ci(ecr): publish seitask-runner image on push to main (PR 8)#291
Merged
Conversation
Extends the existing publish job with a second build/push step for the seitask-runner image. The runner is the orchestration container the Chaos Mesh Workflows in scenarios/ use to apply SeiNodeTask CRs. Same job, same OIDC role, same ECR login, same buildx setup, same shared build cache — only an additional build-push step pointing at runner/Dockerfile with the seitask-runner repo tag. Both images get the same tag on each push (`<short-sha>` or the manual `tag` workflow_dispatch input) so the controller + runner pair is addressable as one logical release. Prerequisite: the ECR repository `sei/seitask-runner` must exist in account 189176372795 before this workflow runs (manual one-time setup; the action does not auto-create repos). Filing as a separate runbook note in the platform docs. After this lands, scenarios/README.md's "runner image not yet auto-published" prerequisite (item 4) can be flipped to: registry/sei/seitask-runner:<sha-of-controller-release>
|
You have used all Bugbot PR reviews included in your free trial for your GitHub account on this workspace. To continue using Bugbot reviews, enable Bugbot for your team in the Cursor dashboard. |
bdchatham
added a commit
that referenced
this pull request
May 19, 2026
…ilds (#293) PR #291 added the seitask-runner image to the ECR publish workflow, but the build fails at: COPY --from=builder /workspace/runner/templates /templates ERROR: failed to compute cache key: "/workspace/runner/templates": not found Root cause: .dockerignore is whitelist-style — it ignores everything (**) and re-includes only *.go, go.mod, go.sum, and *.sh. The runner/templates/ directory's .yaml.tmpl files were never on the re-include list because the controller image doesn't need them. The runner image does — they're baked into /templates/ at build time so the runner can render per-kind manifests at runtime. Add `!runner/templates/**` to the re-include list. Confirmed locally: `docker build -f runner/Dockerfile .` completes successfully. Same root cause as #287 (CRD generated but missed from config/crd/kustomization.yaml): a new component lands but the "what-to-include" list elsewhere doesn't pick it up. Worth filing a follow-up that lint-checks dockerignore re-includes against the runner Dockerfile's COPY paths, paralleling the kustomization check already on the followup list.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Extends
.github/workflows/ecr.ymlto publish theseitask-runnerimage alongside the controller on every push to main and onworkflow_dispatch.Workstream
Follow-up to the SeiNodeTask MVP workstream:
scenarios/major-upgrade.yaml's "runner image not yet auto-published" prerequisite goes away — operators can pin to<registry>/sei/seitask-runner:<sha>for any merge to main.Change
One additional
docker/build-push-action@v6step in the existingpublishjob. Reuses:sei/build-cache:shared) — both images contribute layers to one cache targetThe only difference from the controller step:
file: runner/Dockerfileand theseitask-runnerrepo tag.Also gave the existing controller step an explicit
name:for symmetry with the new step.Tag synchronization
Both images get the same tag per run (
<short-sha>or thetagworkflow_dispatch input). This means the controller image and the runner image at any given commit are addressable as one logical release pair. If you pin the controller to:abc1234, you pin the runner to:abc1234too.Prerequisite
The ECR repository
sei/seitask-runnermust exist in account189176372795before the workflow runs. This is a one-time manual setup; this action does not auto-create repositories. Plan to file the runbook note in the platform docs.Test plan
python3 -c 'import yaml; yaml.safe_load(...)'parses cleanlysei/seitask-runner:<sha>(requires the repo to be pre-created)scenarios/README.mdPrerequisites item 4 to point to the auto-published image (small follow-up after the first successful publish run)🤖 Generated with Claude Code