From 7984bde07437c443fc0fdc1f670979cf91bb2b59 Mon Sep 17 00:00:00 2001 From: Donovan Tjemmes Date: Mon, 9 Mar 2026 21:24:11 -0500 Subject: [PATCH 1/2] ci: notify orchestrator after successful image builds --- .github/workflows/docker-publish.yml | 46 ++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 1e1d1be..48b2bda 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -482,3 +482,49 @@ jobs: -f visibility=public || true env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # ============================================ + # NOTIFY ORCHESTRATOR OF IMAGE UPDATES + # ============================================ + notify-orchestrator: + if: always() && !cancelled() + needs: + - build-infra-base + - build-infra-rust + - build-infra-go + - build-infra-foundry + - build-infra-scientific-python + runs-on: ubuntu-latest + steps: + - name: Check if any build succeeded + id: check + run: | + # Only notify if at least one build job succeeded + results=("${{ needs.build-infra-base.result }}" \ + "${{ needs.build-infra-rust.result }}" \ + "${{ needs.build-infra-go.result }}" \ + "${{ needs.build-infra-foundry.result }}" \ + "${{ needs.build-infra-scientific-python.result }}") + for r in "${results[@]}"; do + if [ "$r" = "success" ]; then + echo "should_notify=true" >> "$GITHUB_OUTPUT" + exit 0 + fi + done + echo "should_notify=false" >> "$GITHUB_OUTPUT" + + - name: Notify orchestrator of catalog update + if: steps.check.outputs.should_notify == 'true' + env: + ORCHESTRATOR_ADMIN_URL: ${{ secrets.ORCHESTRATOR_ADMIN_URL }} + ORCHESTRATOR_ADMIN_API_KEY: ${{ secrets.ORCHESTRATOR_ADMIN_API_KEY }} + run: | + if [ -z "$ORCHESTRATOR_ADMIN_URL" ] || [ -z "$ORCHESTRATOR_ADMIN_API_KEY" ]; then + echo "::warning::Orchestrator secrets not configured, skipping catalog notification" + exit 0 + fi + curl -sf --max-time 30 -X POST \ + "${ORCHESTRATOR_ADMIN_URL}/catalog/notify-update" \ + -H "Authorization: Bearer ${ORCHESTRATOR_ADMIN_API_KEY}" \ + -H "Content-Type: application/json" \ + -d '{}' From 0deda3fa6ec11cf664dfaa7e251b585bcdb2ff1f Mon Sep 17 00:00:00 2001 From: Shady Khalifa Date: Tue, 10 Mar 2026 14:58:45 +0000 Subject: [PATCH 2/2] ci: support environment-scoped orchestrator notifications --- .github/workflows/docker-publish.yml | 78 ++++++++++++++++++++++++---- 1 file changed, 69 insertions(+), 9 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 48b2bda..4eab69a 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -26,6 +26,15 @@ on: description: 'Specific image name (optional, leave empty for all in layer)' required: false type: string + notify_target: + description: 'Which orchestrator(s) to notify after publish' + default: 'both' + type: choice + options: + - both + - production + - staging + - none concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -486,7 +495,7 @@ jobs: # ============================================ # NOTIFY ORCHESTRATOR OF IMAGE UPDATES # ============================================ - notify-orchestrator: + resolve-notify-targets: if: always() && !cancelled() needs: - build-infra-base @@ -495,26 +504,77 @@ jobs: - build-infra-foundry - build-infra-scientific-python runs-on: ubuntu-latest + outputs: + notify_production: ${{ steps.resolve.outputs.notify_production }} + notify_staging: ${{ steps.resolve.outputs.notify_staging }} steps: - - name: Check if any build succeeded - id: check + - name: Resolve notification targets + id: resolve + env: + EVENT_NAME: ${{ github.event_name }} + NOTIFY_TARGET: ${{ inputs.notify_target }} run: | - # Only notify if at least one build job succeeded results=("${{ needs.build-infra-base.result }}" \ "${{ needs.build-infra-rust.result }}" \ "${{ needs.build-infra-go.result }}" \ "${{ needs.build-infra-foundry.result }}" \ "${{ needs.build-infra-scientific-python.result }}") + should_notify=false for r in "${results[@]}"; do if [ "$r" = "success" ]; then - echo "should_notify=true" >> "$GITHUB_OUTPUT" - exit 0 + should_notify=true + break fi done - echo "should_notify=false" >> "$GITHUB_OUTPUT" + notify_production=false + notify_staging=false + if [ "$should_notify" = "true" ]; then + case "$EVENT_NAME:$NOTIFY_TARGET" in + workflow_dispatch:production) + notify_production=true + ;; + workflow_dispatch:staging) + notify_staging=true + ;; + workflow_dispatch:none) + ;; + *) + notify_production=true + notify_staging=true + ;; + esac + fi + echo "notify_production=${notify_production}" >> "$GITHUB_OUTPUT" + echo "notify_staging=${notify_staging}" >> "$GITHUB_OUTPUT" + + notify-orchestrator-production: + if: needs.resolve-notify-targets.outputs.notify_production == 'true' + needs: resolve-notify-targets + runs-on: ubuntu-latest + environment: production + steps: + - name: Notify production orchestrator of catalog update + env: + ORCHESTRATOR_ADMIN_URL: ${{ secrets.ORCHESTRATOR_ADMIN_URL }} + ORCHESTRATOR_ADMIN_API_KEY: ${{ secrets.ORCHESTRATOR_ADMIN_API_KEY }} + run: | + if [ -z "$ORCHESTRATOR_ADMIN_URL" ] || [ -z "$ORCHESTRATOR_ADMIN_API_KEY" ]; then + echo "::warning::Orchestrator secrets not configured, skipping catalog notification" + exit 0 + fi + curl -sf --max-time 30 -X POST \ + "${ORCHESTRATOR_ADMIN_URL}/catalog/notify-update" \ + -H "Authorization: Bearer ${ORCHESTRATOR_ADMIN_API_KEY}" \ + -H "Content-Type: application/json" \ + -d '{}' - - name: Notify orchestrator of catalog update - if: steps.check.outputs.should_notify == 'true' + notify-orchestrator-staging: + if: needs.resolve-notify-targets.outputs.notify_staging == 'true' + needs: resolve-notify-targets + runs-on: ubuntu-latest + environment: staging + steps: + - name: Notify staging orchestrator of catalog update env: ORCHESTRATOR_ADMIN_URL: ${{ secrets.ORCHESTRATOR_ADMIN_URL }} ORCHESTRATOR_ADMIN_API_KEY: ${{ secrets.ORCHESTRATOR_ADMIN_API_KEY }}