| ci: run docker build on PRs + smoke test arm64
Adds pull_request trigger to docker-publish.yml so PRs that touch
Dockerfile / docker/ / pyproject.toml / uv.lock / the workflow itself
verify the image builds cleanly before merge. Previously, Dockerfile
regressions (e.g. a stale uv.lock, a typo'd dep) would only surface
after merge when the docker-publish workflow ran on main.
Build-verify-only on PRs: the per-arch jobs run their load: true
build + smoke test, but the push-by-digest + artifact upload steps
remain gated on push-to-main or release. The merge and
move-latest jobs stay excluded from PRs by their existing if:
gates, so :latest and SHA tags are never touched from PR runs.
Concurrency: PR runs use a PR-scoped group (docker-<pr_number>)
with cancel-in-progress: true so rapid pushes to the same PR
collapse to the latest commit. Push/release runs keep
cancel-in-progress: false — every merge still gets its own
SHA-tagged image.
Also adds arm64 smoke tests (previously amd64-only): the image is
now built with load: true on arm64 too, then docker run --help +
dashboard --help smoke tests run identically on both arches. Both
smoke test blocks were extracted into a new composite action at
.github/actions/hermes-smoke-test to keep the two jobs DRY.
New files:
- .github/actions/hermes-smoke-test/action.yml
Modified:
- .github/workflows/docker-publish.yml
| 26 天前 |