Skip to content
Publish (cohere)

chore: remove feature branch from push trigger #12

Sign in to view logs

chore: remove feature branch from push trigger

chore: remove feature branch from push trigger #12

Workflow file for this run

.github/workflows/publish-cohere.yaml at 6b30b37
---
# Publish Cohere-fork artifacts to GHCR on every push to `cohere`.
#
# Builds the *release* CAA image only (no libvirt); upstream's reusable
# caa_build_and_push.yaml has a hardcoded matrix that builds dev+release in
# parallel, so we inline the release path here to avoid wasting an hour of CI
# on a libvirt build we don't ship. peerpod-ctrl is also inlined (amd64-only,
# GCP build tags) because upstream's reusable hardcodes all four arches.
#
# Tags produced (push to cohere):
# ghcr.io/cohere-ai/cloud-api-adaptor/cloud-api-adaptor:latest-cohere
# ghcr.io/cohere-ai/cloud-api-adaptor/cloud-api-adaptor:<12-char-sha>
# ghcr.io/cohere-ai/cloud-api-adaptor/peerpod-ctrl:latest-cohere
# ghcr.io/cohere-ai/cloud-api-adaptor/peerpod-ctrl:<12-char-sha>
# ghcr.io/cohere-ai/cloud-api-adaptor/charts/peerpods:0.0.0-dev.cohere
#
# The chart always publishes to the floating `0.0.0-dev.cohere` tag here —
# mirroring upstream's `0.0.0-dev` convention for main-branch pushes — so we
# never silently overwrite a real Chart.yaml version. Real SemVer chart tags
# (e.g. 0.1.4-cohere.2) are produced by publish-cohere-release.yaml on release
# events and match the GH Release tag, not Chart.yaml on disk at push time.
name: Publish (cohere)
on:
push:
branches: [cohere]
workflow_dispatch:
concurrency:
group: publish-cohere-${{ github.ref }}
cancel-in-progress: false
permissions: {}
env:
REGISTRY: ghcr.io/cohere-ai/cloud-api-adaptor
jobs:
tags:
name: Compute tags
runs-on: ubuntu-24.04
outputs:
release_tags: ${{ steps.t.outputs.release_tags }}
image_tags: ${{ steps.t.outputs.image_tags }}
steps:
- name: Derive tag list from commit SHA
id: t
env:
SHA: ${{ github.sha }}
run: |
short="${SHA:0:12}"
echo "release_tags=latest-cohere,${short}" >> "$GITHUB_OUTPUT"
echo "image_tags=latest-cohere,${short}" >> "$GITHUB_OUTPUT"
caa:
name: Build CAA image (release, amd64)
needs: tags
runs-on: ubuntu-24.04
permissions:
contents: read # checkout the cohere ref
packages: write # push image manifests to GHCR
defaults:
run:
working-directory: src/cloud-api-adaptor
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
ref: ${{ github.sha }}
- name: Read Go version from versions.yaml
run: |
command -v yq || sudo snap install yq
go_version="$(yq '.tools.golang' versions.yaml)"
[ -n "$go_version" ]
echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV"
- name: Setup Go ${{ env.GO_VERSION }}
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/go.sum"
cache: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Login to GHCR
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push release image
uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
env:
REGISTRY: ${{ env.REGISTRY }}
RELEASE_TAGS: ${{ needs.tags.outputs.release_tags }}
with:
timeout_minutes: 60
retry_wait_seconds: 120
max_attempts: 3
command: |
cd src/cloud-api-adaptor && \
ARCHES=linux/amd64 \
RELEASE_BUILD=true \
RELEASE_TAGS="${RELEASE_TAGS}" \
make image registry="${REGISTRY}"
peerpod-ctrl:
name: Build peerpod-ctrl image (amd64)
needs: tags
runs-on: ubuntu-24.04
permissions:
contents: read # checkout the cohere ref
packages: write # push image manifests to GHCR
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
ref: ${{ github.sha }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Login to GHCR
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Determine image tags
id: tags
env:
IMAGE_TAGS: ${{ needs.tags.outputs.image_tags }}
REGISTRY: ${{ env.REGISTRY }}
run: |
tags_csv=""
for t in ${IMAGE_TAGS//,/ }; do
tags_csv+="${REGISTRY}/peerpod-ctrl:${t},"
done
echo "tags=${tags_csv%,}" >> "$GITHUB_OUTPUT"
- name: Build and push
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
tags: ${{ steps.tags.outputs.tags }}
push: true
context: src
file: src/peerpod-ctrl/Dockerfile
platforms: linux/amd64
build-args: |
GOFLAGS=-tags=gcp
chart:
name: Publish peerpods Helm chart
uses: ./.github/workflows/peerpods-chart_image.yaml
with:
git_ref: ${{ github.sha }}
# Floating dev tag — mirrors upstream's `0.0.0-dev` convention for
# main-branch pushes. Real SemVer is reserved for release events.
chart_version: "0.0.0-dev.cohere"
permissions:
contents: read # checkout the cohere ref
packages: write # push chart artifact to GHCR
id-token: write # OIDC token for actions/attest sigstore signing
attestations: write # write build provenance attestations
artifact-metadata: write # actions/attest writes attestation metadata