/workflows/ci.yml | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 280246dfa3a..2f655d7d889 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -449,17 +449,10 @@ jobs: matrix: image_name: ${{ fromJson(needs.build-setup.outputs.image_names) }} - env: - PLATFORMS: "${{ join(fromJson(needs.build-setup.outputs.platforms), ',') }}" - DOCKER_IMAGE: "ghcr.io/getsentry/${{ matrix.image_name }}" - REVISION: "${{ github.event.pull_request.head.sha || github.sha }}" + env: + PLATFORMS: "${{ join(fromJson(needs.build-setup.outputs.platforms), ',') }}" steps: - - uses: actions/checkout@v4 - - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - uses: actions/download-artifact@v4 with: pattern: "${{ matrix.image_name }}@*" @@ -467,23 +460,14 @@ jobs: - name: Build and push to ghcr.io if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" - uses: getsentry/action-build-and-push-images@3e678a5b35eb78afec14922aa822c8923a2d2e32 + uses: getsentry/action-build-and-push-images@845ca2858b930130fc39268d7df9e60fe5009e0c with: - image_name: "${{ matrix.image_name }}" - platform: "${PLATFORMS}" + image_name: ${{ matrix.image_name }} + platforms: $PLATFORMS dockerfile_path: "./Dockerfile.release" ghcr: true - gar: false - - - name: Build and publish docker artifact - if: "github.event.pull_request.head.repo.fork || github.actor == 'dependabot[bot]'" - run: | - docker buildx build \ - --platform "${PLATFORMS}" \ - --tag "${DOCKER_IMAGE}:${REVISION}" \ - --file Dockerfile.release \ - --output type=docker,dest=${{ matrix.image_name }}-docker-image \ - . + google_ar: false + publish_on_pr: true - name: Upload docker image if: "github.event.pull_request.head.repo.fork || github.actor == 'dependabot[bot]'" From 605664d53a4a96e6238beffe727dc482b5907f49 Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Thu, 17 Jul 2025 14:50:25 -0700 Subject: [PATCH 06/16] fix indent --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2f655d7d889..cb2ed7296d2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -449,8 +449,8 @@ jobs: matrix: image_name: ${{ fromJson(needs.build-setup.outputs.image_names) }} - env: - PLATFORMS: "${{ join(fromJson(needs.build-setup.outputs.platforms), ',') }}" + env: + PLATFORMS: "${{ join(fromJson(needs.build-setup.outputs.platforms), ',') }}" steps: - uses: actions/download-artifact@v4 From e44a44b660c80e9c158c21a466d8e6010ed98900 Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Tue, 22 Jul 2025 13:04:12 -0700 Subject: [PATCH 07/16] pass correct arg in --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cb2ed7296d2..a1992d612a5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -463,7 +463,7 @@ jobs: uses: getsentry/action-build-and-push-images@845ca2858b930130fc39268d7df9e60fe5009e0c with: image_name: ${{ matrix.image_name }} - platforms: $PLATFORMS + platforms: ${{ env.PLATFORMS }} dockerfile_path: "./Dockerfile.release" ghcr: true google_ar: false From 905dfc48630142d4bc6e93804fc0a58ea9efaa8b Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Tue, 22 Jul 2025 13:28:33 -0700 Subject: [PATCH 08/16] add actions checkout --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a1992d612a5..24962aee14b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -458,6 +458,8 @@ jobs: pattern: "${{ matrix.image_name }}@*" merge-multiple: true + - uses: actions/checkout@v4 + - name: Build and push to ghcr.io if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" uses: getsentry/action-build-and-push-images@845ca2858b930130fc39268d7df9e60fe5009e0c From 6ce5c1aebd7122de51af0a3538eb2993bbe6f030 Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Tue, 22 Jul 2025 13:55:09 -0700 Subject: [PATCH 09/16] move checkout to before download artifact --- .github/workflows/ci.yml | 36 +++++++++++------------------------- 1 file changed, 11 insertions(+), 25 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 24962aee14b..b7dba2a1fbb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -453,13 +453,13 @@ jobs: PLATFORMS: "${{ join(fromJson(needs.build-setup.outputs.platforms), ',') }}" steps: + - uses: actions/checkout@v4 + - uses: actions/download-artifact@v4 with: pattern: "${{ matrix.image_name }}@*" merge-multiple: true - - uses: actions/checkout@v4 - - name: Build and push to ghcr.io if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" uses: getsentry/action-build-and-push-images@845ca2858b930130fc39268d7df9e60fe5009e0c @@ -504,21 +504,6 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - # Logic taken from: publish-to-gcr - - name: Google Auth - id: auth - uses: google-github-actions/auth@v2 - with: - workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool - service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com - - - name: Configure docker - run: | - gcloud auth configure-docker us-central1-docker.pkg.dev - # Logic taken from: build-docker - uses: actions/download-artifact@v4 with: @@ -536,14 +521,15 @@ jobs: done - name: Build and push to Internal AR - run: | - docker buildx build \ - --platform "${PLATFORMS}" \ - --tag "${AR_DOCKER_IMAGE}:${REVISION}" \ - $( [[ "${IS_MASTER}" == "true" ]] && printf %s "--tag ${AR_DOCKER_IMAGE}:latest" ) \ - --file Dockerfile.release \ - --push \ - . + uses: getsentry/action-build-and-push-images@845ca2858b930130fc39268d7df9e60fe5009e0c + with: + image_name: ${{ matrix.image_name }} + platforms: ${{ env.PLATFORMS }} + dockerfile_path: "Dockerfile.release" + ghcr: false + google_ar: true + workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool + service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com publish-to-dockerhub: needs: [build-setup, build-docker] From e9fceeb564178531f994af903ba3be3081b37603 Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Tue, 22 Jul 2025 14:07:04 -0700 Subject: [PATCH 10/16] fix internal AR args --- .github/workflows/ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b7dba2a1fbb..7d12bf23930 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -528,8 +528,9 @@ jobs: dockerfile_path: "Dockerfile.release" ghcr: false google_ar: true - workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool - service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com + google_ar_image_name: ${{ env.AR_DOCKER_IMAGE }} + google_workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool + google_service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com publish-to-dockerhub: needs: [build-setup, build-docker] From 1eefa03fc4f55d0792811005b339fbd53e09a12d Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Wed, 23 Jul 2025 16:35:37 -0700 Subject: [PATCH 11/16] publish on pr relay for internal ar --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7d12bf23930..bae3285521e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -527,6 +527,7 @@ jobs: platforms: ${{ env.PLATFORMS }} dockerfile_path: "Dockerfile.release" ghcr: false + publish_on_pr: true google_ar: true google_ar_image_name: ${{ env.AR_DOCKER_IMAGE }} google_workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool From da3e4127eec94013ef1c19a1462dc2cdd3554fd2 Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Wed, 23 Jul 2025 16:49:31 -0700 Subject: [PATCH 12/16] bump sha --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bae3285521e..3ae4d4ec1bd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -521,7 +521,7 @@ jobs: done - name: Build and push to Internal AR - uses: getsentry/action-build-and-push-images@845ca2858b930130fc39268d7df9e60fe5009e0c + uses: getsentry/action-build-and-push-images@cb4206c1367563e36f57239f9bcbca800614df09 with: image_name: ${{ matrix.image_name }} platforms: ${{ env.PLATFORMS }} From dfef843d47a40c3b6042ebdd83525e5acbbf7fcb Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Wed, 23 Jul 2025 16:51:14 -0700 Subject: [PATCH 13/16] fix syntax error --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3ae4d4ec1bd..fd582483781 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -521,7 +521,7 @@ jobs: done - name: Build and push to Internal AR - uses: getsentry/action-build-and-push-images@cb4206c1367563e36f57239f9bcbca800614df09 + uses: getsentry/action-build-and-push-images@ef6319b9c3bcea62400fb31b2379bc0082043f01 with: image_name: ${{ matrix.image_name }} platforms: ${{ env.PLATFORMS }} From 16e6aa1ebcbd4198243b8e356f2e34a128386c56 Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Wed, 23 Jul 2025 17:07:36 -0700 Subject: [PATCH 14/16] bump sha again --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fd582483781..4f2a06bdf5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -462,7 +462,7 @@ jobs: - name: Build and push to ghcr.io if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" - uses: getsentry/action-build-and-push-images@845ca2858b930130fc39268d7df9e60fe5009e0c + uses: getsentry/action-build-and-push-images@7a95ee2424cf3ab7ea99f5d753911546ad6460cc with: image_name: ${{ matrix.image_name }} platforms: ${{ env.PLATFORMS }} @@ -521,7 +521,7 @@ jobs: done - name: Build and push to Internal AR - uses: getsentry/action-build-and-push-images@ef6319b9c3bcea62400fb31b2379bc0082043f01 + uses: getsentry/action-build-and-push-images@7a95ee2424cf3ab7ea99f5d753911546ad6460cc with: image_name: ${{ matrix.image_name }} platforms: ${{ env.PLATFORMS }} From e0b43599012e8926140f49ed75dff90e1a535f02 Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Wed, 23 Jul 2025 17:30:53 -0700 Subject: [PATCH 15/16] try again --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4f2a06bdf5f..566945ddc48 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -521,7 +521,7 @@ jobs: done - name: Build and push to Internal AR - uses: getsentry/action-build-and-push-images@7a95ee2424cf3ab7ea99f5d753911546ad6460cc + uses: getsentry/action-build-and-push-images@a97547ab68a7e6c555d57297806727f61a97b177 with: image_name: ${{ matrix.image_name }} platforms: ${{ env.PLATFORMS }} From f743c2c0154a5590ed0e86c9b674b34035b8f6fa Mon Sep 17 00:00:00 2001 From: Hubert Deng Date: Mon, 11 Aug 2025 16:47:11 -0700 Subject: [PATCH 16/16] bump sha --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 566945ddc48..549690a66a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -462,7 +462,7 @@ jobs: - name: Build and push to ghcr.io if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" - uses: getsentry/action-build-and-push-images@7a95ee2424cf3ab7ea99f5d753911546ad6460cc + uses: getsentry/action-build-and-push-images@444c0a2100a99eff7c7f24371241b6faf959d71d with: image_name: ${{ matrix.image_name }} platforms: ${{ env.PLATFORMS }} @@ -521,7 +521,7 @@ jobs: done - name: Build and push to Internal AR - uses: getsentry/action-build-and-push-images@a97547ab68a7e6c555d57297806727f61a97b177 + uses: getsentry/action-build-and-push-images@444c0a2100a99eff7c7f24371241b6faf959d71d with: image_name: ${{ matrix.image_name }} platforms: ${{ env.PLATFORMS }}