From 12a62a91cf8b6cc97881c81e23fe09b9998f73cc Mon Sep 17 00:00:00 2001 From: Andrew Noyes Date: Fri, 12 Jun 2026 12:16:34 -0400 Subject: [PATCH] Track the CI image hash with a label instead of a tag Pushing per-hash tags accumulates multi-GB versions in the registry, and package cleanup rules can't distinguish the hash tags that the latest-{arch} tags currently point to from stale ones. Push only latest-{arch} and record the Dockerfile hash as an image label; the skip-rebuild check reads the label back via buildx imagetools. --- .gitea/workflows/ci.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 249e072..03ef8a1 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -24,18 +24,14 @@ jobs: - name: Build and push image if changed run: | image=git.weaselab.dev/weaselab/conflict-set-ci - tag="$(sha256sum Dockerfile .pre-commit-config.yaml | sha256sum | cut -c 1-16)-${{ matrix.arch }}" - latest=latest-${{ matrix.arch }} - if docker manifest inspect "$image:$tag" > /dev/null 2>&1; then - if [ "$(docker manifest inspect "$image:$tag")" = "$(docker manifest inspect "$image:$latest" 2> /dev/null)" ]; then - echo "$image:$latest is up to date" - else - docker pull "$image:$tag" - docker tag "$image:$tag" "$image:$latest" - docker push "$image:$latest" - fi + hash="$(sha256sum Dockerfile .pre-commit-config.yaml | sha256sum | cut -c 1-16)" + latest="$image:latest-${{ matrix.arch }}" + current="$(docker buildx imagetools inspect "$latest" \ + --format '{{index .Image.Config.Labels "dev.weaselab.ci-hash"}}' 2> /dev/null || true)" + if [ "$current" = "$hash" ]; then + echo "$latest is up to date" else - docker build --push -t "$image:$tag" -t "$image:$latest" . + docker build --push --label "dev.weaselab.ci-hash=$hash" -t "$latest" . fi pre-commit: