diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 1e1d1be..4eab69a 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -26,6 +26,15 @@ on: description: 'Specific image name (optional, leave empty for all in layer)' required: false type: string + notify_target: + description: 'Which orchestrator(s) to notify after publish' + default: 'both' + type: choice + options: + - both + - production + - staging + - none concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -482,3 +491,100 @@ jobs: -f visibility=public || true env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # ============================================ + # NOTIFY ORCHESTRATOR OF IMAGE UPDATES + # ============================================ + resolve-notify-targets: + if: always() && !cancelled() + needs: + - build-infra-base + - build-infra-rust + - build-infra-go + - build-infra-foundry + - build-infra-scientific-python + runs-on: ubuntu-latest + outputs: + notify_production: ${{ steps.resolve.outputs.notify_production }} + notify_staging: ${{ steps.resolve.outputs.notify_staging }} + steps: + - name: Resolve notification targets + id: resolve + env: + EVENT_NAME: ${{ github.event_name }} + NOTIFY_TARGET: ${{ inputs.notify_target }} + run: | + results=("${{ needs.build-infra-base.result }}" \ + "${{ needs.build-infra-rust.result }}" \ + "${{ needs.build-infra-go.result }}" \ + "${{ needs.build-infra-foundry.result }}" \ + "${{ needs.build-infra-scientific-python.result }}") + should_notify=false + for r in "${results[@]}"; do + if [ "$r" = "success" ]; then + should_notify=true + break + fi + done + notify_production=false + notify_staging=false + if [ "$should_notify" = "true" ]; then + case "$EVENT_NAME:$NOTIFY_TARGET" in + workflow_dispatch:production) + notify_production=true + ;; + workflow_dispatch:staging) + notify_staging=true + ;; + workflow_dispatch:none) + ;; + *) + notify_production=true + notify_staging=true + ;; + esac + fi + echo "notify_production=${notify_production}" >> "$GITHUB_OUTPUT" + echo "notify_staging=${notify_staging}" >> "$GITHUB_OUTPUT" + + notify-orchestrator-production: + if: needs.resolve-notify-targets.outputs.notify_production == 'true' + needs: resolve-notify-targets + runs-on: ubuntu-latest + environment: production + steps: + - name: Notify production orchestrator of catalog update + env: + ORCHESTRATOR_ADMIN_URL: ${{ secrets.ORCHESTRATOR_ADMIN_URL }} + ORCHESTRATOR_ADMIN_API_KEY: ${{ secrets.ORCHESTRATOR_ADMIN_API_KEY }} + run: | + if [ -z "$ORCHESTRATOR_ADMIN_URL" ] || [ -z "$ORCHESTRATOR_ADMIN_API_KEY" ]; then + echo "::warning::Orchestrator secrets not configured, skipping catalog notification" + exit 0 + fi + curl -sf --max-time 30 -X POST \ + "${ORCHESTRATOR_ADMIN_URL}/catalog/notify-update" \ + -H "Authorization: Bearer ${ORCHESTRATOR_ADMIN_API_KEY}" \ + -H "Content-Type: application/json" \ + -d '{}' + + notify-orchestrator-staging: + if: needs.resolve-notify-targets.outputs.notify_staging == 'true' + needs: resolve-notify-targets + runs-on: ubuntu-latest + environment: staging + steps: + - name: Notify staging orchestrator of catalog update + env: + ORCHESTRATOR_ADMIN_URL: ${{ secrets.ORCHESTRATOR_ADMIN_URL }} + ORCHESTRATOR_ADMIN_API_KEY: ${{ secrets.ORCHESTRATOR_ADMIN_API_KEY }} + run: | + if [ -z "$ORCHESTRATOR_ADMIN_URL" ] || [ -z "$ORCHESTRATOR_ADMIN_API_KEY" ]; then + echo "::warning::Orchestrator secrets not configured, skipping catalog notification" + exit 0 + fi + curl -sf --max-time 30 -X POST \ + "${ORCHESTRATOR_ADMIN_URL}/catalog/notify-update" \ + -H "Authorization: Bearer ${ORCHESTRATOR_ADMIN_API_KEY}" \ + -H "Content-Type: application/json" \ + -d '{}'